For health care providers
MBSPro (the “Website”) is operated by MBSPRO PTY LTD (ACN 682 493 803) of 13 Bundah St, Camp Hill, QLD 4152 ("we", "us", "our"). We provide medical transcription, clinical documentation generation, Medicare billing assistance, and other AI-powered automated services via the MBSPro application (the “Services”).
This Privacy Notice explains how we collect, use, store, and disclose personal information relating to health care providers.
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
All data is stored exclusively in Australia.
If you are a patient, please refer to our Patient Privacy Notice.
What personal information do we collect?
We may collect:
Your name, email address, practice address and mobile phone number
Information relating to your use of the Services
Service enquiries
Feedback, survey responses and professional opinions
Support correspondence
Administrative or billing information (excluding payment card details)
Payments are processed by Stripe, and we do not store payment card information.
Medical practice information
In using the Services, you may provide access to information relating to your patients (“Medical Practice Information”).
We process this information solely on your behalf and only in accordance with your instructions.
You are responsible for maintaining a compliant patient privacy policy and obtaining any required consents.
Security and Processing of Medical Practice Information
We recognise the sensitivity of clinical information. Safeguards include:
All data stored on Australian servers aligned with ISO 27001
Encryption of all data in transit and at rest (TLS 1.2+)
Priority processing within Australia using Australian-hosted voice-to-text and LLM infrastructure
No identifying patient information ever leaves Australia
No audio recordings stored
Real-time consultation summaries visible to you
Automatic deletion of transcripts, summaries and generated documents within 24 hours, or earlier at your instruction
What happens if we cannot collect your personal information?
If you do not provide required information:
We may be unable to provide the Services
We may be unable to contact you about Service updates
How and why do we collect, store, use and disclose your personal information?
We collect and use your personal information to:
Administer, manage and support your account
Provide and improve the Services
Respond to enquiries
Send service updates and educational materials
Provide marketing communications (with your consent)
Monitor performance, reliability and security
Conduct system troubleshooting and quality control
Enforce our policies
Comply with Australian legal obligations
All personal and practice information is stored in Australia.
Who do we disclose your personal information to?
We may disclose your personal information to:
Australian-based technology providers
Professional advisers (lawyers, accountants, auditors)
Contractors supporting security or service operations
Regulatory authorities or government agencies where legally required
We do not disclose your personal information unless:
Legally required, or
You have provided explicit consent
No information is sold or transferred without your consent, except where required by law.
Third parties must:
Use information only for the purpose provided
Maintain confidentiality and security consistent with this Privacy Notice
Do we store information outside Australia?
We store all personal, clinical and non-clinical information exclusively in Australia.We do not transfer any personal information or data obtained from Best Practice outside Australia.
Direct marketing communications
We may send marketing communications with your consent. You may opt out at any time.
How do we keep personal information secure?
Security measures include:
ISO 27001–aligned Australian servers
Encryption in transit and at rest
MFA, audit logging and strict access controls
Routine security assessments
Confidentiality obligations for all staff and contractors
How long do we retain your personal information?
We retain your personal information only for as long as necessary:
Medical Information: deleted immediately after the consult with clinician option to start of maximum of 7 days
After these periods, personal information is permanently deleted or destroyed.
Third party links
We are not responsible for the privacy practices of third-party websites.
How can you access and correct your personal information?
You may request access or correction at any time. If correction is not possible, we will record your disagreement.
Email Address: hello@mbspro.com.au
Attention: Privacy Officer
You may also contact the OAIC at: https://www.oaic.gov.au/privacy/privacy-complaints/
How can you make a complaint?
You can make a complaint about the way we have handled your personal information by contacting us using the details provided above.
You can report a complaint to the Office of the Australian Information Commissioner at: https://www.oaic.gov.au/privacy/privacy-complaints/
