Security & Data Protection Policy

Last Updated: 01/03/2026

1. Security Philosophy

At Medinex Pty Ltd, security is not an afterthought; it is built into the core of our platform. We recognize that NDIS providers handle highly sensitive information, and we take our responsibility as a data custodian seriously.

2. Data Sovereignty and Residency

Medinex is a proudly Australian company. All primary data and backups are stored exclusively on secure servers located within Australia. This ensures that your data remains subject to Australian privacy laws and meets the expectations of the National Disability Insurance Agency (NDIA).

3. Encryption Standards

We protect data at every stage of its lifecycle:

• In Transit: All data moving between your browser and our servers is protected by TLS 1.2+ (Transport Layer Security).
• At Rest: All participant data, health records, and documents are encrypted using AES-256 bit encryption, the global gold standard.

4. Access Control

We implement a "Least Privilege" model:

• Multi-Factor Authentication (MFA): Required for all administrative and provider accounts.
• Role-Based Access Control (RBAC): Providers can restrict their own staff's access to certain data segments.
• Audit Logs: Every login, data entry, and file download is logged for NDIS compliance audits.

5. Data Breach Response

Medinex complies with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.

• In the event of a suspected data breach, we will conduct an assessment within 30 days.
• If a breach is likely to result in serious harm, we will notify affected users and the OAIC immediately.