Health information has the highest level of protection under Australian privacy law. If you’re a doctor, specialist, or practice manager using an after-hours answering service, that service is handling health information on your behalf. The legal obligations are yours.
Most practices don’t think about this when choosing an answering service. They should.
What the law says
The Privacy Act 1988 and the Australian Privacy Principles (APPs) set out how health information must be collected, stored, used, and disclosed. Health information includes anything about a person’s health or disability, as well as information collected in the course of providing a health service.
A caller leaving a message saying “I’ve been having chest pain since this afternoon” is health information. A message saying “please call me back about my test results” is health information. Even the fact that someone called a particular doctor’s after-hours line could be considered health information, because it reveals they are a patient of that doctor.
APP 11 is the one that matters most for answering services. It requires you to take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access or disclosure. “Reasonable steps” depends on the sensitivity of the information, and health information is at the top of the sensitivity scale.
What to look for in an answering service
If you’re evaluating answering services for a medical practice, here are the questions you should be asking:
Where is the data stored?
Australian health data should stay in Australia. If your answering service stores recordings or transcriptions on servers in the US, Europe, or Asia, you have a cross-border disclosure issue under APP 8. You become responsible for ensuring the overseas recipient handles the data in accordance with the APPs, which is difficult to enforce in practice.
Smart Pager stores all data on Australian servers in AWS Sydney (ap-southeast-2). Recordings, transcriptions, and metadata never leave the country.
Who has access?
With a human answering service, every operator who handles your calls hears the content of the message. That’s potentially dozens of people across different shifts. Ask your service: how many staff members have access to your callers’ messages? What screening and training have they received? Are they bound by confidentiality agreements?
With Smart Pager, no human operator hears the message. The AI processes the recording locally, and only you and your authorised team members see the transcription. The access surface is dramatically smaller.
Is there an audit trail?
APP 11 requires that you can demonstrate the steps you’ve taken to protect information. If a complaint is made to the OAIC (Office of the Australian Information Commissioner) three years from now, can you show who accessed what message and when?
Smart Pager maintains a tamper-evident audit trail using cryptographic hash chains. Every message receipt, every notification delivery, every access event is logged and verifiable. This isn’t just a database log that could be edited. The hash chain means any tampering is detectable.
How long are recordings retained?
Medical records in Australia generally need to be retained for 7 years from the last date of service (or until the patient turns 25, whichever is later, for minors). After-hours call recordings are part of the clinical record.
Ask your answering service about their retention policy. Many services delete recordings after 30 or 90 days. If you need them for a complaint or legal matter years later, they’re gone.
Smart Pager retains recordings in line with Australian medical records requirements.
Is the data encrypted?
Encryption at rest (stored data is encrypted on disk) and encryption in transit (data is encrypted while being sent between systems) are baseline expectations under APP 11. Ask your answering service about both.
Smart Pager uses encryption at rest on all stored data and HTTPS encryption for all data in transit.
The Notifiable Data Breaches scheme
Since 2018, the Notifiable Data Breaches (NDB) scheme requires organisations to notify the OAIC and affected individuals if a data breach is likely to result in serious harm. Health information breaches almost always meet this threshold because of the sensitivity of the data.
If your answering service has a data breach that exposes your patients’ messages, you’re on the hook. You need to know: does your service have breach detection in place? Will they notify you promptly? Do they have a response plan?
Common compliance gaps in answering services
From what we’ve seen in the Australian market, the most common gaps are:
No data residency guarantee. Many services use international cloud infrastructure without specifying the region. Your data could be in Singapore, Oregon, or Ireland.
No access logging. The service can’t tell you who accessed a specific message or when. If there’s a complaint, you can’t demonstrate compliance.
Short retention periods. Recordings deleted after 30-90 days, well short of the 7-year medical records requirement.
Shared operator pools. Your callers’ messages are handled by the same operators who handle calls for pizza shops and plumbing businesses. There’s no special handling for health information.
No encryption at rest. Data is stored in plain text on the server. If the server is compromised, everything is readable.
What this means in practice
You don’t need to become a privacy lawyer to choose an answering service. But you do need to ask the right questions and get clear answers. If a service can’t tell you where data is stored, who has access, and how long recordings are retained, that’s your answer.
For most medical practices, the compliance requirements point towards a service that stores data in Australia, minimises human access to message content, maintains an audit trail, and retains records for the required period. These aren’t optional features. They’re legal requirements.