Privacy and security

Protecting you and your
patients' data

Absolute privacy and security is our number one priority.
We work with best-practice security protocols to be medico-legally compliant.

Privacy-first approach to platform design

Lyrebird Health is fully compliant with the Australian Privacy Principles and the Australian Privacy Act 1988, particularly APP 3 with respect to personal private information.

All sensitive health information remains within Australian soil and is not processed overseas - ensuring complete data sovereignty. Furthermore, by default Lyrebird Health never stores any information from your consults once it has concluded. Consult notes and documents can be saved upon clinician discretion.

All information is stored on Lyrebird Health’s Australian Amazon Web Services (AWS) infrastructure, fully-encrypted using bank level 256-bit encryption during transit and at rest. Lyrebird Health's Data Processing Agreements with AWS ensures any information stored is only accessible to Lyrebird Health. No party, including AWS, can access or alter information. By default, this information is stored for no longer than 7 days.

During a consult, all audio is transcribed in real-time on Lyrebird Health's Australian servers. At no point in time are audio files saved or permanently stored. The audio stream from the consultation is completely encrypted and securely transferred to Lyrebird Health servers.

All AI & LLM processing occurs on-premise via our Australian servers. No third-party has access to this information. By default, Lyrebird Health immediately deletes this information unless requested to be saved by the practitioner.

MDO Approved

Lyrebird Health has been medico-legally approved for use by Medical Defence Organisations (MDOs).

Lyrebird Health worked closely with MDA National to create their guidelines for Using AI tools for record management in doctor consultations.

The platform upholds clinical best practice at all times. This includes prompting practitioners to obtain consent prior to each consult recording and timestamp consent capturing to protect practitioners.

TGA Compliant

Lyrebird Health is exempt from the Therapeutic Goods Administration Software as a Medical Device (TGA SaMD) regulation.

Lyrebird Health is not intended to replace the clinical judgement of a healthcare professional to make a clinical diagnosis or treatment decision regarding an individual patient.

Lyrebird Health's notes are generated post-consult and are not designed to impact clinical decision-making at any time. It is the responsibility of the clinician to review all documentation generated by Lyrebird Health and ensure its accuracy.

To read more about the TGA SaMD guidelines, refer here.

Access Controls

All access to information is granted based on the fundamental principle of Least Privilege. Dictated by Lyrebird Health's business and security requirements, users granted access is strictly based on absolutely necessity to perform their job functions. Permissions and access rights not granted, are by default prohibited.

Data Retention Policy

Lyrebird Health retains patient data only as long as necessary for clinical use or as required by law.

Consult recordings are automatically deleted after note generation. All generated information is set for automatic deletion after a period of 7 days, by default. Manual deletion is also available at any time.

Contact us

If you have any questions, please don't hesitate to email the Lyrebird Health team at security@lyrebirdhealth.com.