Skip to content
La Trobe University

PCAT

Palliative Care Assessment Tool

PCAT Privacy Policy

Updated

Palliative Care Assessment Tool

This Privacy Policy explains how the Palliative Care Assessment Tool (PCAT) collects, uses, stores, and protects information entered by registered healthcare professionals and clinicians using the platform. PCAT is committed to maintaining the confidentiality and security of all user and patient data in accordance with applicable Australian privacy legislation.

By using PCAT, you agree to the collection and handling of information as described in this policy. This policy applies to all clinicians, healthcare organizations, and administrators who access the platform.

1. Information We Collect

PCAT collects the following categories of information:

Clinician Account Information

  • Full name and professional title
  • Email address and login credentials
  • Healthcare organization or practice affiliation
  • Professional registration details (where applicable)

Patient and Client Data

Clinicians may enter patient information into PCAT as part of conducting assessments. This may include:

  • De-identified or identified patient demographic information
  • Clinical history and palliative care assessment data
  • Assessment scores, outcomes, and clinical notes

Clinicians are responsible for ensuring they have appropriate patient consent and legal authority before entering any identifiable patient information into PCAT, in accordance with their professional obligations and organizational policies.

Platform Usage Information

We collect and process technical and usage information when authorized users access the platform, including:

  • Login and session activity, such as authentication status, session cookies, login attempts, failed login events, password reset/change activity, and account access timestamps.
  • Assessment and feature usage information, such as assessment creation, update and completion records, report versions, clinician/user associated with an assessment, timestamps, selected risk/actions, dashboard metrics, and feature interaction patterns.
  • Security and access log information, such as IP address, blocked IP events, failed login attempts, firewall/security events, browser or device information, and related access logs collected through WordPress, Wordfence, hosting/server logs, and any enabled analytics tools.

2. How We Use Your Information

PCAT uses collected information for the following purposes:

  • To provide and maintain access to the assessment platform
  • To generate assessment results, scores, and clinical reports for clinician use
  • To improve platform functionality and user experience based on usage patterns
  • To communicate important updates, system notifications, and support information to registered users
  • To monitor platform security and prevent unauthorized access

PCAT does not use your information or patient data for advertising, marketing to third parties, or any commercial purpose unrelated to the delivery of the platform.

3. How We Protect Your Information

PCAT applies industry-standard security measures to protect all data stored on the platform:

  • All data is encrypted in transit using TLS (Transport Layer Security) and encrypted at rest
  • Access to the platform is restricted to authenticated users with verified credentials
  • Role-based access controls ensure clinicians can only access records relevant to their scope of practice
  • Regular security audits and vulnerability assessments are conducted
  • Access logs are maintained and monitored for suspicious activity

In the event of a data breach that is likely to result in serious harm, PCAT will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme.

4. Sharing of Information

PCAT does not sell or rent user or patient data to any third party. Information may be shared only in the following limited circumstances:

  • With your healthcare organization or institution, where PCAT is deployed under an organizational license
  • With trusted third-party service providers who assist in operating the platform (e.g., cloud hosting), under strict data processing agreements
  • Where required by law, court order, or regulatory authority

Any third-party service providers engaged by PCAT are required to handle data in compliance with Australian privacy law and are prohibited from using data for any purpose beyond the services they provide to PCAT.

5. Data Retention

PCAT retains clinician account data and associated assessment records for as long as your account remains active or as required to fulfil the purposes outlined in this policy. Upon account deactivation or organizational license expiry, data is retained for a period consistent with applicable health record and legal obligations before secure deletion.

You may request earlier deletion of your personal account information by contacting us directly. Requests to delete patient data should also be directed to us, noting that some records may need to be retained to meet clinical or legal obligations.

6. Legal Compliance

PCAT complies with all applicable Australian privacy legislation, including:

  • The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
  • The Notifiable Data Breaches (NDB) scheme under the Privacy Act
  • Relevant state and territory health records legislation

Where PCAT handles health information, it does so in accordance with the additional protections applicable to sensitive information under the Australian Privacy Principles.

7. Your Rights

As a registered PCAT user, you have the right to:

  • Access the personal information PCAT holds about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal account data, subject to legal retention requirements
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy rights have been breached

To exercise any of these rights, you may update your account details directly via the Settings page or contact us using the details below.

8. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, please contact us:

Prof. Hanan Khalil