AkuruHelp Centre

Is my patient data safe?

i-consult security and privacy: data sovereignty in Australia, time-limited access tokens, DOB verification, role-based access and audit trail. What i-consult is not.

Written by chandra@akuru.com.auReferenceLast reviewed 2 July 2026

Yes. i-consult is built for Australian private clinics and hospitals, and patient data is protected at every step: where it is stored, who can open a questionnaire link, and who can see an episode in the dashboard. This page explains the safeguards in plain language, and is honest about what i-consult is not responsible for clinically.

For detailed security practices, data handling and compliance information, see the Akuru Trust Centre.

Where your data lives

All i-consult data is processed and stored in Australia. This includes patient information, generated medical histories, chat transcripts and clinician records. No patient data leaves Australian infrastructure.

How patients are kept secure

Patient access to the questionnaire is protected by several layers working together.

| Safeguard | What it does |
|---|---|
| Time-limited access token | Each patient receives a unique link containing a cryptographically generated token. The token is valid from 24 hours before the appointment through to one day after the appointment day, and cannot be reused. |
| Date-of-birth verification | Before the questionnaire opens, the patient must confirm their identity by entering their date of birth. This stops anyone who isn't the patient from opening the link. |
| 3-attempt lockout | After three failed date-of-birth attempts, access is locked, preventing anyone from guessing their way in. |
| Secure session | Once verified, the patient's session is held securely for the duration of their questionnaire, so they can pause and resume on the same link without re-verifying every time. |

Who can see what (role-based access)

i-consult enforces role-based access at every level, so each person only sees what they should.

| Role | What they can see |
|---|---|
| Clinicians | Only their own patient episodes. |
| Secretaries | Only episodes for the clinicians they are explicitly associated with. |
| Patients | Only their own questionnaire, via their unique, date-of-birth-verified token. |

The audit trail

Every significant event on an episode is logged: token generation, SMS delivery, the patient's first access, verification attempts (successful and failed), chat start and completion, safety flags, and medical history generation. This gives the practice a comprehensive audit trail for compliance and clinical governance.

What i-consult is, and isn't

i-consult helps your patient organise their history before the appointment. It is a preparation aid, not a clinical decision-maker, and it does not change who is responsible for the patient's care.

i-consult is not informed or written consent. The questionnaire collects pre-consultation history to help you prepare. It does not constitute informed consent, written consent, or any form of clinical agreement. Consent remains a matter for you and your patient during the consultation.

Patient information is self-reported and unverified. The generated medical history is an aid to preparation, not a substitute for history-taking during the consultation. You remain responsible for reviewing, confirming and, where necessary, correcting the history before relying on it for any clinical decision.

Safety detection flags a response for you to review; it is not emergency triage. If a patient's responses suggest a potential safety concern, i-consult can flag the response for the clinician to review. This is not emergency triage, and it does not provide clinical advice, diagnosis or treatment to the patient. i-consult does not assess clinical urgency. If a patient needs urgent help, normal emergency pathways apply, and the clinician remains responsible for clinical follow-up.

漏 2026 Akuru. Built for specialist care.Privacy 路 Terms 路 Clinical governance