Security

Tyro Health stores information necessary for providing our services and only for the period required to meet operational or regulatory responsibilities. Data is processed and stored on cloud infrastructure exclusively hosted in Australia.

Health account information is protected through an advanced tokenisation and encryption system, similar to that employed by leading banks and payment processors.

Sensitive information is encrypted end to end through strong TLS ciphers which provide protection beyond SSL. Our hosting partners abide by best practice security frameworks including ISO 27001, Australian IRAP, SOC 2, SOC 3 and PCI DSS.Our platform enforces technical controls to help prevent abuse, fraudulent transactions and unauthorised disclosure of data.

Our systems are regularly tested by independent security experts and have undergone multiple external reviews including regular vulnerability assessments, full source code reviews, penetration tests, security control and data privacy reviews.

Where a data breach is reported impacted parties will be notified directly or indirectly via a notice on our website.

Tyro health will impose velocity controls to prevent wholesale enumeration Comcare account details. If an excessive number of calls are made in a period, Tyro health or Comcare may suspend your account.

The Tyro Health API key is a highly privileged account token - it should never be displayed or made available for any patient/client facing requests or responses.