Privacy & Security

CMx Workmed uses industry best practices to ensure the security of our platform and the privacy of our users' information. We adhere to the Australian Privacy Principles.

Cookies, Logging & Analytics

We use cookies to manage our user sessions upon logging in. Additional cookies from our analytics software are also present for users regardless of whether they are logged in or not. Like most websites, we use such web analytics software to log visits to our servers. These systems collect information such as your IP address and referring web page. This information helps us to understand how many people use the site, how they find us, and the types of devices they use.

User Data

All visits and user actions performed on the CMx Workmed website use secure encrypted TLS connections. This ensures that user accounts, candidates' medical information, and payment data cannot be intercepted by a third party.

When you sign up to CMx Workmed, we collect the following information from you:

  • Your submissions to the site must be accurate and truthful to the best of your knowledge and belief.
  • You will not spam, harass, threaten, or abuse any other users of the site via any medium.
  • You are allowed one account and one account only. Under no circumstances should any person create or have access to more than one user account on the site. Should your account be terminated, you are not to create a new account, or access any other.
  • Your account must not be used to impersonate any other individual or group. It must represent only you, and must only be accessed by you. No automated tools are permitted to access user accounts on the site.
  • Your account credentials and authentication token are to be kept confidential and not disclosed to any third party for any reason. You take sole responsibility for the security of these.
  • We reserve the right to remove any content and any user account, as well as add or remove any aspect of the service at any time, for any reason, at our sole discretion.

All users' personal information is handled in accordance with the Privacy Act 1988.

Your email address can only be seen by clinic staff that your user account is associated with. Your clinic's email address may also be shared with our payment processor Pin Payments if you are subscribing to CMx Workmed. This email address is used to send receipts.

Your password, by way of the cryptographic hash, is not viewable or recoverable. For this reason forgotten passwords are not retrievable, and in such an event you must request a password reset.

Candidate's Medical Information

CMx Workmed processes sensitive medical information to allow clinics to offer workplace and pre-employment medical exams for client employers in a way that is convenient and secure.

Candidates' medical information is only accessible to their (prospective) employer, as well as the practitioners and staff at the clinic where they are examined. These users can only access this information via an encrypted connection to the site itself, and only with a password-protected user account. CMx Workmed does not share candidates' information with any other entities.

Medical reports generated by the site are the property of the clinic who processed them, and/or the client who engaged the clinic to provide them. Candidates acknowledge when submitting their information that they are not entitled to a copy of the final medical report that CMx Workmed generates. Candidates wishing to access a copy of the report must request it from their (prospective) employer.

Candidates' medical information is deleted from our systems shortly after the clinic and client have retrieved the final medical report. Non-medical information such as the candidate's name and the date of their medical exam are stored indefinitely for logging and billing purposes. Candidates' medical information is never transmitted via email, in accordance with RACGP best practices. All storage and processing of this information is done in Australia.

Payment Data

CMx Workmed does not store your sensitive credit card details on our servers. All sensitive credit card data is handled securely by Pin Payments.

Platform Security

CMx Workmed utilises a wide range of security mechanisms to ensure the security of the information held on the platform. While a defense-in-depth approach dictates that precise system details are omitted, our setup includes:

  • Physical Security - Our server infrastructure resides in a secure data centre facility in Sydney, with power and network redundancy.
  • Infrastructure Security - Two firewall layers (network appliance and OS firewall) restrict connectivity to the server platform. Access to underlying infrastructure requires multi-factor or client certificate-based authentication.
  • Cryptographic Security - TLS encryption is used for all client-server communication. User passwords are stored using uniquely salted hashes - with a strong hashing algorithm - making them irretrievable.
  • Application Security - Industry-leading adoption of security standards such as CSP, strong data validation and sanitisation, and defense against enumeration, brute force, and traversal attacks.

Misuse & Law

We may preserve and provide information to relevant authorities where it is necessary to do so. This may be to comply with external legal requests, follow regulations, or address fraud and security concerns.

Policy Changes

We may change our policies from time to time. This may be done with or without notice, at any time, as the need arises. This privacy policy was last updated on 31 December, 2020.

Should you have any concerns or questions about this privacy policy, feel free to