$399 + GST Get My Health Check

In about an hour, see exactly where you're exposed, turn your gaps into a prioritised action plan you can track, and get a professional report you can show your insurer, regulator, or clients — no IT knowledge needed.

Allied health practices face unique security challenges.

You work across multiple locations—clinic rooms, client homes, aged care facilities, schools. You access patient records from laptops, tablets, and phones. You share clinical notes with GPs, specialists, and NDIS coordinators. Every touchpoint is a potential vulnerability, and most allied health practices have never assessed whether their setup is actually secure.

Mental health records are especially sensitive. If you're a psychologist, counsellor, or mental health OT, your clinical notes contain information people would never want exposed—trauma histories, relationship issues, mental health diagnoses. A breach doesn't just expose data; it can destroy lives. Your ethical and legal obligations to protect this information are absolute.

AHPRA and the Privacy Act have real consequences.

Your registration board's code of conduct requires you to keep patient information confidential. A preventable data breach can trigger a report to AHPRA — the national health practitioner regulator — and an investigation, with conditions on your registration or worse. The Privacy Act adds penalties up to $50 million for failing to protect health information, which counts as "sensitive information" needing the highest protection. "I'm not a tech person" doesn't excuse weak security.

Medicare and DVA claiming creates additional risk.

Your PRODA credentials connect you to Medicare and DVA systems. Compromised access means fraudulent claims in your name—and explaining to Services Australia why claims were lodged for patients you never saw. Compliance audits are increasing, and your security controls are now part of what they examine.

Mobile practice means mobile risk.

If you visit clients at home, work across multiple sites, or access records from your phone, you face risks that clinic-based practices don't. Lost devices, unsecured WiFi, shoulder surfing, family members with access to your work devices—have you actually thought through how you protect patient information when you're not in the office?

This health check is built specifically for allied health practices.

Plain-English questions covering practice management software security, Medicare/DVA portal protection, mobile device security, clinical note handling, referral communications, and the specific risks of working across multiple locations. No technical jargon—designed so any practitioner can complete it and understand the results.

What you get:

67
Plain-English Questions
Specific to allied health practices—no technical knowledge required
Clear Security Score
See exactly where you're protected and where you're exposed
Prioritised Actions
Gaps ranked by risk, then turned into a phased action plan you track to completion
Professional Reports
Comprehensive Word report with scores, recommendations, and improvement plan

What your results look like

Finish in about an hour and you get a clear overall score, a breakdown across every security domain, and every gap turned into a prioritised action plan you can track and export. (Example output.)

Cyber Security Health Check results screen showing an overall score and maturity across Essential, Recommended and Advanced practice levels
Your overall score, plus maturity across Essential, Recommended and Advanced practices.
Domain Maturity Analysis showing a score-by-domain bar chart and a gap risk distribution pie chart
A breakdown across every security domain, with your gaps grouped by risk level.
What You're Doing Well section highlighting the security areas where the business is already strong, with a score and an Excellent rating
It's not just problems — it highlights what you're already doing well, too.
Identified Gaps table listing each gap with time, cost, urgency, risk and priority, plus a plain-English recommendation
Every gap ranked by priority, each with a plain-English recommendation.
Action Register table listing chosen actions with owner, due date and status, plus a Download register Excel button
Turn gaps into a tracked action register — owner, due date, status, export to Excel.

What You Receive

Every assessment generates a comprehensive report. Download a sample below.

Summary Report

Plain-English findings with scores, prioritised improvement plan, risk associations, and resources

Download Sample

Complete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.

Who is this for?

Physiotherapists, psychologists, occupational therapists, speech pathologists, podiatrists, dietitians, and other allied health practitioners. Whether you work from a clinic, visit clients at home, or operate across multiple sites—if you handle patient records and want to understand your cyber security posture without needing IT expertise.

AI-Powered

Your Assessment Includes a Personal AI Security Advisor

Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.

During the assessment

Not sure what a question is asking? Just ask.

Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.

  • Explains technical concepts in everyday language
  • Gives real-world examples relevant to your industry
  • Never suggests how to answer — just helps you understand
  • No technical background required to complete the assessment
AI question helper explaining a cyber security question in plain English during the assessment
Assessment question interface showing radio button answer choices and plain English guidance
After you finish

Available the moment you see your results.

Once your results are in, an AI security advisor can answer any question about what they mean — in plain English, like talking to a security professional. It can even draft a phased action plan from your specific gaps — what to fix first, next, and over time.

  • "Explain my highest risk gap in simple terms"
  • "Walk me through how to fix action #3"
  • "Which gaps are easiest to fix myself?"
  • Ask anything — your advisor knows your specific results
AI Personal Security Advisor chat interface showing results-based guidance after completing the health check

Get the Allied Health Cyber Health Check

Get My Health Check
$399 + GST
Instant download · 30-day money-back guarantee · Runs entirely on your device

Common Questions

Why are allied health providers targeted by cyber criminals?
Allied health practices hold highly sensitive patient data — health records, Medicare and DVA details, referral information, and personal identifiers. Patient health information commands a premium on dark web markets. AHPRA-registered practitioners are also high-value targets because breached credentials can be used to fraudulently access Medicare and DVA billing systems.
What regulatory obligations apply to allied health providers?
AHPRA's Code of Conduct requires practitioners to take reasonable precautions to protect patient information. The Privacy Act 1988 and Australian Privacy Principles apply to all practices that collect health information, regardless of size. The My Health Record Act imposes specific security requirements on providers with My Health Record access. Medicare and DVA participation requires protection of provider credentials.
What does the Allied Health Health Check cover?
The health check covers AHPRA credential security, patient record system access controls, Medicare and DVA billing system protection, practice management software security, email and communication security, backup and recovery, device management for mobile and remote practitioners, and staff awareness of health-specific threats.
What do I receive after completing the health check?
You receive a professional report summarising your security posture with prioritised recommendations specific to allied health practice. The report is suitable for sharing with your medical indemnity insurer, your practice manager, or keeping on file as evidence of reasonable steps taken to protect patient information.

View all frequently asked questions →

Further Reading

Resource

AHPRA Cyber Security Requirements for Health Practitioners

What AHPRA's Code of Conduct and the Privacy Act require from GP clinics and allied health providers — and what 'reasonable steps' looks like in practice.

Read the guide