Skip to content

Your first Aurabox transfer request

You’ve just recieved an Aurabox Transfer Request. What do you do next?

An Aurabox Transfer Request is a request for medical imaging to be transfered to a new location via the Aurabox service. Transfer Requests are generally created by a treating doctor or hospital. These organisations use Aurabox to solve issues relating to the transfer of medical imaging between locations.

The request will look at bit like this:

Aurabox Transfer Request

Commonly asked questions

Section titled “Commonly asked questions”

Who is Aurabox?

Section titled “Who is Aurabox?”

Aurabox helps users of medical imaging connect with imaging providers through its network. We are an Australian company, based in the Nation’s capital, Canberra.

How do I know if this is a legitimate request?

Section titled “How do I know if this is a legitimate request?”

Yes. Aurabox is acting as the Requester’s authorised representative for the transfer of medical imaging. This request is usually made within the patient’s legal rights to disclose their personal information.

In Australia, this is a legal request for personal information under the conditions of APP 6 in the Australian Privacy Act 1988.

Should we respond?

Section titled “Should we respond?”

It is likely that you have obligations to respond to legitimate requests for medical information. You may not be obligated to respond to Aurabox, however most of the time, you will be obligated to respond to the Requester.

In Australia, you are obligated to respond to requests for personal information under the conditions of APP 6 in the Australian Privacy Act 1988. Just because the request comes via Aurabox does not affect your responsibliities to the requester. See OAIC.gov.au > Guide to health privacy > Chapter 4: Giving access to health information for more information.

Can we refuse to respond?

Section titled “Can we refuse to respond?”

You may be obligated to respond to the request. You may not be required to respond to Aurabox, however you are likely to be required to respond to the Requester. Responding via Aurabox may make the process easier for you and the requester.

In Australia, you may refuse the request, however you should provide written notice, following the guidance set out in the Australian Privacy Principles. You can do this by choosing the Reject option on the request. In most cases, you need to provide an alternative. This can be provided when rejecting the request.

The Australian Privacy Act only has a limited number of grounds for refusing a request. Patients have the right to request access to their medical imaging in the manner of their choosing. Generally, you can not require someone to use your system to access imaging.

See OAIC.gov.au > Guide to health privacy > Chapter 4: Giving access to health information for more information.

Can we direct the requester to use our system?

Section titled “Can we direct the requester to use our system?”

Requesters usually use Aurabox to aggregate imaging from multiple providers, and one reason is because of the poor experience of using multiple imaging portals. You can meet this requesters needs by using Aurabox to provide the imaging.

Since the requester asking for the imaging to be provided, your system must allow downloads.

Generally, in Australia, you can not require someone to use your systems to access imaging. This would be a breach of Australian Privacy Principle 12.3b, which outlines that holders of health data must provide it to individuals in the manner requested.

How do we verify the patient and requester?

Section titled “How do we verify the patient and requester?”

Aurabox uses a number of methods to verify the identity of the patient and the requester. These methods are designed to ensure that the patient’s personal information is only disclosed to the correct person.

Requester Identity is validated using a combination of:

  • The Requesters valid identity documents, or
  • Has been added and verified by a verified organisation (e.g. a hospital), and
  • The Requesters valid medical registration (if appropriate)

The Patients Identity is validated by:

  • Aurabox, using the patients valid identity documents, or
  • By the requester, as part of their normal operating procedures (for example, hospitals usually validate identity as part of their check in procedures)

The request will include information about the patient, requester, reason for request, consents, and the type of information requested.

More information on how we do this is available in Understanding Requests.

We need more information before proceeding

Section titled “We need more information before proceeding”

Aurabox is building a network of healthcare and imaging providers, and we are working to make the transfer of medical imaging easier. We’re here to work with you to understand your obligations and to help you respond to requests.

If you would like to discuss this request with Aurabox, you can contact our team at hello@aurabox.cloud.

If you need confirmation from the requester, you can contact them directly using the contact details provided in the request.

Next Steps

Section titled “Next Steps”
Understanding Transfer Requests Learn more about the information included in a request.
Responding to Transfer Requests Learn how to respond to a Transfer Request
Rejecting a Transfer Request Learn when and how to reject a request.