Centrik powers New Zealand's fastest growing patient portal applications. Security is embedded in Centrik's architecture, not layered on top. Built to the highest standards for privacy and data protection.
Centrik's Well App
The Doctors
Unichem & Life Pharmacy
Tō Mai
Better Health Outcomes
Multi-factor authentication (MFA) is enforced for all clinical and administrative users.
MFA is available to all mobile app users who wish to add an extra layer of protection.
All accounts that can access personal or health information are protected by strong authentication controls, including password complexity requirements, one-time passcodes (OTP), and MFA.
In Transit
All connections to Centrik use TLS 1.2 or higher, ensuring data is protected as it travels between your device and our servers.
At Rest
All stored data is encrypted using industry-standard AES-256 encryption.
In Transit
All connections to Centrik use TLS 1.2 or higher, ensuring data is protected as it travels between your device and our servers.
At Rest
All stored data is encrypted using industry-standard AES-256 encryption.
Centrik is designed to minimise the amount of sensitive clinical data held outside core clinical systems.
Centrik does not maintain large repositories of hospital, specialist, or longitudinal clinical documents stored independently on its servers.
Clinical records remain in the practice PMS and are accessed securely in real time when required.
To operate patient-facing services safely and effectively, Centrik stores limited, purpose-specific data (e.g. script requests, messages, and bookings made through the app).
Centrik is hosted on AWS in Australia. AWS is widely used across the New Zealand health sector, including by Te Whatu Ora for national services.
Centrik integrates with clinical systems using event-driven APIs rather than bulk data extraction. For general practice, Centrik connects to Medtech via the ALEX® platform (a secure, consented API gateway). This follows current best practice for patient-facing systems and reduces long-term data exposure compared with architectures that duplicate entire patient datasets outside core clinical systems.
Access is real-time and on demand.
When a practice is offboarded, the ALEX® connection and access keys are removed so that there is no further live connection between Centrik and the PMS.
Data access is triggered by specific actions, such as a patient viewing information or submitting a request.
There is no ongoing bulk replication of full clinical records into Centrik.
Centrik uses independent NZ-based cybersecurity agencies for regular security and penetration testing. Findings are assessed, prioritised, and addressed through established governance processes.
Our team can provide comprehensive FAQs and resources to offer security & privacy assurance to your practice, pharmacy, or organisation.
Contact Us