eDoctor Privacy Policy

Effective Date: May 18, 2026

Introduction

We are committed to protecting the privacy of patient information and to handling your personal and sensitive information in a responsible manner in accordance with the Privacy Act 1988, the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles, and relevant State and Territory privacy legislation (referred to as privacy legislation).

This Privacy Policy explains how the eDoctor app and our practice collect, use, and disclose your personal and sensitive information, how you may access that information, and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.

This Privacy Policy is reviewed annually. From time to time, we may make changes to our policy, processes, and systems in relation to how we handle your personal and sensitive information. We will update this Privacy Policy to reflect any changes, which will be available within the eDoctor app, on our website, and in the laboratory practice.

In this Privacy Policy, personal information and sensitive information have the meaning defined in the Australian Privacy Principles:

  • Personal information is any information that can be used to personally identify you. This may include your name, address, telephone number, email address, and profession or occupation.

  • Sensitive information is your health, genetic, and biometric information and includes any of your personal information about race or ethnicity, political opinions/association, philosophical or religious beliefs/association, trade association or union membership, sexual orientation/practices, or criminal record.

Collection of Information

Audience
We collect information from the following groups:

  • Individuals/Patients

  • Responsible persons (acting on behalf of the patient)

  • Referring Doctors/Specialists/Clinicians (and staff) using the eDoctor app

  • Third-party health service providers including hospitals, clinics, & other pathology practices

  • Insurers & institutions

  • Government Agencies (e.g., Department of Veterans Affairs, Medicare, Workcover, etc.)

  • Commercial and Medical Suppliers

Types of Information Collected
Depending on the nature of your interaction with the eDoctor app and our services, we may collect the following:

  • Patients: Name, Address, Contact number, Date of birth, Gender, Medical history, and Medicare/Government Health Funds or Private Medical Fund information.

  • Primary and Third-Party Healthcare Providers (eDoctor App Users): Practice/Business name, Address, Contact number, Fax number, Email address, Provider number, Practice Management Software, Written consent authority, Device identifiers for push notifications, and information provided through our Customer Support Centre.

  • Commercial and Medical Vendors / Individuals: Representative details, order history, accounting details, and employment/procurement information.

How We Collect Information

We collect information that is necessary and relevant to provide medical care, grant you instant access to diagnostic journeys via the eDoctor app, and manage our medical practice.

Wherever practicable, we will only collect information about patients via the primary healthcare provider who has consent. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals, other health care providers, and the My Health Record system.

Information is collected via the eDoctor app, over the phone, in writing, or via our online portals. In emergency situations, we may also need to collect information from relatives or friends.

eDoctor App Specifics & Mobile Data

While using the eDoctor app to manage patient pathology results and track referrals:

  • Push Notifications: We collect device tokens to provide you with immediate push notifications for significant results and critical patient updates.

Data Retention and Deletion Policy (App Store Compliance)

We are committed to giving you control over your data while strictly adhering to Australian medical legislation.

How Long We Store/Retain Your Data:

  • App Account Data: We retain your eDoctor app account information (such as login credentials and user preferences) for as long as your account is active and you are utilizing our services.

  • Medical & Clinical Data: By law, we are required to retain medical records (including pathology results and referral histories accessed via the app) for statutory periods. Under Australian health legislation, adult medical records must be retained for a minimum of 7 years from the date of the last service provided. For children, records must be kept until the patient reaches 25 years of age.

How to Have Your Data Deleted:
You have the right to request the deletion of your eDoctor app account and associated personal data.

  • Email Request: You can request data deletion by emailing our Privacy Officer directly at admin@infinitypath.com.au with the subject line “eDoctor Data Deletion Request”.

Note on Deletion Limitations: Upon receiving a deletion request, we will promptly delete your eDoctor user account, login details, and device tokens. However, please be aware that any patient clinical data, pathology results, or legal medical records tied to your account cannot be permanently erased if they fall under the mandatory statutory retention periods mandated by Australian law. Such data will be securely archived and isolated until the legal retention period expires, at which point it will be securely destroyed.

Use and Disclosure

We will treat your personal and sensitive information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment (e.g., viewing pathology test results, tracking referrals via the eDoctor app), or in ways that you would reasonably expect.

We may be permitted or required by law to disclose information to third parties (e.g., Medicare, Police, insurers, tribunals, courts, or My Health Record). We may also provide de-identified statistical data for research purposes. We may disclose information to outside contractors (like IT service providers). We impose strict security, confidentiality, and “Conflict of Interest” requirements on these contractors, prohibiting them from using your information for anything other than the requested activities.

Data Quality and Security

We take reasonable steps to ensure that your personal and sensitive information is accurate, complete, up to date, and relevant.

Information held by us is protected by:

  • Securing information sent electronically (such as pathology reports accessed via eDoctor) using secure message delivery networks and communication protocols certified by Medicare Australia and the Australian Government Digital Health Agency.

  • Securing our physical premises.

  • Placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorized interference, access, modification, and disclosure.

  • Providing locked cabinets and rooms for the storage of physical records.

Cookies and Embedded Content

If you use our web services, we may collect your name, email address, and website in a session cookie (lasting one year) for your convenience. If you have an account and log in regularly, your browser may save data for automatic logins. Any data associated with the login is stored securely. Cookies are used strictly for website enhancement (e.g., analytics, load times). We are not responsible for tracking associated with embedded content sourced from third-party websites.

Corrections and Access

Corrections: If you believe the information we hold is not accurate, complete, or up to date, please contact us in writing.
Access: You are entitled to request access to your medical records. We request that you put this in writing and we will respond within a reasonable time. There may be a fee for the administrative costs of retrieving these records. We may deny access in certain circumstances permitted by law (e.g., if disclosure causes a serious threat to health or safety), but we will always provide our reasons for denial.

Complaints

If you have a complaint about the privacy of your personal and sensitive information, please contact us in writing. We will consider the details and attempt to resolve it in accordance with our internal complaints handling procedures. If you remain dissatisfied, you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.

Overseas Transfer of Data

We will not transfer your personal and sensitive information to an overseas recipient unless we have your explicit consent or we are required to do so by law.

Contact Information

Please direct any queries, complaints, or requests for access/deletion of records to:

Privacy Officer
Phone: (07) 3123 8888
Email: admin@infinitypath.com.au