List your practice

SECURITY & PRIVACY AT HOTDOC

Security

We recognise that your data is very sensitive. We combine extensive security features with comprehensive audits of our platform to ensure your data is secure.

Privacy

HotDoc has comprehensive policies and procedures that detail how we handle personal information.

The term ‘personal information’ encompasses a broad range of information that HotDoc handles and includes ‘sensitive information’ as well as ‘health information’ in accordance with the Privacy Act 1988. HotDoc will always err on the side of caution by treating your data as personal information, and handle it in accordance with the Australian Privacy Principles (APPs). Your personal information never leaves Australia. 

To ensure the privacy of your information, all data is transferred between user devices and HotDoc servers using 256 bit encrypted connections via TLS 1.2 and world-class certificate management. HotDoc also employs encryption at rest (AES-256) to protect the secrecy of all data persisted by us.

 

HotDoc employees will only ever access personal information if it’s required for customer support. All access to personal information is tracked and audited, with access determined based on principles of least privilege and strict access control lists. Your personal information is protected through the use of native system security and add-on software products that identify, authenticate and validate access requests against authorised roles in access control lists.

Certifications and Compliance

HotDoc is committed to maintaining best practices for ensuring security, availability and confidentiality.

HotDoc annually completes an independent audit for our SOC 2 Type I report, which verifies our consistent application of the Trust Service Principles over time. Despite being an Australian company and having no regulatory obligations to do this, by holding ourselves accountable to a third party we wish to demonstrate transparency to our customers and support our ongoing efforts to provide a first class, secure and reliable environment for our customers data.

Infrastructure Security

HotDoc runs all of its services from the cloud in Australia and is deployed across multiple availability zones within the region. HotDoc maintains failover capabilities in the event of physical hardware or logical software failures, with infrastructure hosted in high availability data centres. HotDoc uses modern infrastructure-as-code and security tooling to make sure our infrastructure runs reliably and securely.

Application Security

HotDoc has built application security into its culture, with a dedicated team to help mentor and coach best practices within the product. All code is peer reviewed with an extensive set of automated testing as part of our build pipeline. HotDoc keeps up to date with software patching and vulnerability management with automated tooling. HotDoc uses layered defence to maintain separation between production and development environments and ensure the principles of least privilege are maintained as it relates to customer data.

Vulnerability Disclosure

HotDoc makes it a priority to resolve any security vulnerabilities in our products within the timeframes identified in our security policies. HotDoc follows coordinated vulnerability disclosure and kindly asks that anyone reporting a vulnerability to us does the same in the interests of our customers.

 

If you are a customer, please submit a ticket to our support team.

 

If you are a security researcher, please join our bug bounty program, or email our security team.

Bug Bounty Program

HotDoc invites you to test and help secure our primary publicly facing assets – focusing on our web, and mobile applications. We appreciate your efforts and hard work in making the internet (and HotDoc) more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!

Request Invite

Contact Security

HotDoc has a dedicated security team that handles everything from application security through to infrastructure security and anything in between. Have any questions? Feel free to contact the team directly.

Email Team

Join 20,000 readers—subscribe to our newsletter

Get our latest healthcare articles, resources and CPD webinars delivered to your inbox.

A better health care experience

Australian Owned & Operated

2021 HotDoc Online Pty Ltd

Your Specialty

General Practice

Dentists

Optometrists

Specialists

Allied Health

Resources

Blog

Webinars

Workshops

Guides

Resources

Community

Support

HotDoc Academy

COVID Vaccine Hub

Company

About us

Diversity & inclusion

Careers

Security

Contact

Privacy Policy

Terms of service

Fair Use Policy

Features for GPs

Caller ID New!

Online bookings

Reviews

Reminders

Forms

Mobile check-in

Telehealth

Payments

Vaccines

Results

Recalls (clinical reminders)

Repeats

Inform

Broadcast

Referral Upload

Facebook Twitter Youtube Linkedin
List your practice