Abi-Health

PathWorks

Smart Laboratory Test Result Management

What you should know at a glance

🔒

Data is encrypted

All data is transmitted over TLS and stored on encrypted servers. Patient and medical information never leaves secured infrastructure.

🚫

Never sold or advertised

We do not sell, share, or use your data for advertising. No third-party ad SDKs are integrated in this application.

👨‍⚕️

Doctor-only access

The app is restricted to licensed physicians with organization-issued credentials. Public account creation is not possible.

🔐

Authorized access only

Multi-factor authentication (password, OTP, biometric) ensures only authorized healthcare professionals can access patient data.

🗑️

You can delete your data

Authorized users may request account and data deletion at any time by contacting our privacy team.

⚖️

Legally compliant

Compliant with India's IT Act 2000, Digital Personal Data Protection Act 2023, and healthcare data regulations.

Overview

PathWorks is a professional mobile and web application built for licensed physicians, diagnostic laboratories, hospitals, and medical practitioners. This Privacy Policy explains what personal information we collect when you use PathWorks, how we use it, with whom we share it, and what rights you have over it. This application is accessible only to authorized healthcare professionals issued credentials by their employing laboratory, hospital, or diagnostic center. If you are using PathWorks, your organization has agreed to our Terms of Service and takes responsibility for ensuring this application is used in accordance with applicable healthcare regulations, including HIPAA, GDPR, and India's data protection laws. By using PathWorks, you agree to the practices described in this Privacy Policy. If you do not agree, please stop using the application and contact your administrator.

Who This Policy Applies To

This Privacy Policy applies to:

Physicians, doctors, and medical practitioners who use the PathWorks mobile and web application to review and approve laboratory test results
Laboratory administrators and diagnostic center staff who manage the PathWorks organization portal
Patients whose data is collected, processed, or transmitted through the application as part of test result management and approval workflows
All releases of the PathWorks (Android, iOS, and web) available on the Google Play Store, Apple App Store, and web browsers

ℹThis policy does not govern the data practices of any third-party services, websites, or platforms that may be linked from within the application. We recommend reviewing those services' own privacy policies.

Information We Collect

We collect only what is strictly necessary to operate the application and deliver reliable test result management and approval services. We do not collect information speculatively or for purposes beyond what is described here.

Patient Information

Full name, date of birth, age, and gender
Contact number and address for appointment scheduling
Patient ID, visit number, and test order identifiers
Test Requisition Form (TRF) data, including tests ordered and referring physician details
Medical sample identifiers, accession numbers, and barcode data linked to each order
Test result values, reference ranges, and abnormality flags
Medical and technical remarks added during result approval
Payment status and approval acknowledgment records

Physician Account & Activity

Full name, employee/registration ID, and organization-issued login credentials
Device biometric data used for authentication (fingerprint/face ID templates stored securely on device only)
Real-time session activity logs including login timestamps, feature access, and logout events
Task assignment history, test approval logs, and daily operational reports
Medical remarks and technical comments added during result review
Digital approval signatures and acknowledgment records
Device push token for delivery of operational notifications

Organization & Infrastructure

Organization name, ID, and API URL for multi-organization support
Organization-level authentication URLs and encryption keys
Role-based access control settings and permissions
Billing and subscription information for the organization

Device & Technical Information

Device make, model, and operating system version (Android, iOS, or web browser)
Application version number and unique device identifier
Session activity logs and anonymized crash/error reports used to improve stability
Network type and connectivity status at the time of data synchronization
Device push notification tokens for alert delivery

Device Permissions We Request

PathWorks requests specific Android and iOS permissions. Every permission is used for a single, clearly defined operational purpose. We do not use any permission for tracking, profiling, or advertising. The table below lists every permission declared in the application and its precise justification.

Biometric Authentication

Biometric / Face ID / Touch ID

Enables secure, one-tap authentication for physicians without requiring password entry. Biometric data is processed exclusively on-device using the operating system's secure enclave and never transmitted to our servers. This allows fast, secure login while reducing password reuse and compromise risks.

Camera

CAMERA / NSCameraUsageDescription

Enables barcode scanning to link physical laboratory samples to patient records, and document capture for digitizing Test Requisition Forms, doctor prescriptions, and patient consent documents. Camera is activated only when the physician deliberately initiates a scan or capture action. No photographs are stored on the device; captured images are immediately processed and transmitted securely to the laboratory server.

Internet Access

INTERNET

Required for all core application functionality: synchronizing test orders, patient records, approval workflows, document uploads, and status updates with the laboratory information system. All data is transmitted exclusively over HTTPS using TLS 1.2 or TLS 1.3.

Network State

ACCESS_NETWORK_STATE / Reachability

Allows the application to check whether a network connection is available before attempting data synchronization. This enables the app to queue operations gracefully and display appropriate offline notices when connectivity is lost.

Phone State

READ_PHONE_STATE

Used to detect incoming phone calls so that active in-app workflows (such as test result entry or approval) are not interrupted. This allows graceful pause and resume of operations around calls. No personal phone identifiers are read or transmitted.

Make Phone Calls

CALL_PHONE / tel:

Enables the physician to call a patient directly from within the application to confirm test requirements, discuss results, or clarify medical history. The call is initiated only when the physician explicitly taps a call action. No calls are made automatically.

Media / File Access

READ_MEDIA_IMAGES / READ_EXTERNAL_STORAGE (Android ≤12)

Allows the physician to select and upload images from their device gallery—such as a previously photographed TRF, patient ID, or insurance card—when direct camera capture is not feasible. On Android 13+, access is limited strictly to image files via scoped READ_MEDIA_IMAGES permission.

File Storage

READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE

Enables downloading and storing laboratory reports (PDFs) to the device and opening them in the native PDF viewer. Downloads are stored in the app-specific cache directory with appropriate file system encryption.

Push Notifications

POST_NOTIFICATIONS (Android 13+)

Required on Android 13+ to display approval reminders, result validation alerts, and operational notifications. This permission can be revoked in Android system settings. Revoking it will not affect core functionality but may delay time-sensitive alerts.

How We Use Your Information

All data collected through PathWorks is used exclusively to support test result management and approval workflows. Specifically, we use it to:

Verify the identity of authorized physicians and maintain secure session access
Deliver and manage assigned test result approval tasks and patient appointment details
Record test result entries, medical remarks, and technical comments
Track approval workflows and generate audit trails for regulatory compliance
Enable physicians to call patients directly from the app for result discussions
Detect incoming calls to pause and resume active workflows without data loss
Scan barcodes on laboratory samples to ensure accurate result-to-patient linking
Capture and upload digitized Test Requisition Forms and supporting documents
Transmit real-time approval status updates to the laboratory information system
Generate daily task reports and operational performance summaries for the laboratory
Send time-sensitive push notifications for approval reminders and validation alerts
Support laboratory quality audits and regulatory documentation requirements
Diagnose and fix technical issues using anonymized crash and error data
Maintain session audit logs for security and compliance purposes

How We Share Your Information

We do not sell, rent, license, or share your personal or patient information with third parties for commercial or advertising purposes — ever. We may share information in the following limited circumstances:

With your employing laboratory, hospital, or diagnostic center that has deployed and manages PathWorks
With healthcare personnel—such as lab technicians, pathologists, and reporting physicians—directly involved in processing your submitted samples or reviewing your approvals
With backend infrastructure providers (cloud hosting, push notification services) who are bound by strict data processing agreements and may not use data for any independent purpose
With payment processing partners, limited to the transaction data required to complete collection or billing, subject to their PCI-DSS compliance obligations
When required by applicable law, a valid court order, or a lawful request from a government or public health authority
To detect, prevent, or respond to fraud, security incidents, or violations of our Terms of Service

ℹAll service providers who access data on our behalf are contractually prohibited from using it for any purpose other than delivering the specific service for which they were engaged.

How We Protect Your Information

We take the security of patient and medical data seriously. The following controls are in place:

All data in transit is encrypted using TLS 1.2 or TLS 1.3 over HTTPS
Data at rest is stored on encrypted, access-controlled servers in hardened cloud infrastructure
Application login requires organization-issued credentials with brute-force protection and automatic session expiry
Session tokens are short-lived, secured in Android Keystore where applicable, and invalidated on logout
Patient data is not cached or stored in plain text on the mobile device
Sensitive database fields use AES-256 encryption at rest
Biometric data is processed on-device only and never transmitted to servers
Role-based access control limits physicians to their organization's patient data and assigned tasks
API endpoints are authenticated and hardened against OWASP Top 10 threats
Access logs are maintained for all patient data access for audit and compliance purposes
System date validation prevents approval of results with suspicious system clocks

How Long We Keep Your Information

We retain data only for as long as it is needed for the purpose for which it was collected, or as required by applicable law.

Patient test results and approval records—Retained for 5–7 years as required by Indian healthcare regulations and diagnostic laboratory standards
Test Requisition Forms and supporting documents—Retained for 5–7 years as per diagnostic center archival policies
Physician session and approval logs—Retained for 3–5 years for audit and compliance purposes
Payment transaction records—Retained per financial and tax compliance requirements (typically 5–7 years)
Device identifiers and technical logs—Retained for 90 days, then permanently deleted
Anonymized crash and diagnostic logs—Retained for maximum 90 days, then permanently deleted
Deactivated physician accounts—Credentials deactivated immediately; operational records archived for audit continuity

ℹIf you submit a deletion request and we are required by regulation to retain certain records beyond that date, we will notify you of what is being retained and why.

Account Deletion & Your Data

In compliance with healthcare data protection policies and applicable law, we provide multiple ways for authorized users to request deletion of their account and personal data.

In-App: Navigate to Settings → Account → Request Account Deletion (where implemented)
By Email: Send a request to privacy@abi-health.com with your employee ID, full name, and organization name
Via Administrator: Ask your hospital/diagnostic center administrator to deactivate your profile in the PathWorks management portal

ℹRequests are acknowledged within 1 business day and completed within 30 days. Patient medical records associated with your review history may be retained as required by healthcare regulations. You will be explicitly informed of any such mandatory retention at the time of your request.

Your Privacy Rights

Authorized users have the following rights with respect to their personal data. To exercise any right, contact us at privacy@abi-health.com. We will respond to verified requests within 30 days.

Access—Request a copy of the personal data we hold about you
Correction—Request that we correct inaccurate or incomplete data
Deletion—Request that we delete your data, subject to legal retention requirements
Restriction—Request that we limit how we process your data in certain circumstances
Portability—Request your data in a portable, machine-readable format where technically feasible
Objection—Object to processing of your data where it is based on legitimate interest
Withdrawal of Consent—Withdraw consent at any time without affecting the lawfulness of prior processing

Children's Privacy

PathWorks is designed exclusively for adult healthcare professionals operating in an authorized professional capacity. It is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we discover that information has been inadvertently received from a person under 18, we will delete it immediately. If you have reason to believe a minor has accessed this application, please contact us immediately at privacy@abi-health.com.

Third-Party Services

PathWorks integrates the following categories of third-party services. Each is used only for its stated purpose and is bound by data processing agreements.

Cloud Infrastructure (AWS, Google Cloud, Azure)—Encrypted backend hosting and secure API services; no independent use of data permitted
Push Notifications (Firebase Cloud Messaging, etc.)—Only anonymized device tokens are transmitted; no patient data is shared
Payment Gateway (Razorpay, PayU, etc.)—Only transaction data required to complete billing is shared; governed by PCI-DSS compliance
Crash Diagnostics (Firebase Crashlytics, Sentry)—Anonymized error and crash reports only; no patient data or personal identifiers are included
Barcode Scanning Libraries—Fully on-device processing; no scan data is transmitted to external libraries
PDF Rendering—Client-side processing; PDFs are not uploaded to external services

ℹWe do not integrate advertising SDKs, behavioral tracking tools, or social media plugins. No data is used for cross-app tracking or sold to data brokers.

Changes to This Policy

We may update this Privacy Policy to reflect changes in the application, our data practices, or applicable legal requirements. When we make material changes, we will revise the effective date at the top of this document and notify authorized users through an in-app notice at least 7 days before changes take effect. Continued use of PathWorks after the revised effective date constitutes acceptance of the updated policy. If you do not agree, please discontinue use and contact your organization administrator.

Legal Compliance

PathWorks is developed and operated in compliance with:

Google Play Store Developer Program Policies—including Medical App Policy, Sensitive Permissions Policy, and Data Safety requirements
Apple App Store App Review Guidelines—including medical app guidelines and privacy standards
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules, 2011 under the IT Act, 2000—India
Digital Personal Data Protection Act, 2023 (DPDPA)—India
Applicable laboratory regulatory and healthcare record-retention requirements of the operating jurisdiction
International standards (HIPAA principles, GDPR principles) where applicable to international users

ℹPathWorks does not provide medical advice, clinical diagnosis, treatment recommendations, or any form of clinical decision support. It is a test result management tool for authorized physicians performing result review and approval on behalf of licensed diagnostic laboratories.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our Privacy Team. We are committed to responding to all privacy-related inquiries within 1 business day.

Application

PathWorks

Company

ABI HEALTH TECHNOLOGIES PRIVATE LIMITED

Address

#90, Manka, 2nd Floor, 2nd Main Rd, Electronic City Phase I, Electronic City, Bengaluru, Karnataka 560100

Privacy Inquiries

privacy@abi-health.com

Technical Support

servicedesk@abi-health.com

Response Time

Acknowledged within 1 business day · Resolved within 30 days