Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your personal and medical information.
Introduction
Welcome to Medi-Heart Healthcare Platform ("Medi-Heart," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare platform.
By using Medi-Heart, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our platform.
Information We Collect
Doctor Information
Personal Information:
- Full name and email address
- Date of birth and marital status
- Profile photograph and business card
Professional Information:
- Area of practice and specialization
- Medical license number and certifications
- Years of experience and degree completion year
- Hospital affiliations and professional biography
Contact Information:
- Mobile, alternate, and WhatsApp numbers
- Clinic address and fax number
Patient/Beneficiary Information
For patients served through our platform, we collect:
- Basic demographic information
- Medical history and health records
- Emergency contact information
- Health card data and QR codes
- Form responses and medical assessments
Event Participation
- Event registration information
- Attendance records
- Participation status and notes
Technical Information
- IP address and device info
- Browser type and OS
- Usage data and analytics
- Cookies and tracking
How We Use Your Information
Healthcare Service Delivery
- Facilitate doctor-patient interactions
- Manage healthcare events
- Generate health cards
- Process medical forms
Platform Operations
- Create and manage accounts
- Authenticate users
- Provide customer support
- Send notifications
Analytics & Improvement
- Analyze platform usage
- Improve user experience
- Develop new features
- Generate statistics
Legal Compliance
- Comply with regulations
- Maintain audit trails
- Respond to legal requests
- Prevent fraud
Data Sharing and Disclosure
We do not sell your personal information.
We may share your information only in the following circumstances:
Healthcare Providers
Patient information is shared with authorized doctors participating in events to deliver medical services.
Service Providers
We use trusted third-party providers (AWS, authentication services) bound by strict confidentiality and HIPAA agreements.
Legal Requirements
We may disclose information when required by law or to protect rights, property, or safety.
Data Security & HIPAA Compliance
HIPAA Compliance
Our platform is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) requirements for protecting patient health information.
Encryption
- HTTPS/TLS for data in transit
- Industry-standard encryption at rest
- AWS S3 secure file storage
Access Controls
- Role-based access control
- Multi-factor authentication
- JWT-based authentication
- Regular access audits
Infrastructure Security
- AWS enterprise-grade security
- Automated backups
- Regular security updates
- Continuous monitoring
Audit Logging
- Comprehensive audit logs
- Data access tracking
- Modification monitoring
- Unauthorized access detection
Your Rights
Access
Access and review your personal information through your profile dashboard
Correction
Update and correct your information at any time through account settings
Deletion
Request deletion of your account and personal information, subject to legal retention requirements
Data Portability
Request a copy of your data in a standard, machine-readable format
Opt-Out
Manage notification preferences and opt-out of non-essential communications
Withdraw Consent
Withdraw consent at any time, though this may limit certain features
To exercise these rights, please contact us using the information provided in the Contact Us section.
Data Retention
We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Active Accounts
Retained while your account is active and you continue to use our services
Medical Records
Retained per HIPAA requirements and medical record retention laws (typically 7-10 years)
Inactive Accounts
Certain information retained for legal compliance, fraud prevention, and audit purposes
Backup Data
Backup copies retained for disaster recovery and deleted per backup retention schedule
Children's Privacy
Our platform is designed for use by healthcare professionals and is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18 without parental consent.
Patient/beneficiary records may include minors' information, which is collected and managed by authorized healthcare providers in accordance with applicable laws and with appropriate parental or guardian consent.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you via email or platform notification
- Your continued use of the platform after changes constitutes acceptance
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Medi-Heart Healthcare Platform
Response Time: We will respond to privacy-related inquiries within 30 days.
This Privacy Policy is effective as of the date stated above. By using Medi-Heart, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.