Privacy Policy

1. Introduction

HealthDock ("we," "our," or "us") is committed to protecting the privacy and security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our EMR platform, website, and related services.

We comply with the Digital Personal Data Protection Act (DPDP) 2023 of India, and maintain the highest standards of data protection in accordance with global healthcare privacy regulations.

2. Information We Collect

2.1 Personal Information

Identity Information: Name, date of birth, gender, photograph
Contact Information: Email address, phone number, postal address
Professional Information: Medical license number, qualifications, specializations (for healthcare providers)
Account Information: Username, password, security questions

2.2 Medical Information

Health Records: Medical history, diagnoses, treatment plans, prescriptions
Diagnostic Data: Lab results, imaging reports, vital signs
Clinical Notes: Consultation notes, progress reports
Insurance Information: Policy numbers, claim details

2.3 Technical Information

Device Data: IP address, browser type, operating system
Usage Data: Login times, features accessed, interaction patterns
Location Data: Clinic/hospital location (with consent)

                Important: We collect only the minimum data necessary to provide our services. All data collection is transparent and requires your explicit consent as per DPDP Act 2023.
            

3. How We Use Your Information

3.1 Healthcare Service Delivery

Providing EMR functionality and clinical decision support
Facilitating patient care and treatment management
Enabling AI-powered diagnostic assistance
Managing appointments and patient communications

3.2 Legal and Compliance

Complying with healthcare regulations and legal requirements
ABDM integration and government healthcare programs
Maintaining audit trails for medical-legal purposes
Processing insurance claims and billing

3.3 Platform Improvement

Enhancing user experience and platform features
Training and improving AI algorithms (with anonymized data)
Conducting healthcare analytics and research
Technical support and troubleshooting

4. Data Sharing and Disclosure

We never sell your personal or medical data. We share information only in the following circumstances:

4.1 With Your Explicit Consent

When you authorize sharing with other healthcare providers
For referrals or second opinions you request
With family members you designate

4.2 For Healthcare Operations

With authorized staff within your healthcare facility
With laboratories and diagnostic centers (for test results)
With pharmacies (for prescription fulfillment)
With insurance companies (for claims processing)

4.3 Legal Requirements

To comply with court orders or legal processes
To report certain diseases as required by public health laws
To prevent imminent harm or medical emergencies
For government healthcare programs (ABDM/ABHA)

5. Data Security

We implement industry-leading security measures to protect your data:

5.1 Technical Safeguards

Encryption: AES-256 encryption for data at rest and in transit
Blockchain: Immutable audit logs and tamper-proof records
Access Controls: Role-based access with multi-factor authentication
Security Monitoring: 24/7 threat detection and response

5.2 Physical Safeguards

Secure data centers in India with restricted access
Redundant backups across multiple locations
Disaster recovery protocols

5.3 Administrative Safeguards

Regular security training for all personnel
Strict confidentiality agreements
Regular security audits and assessments
Incident response procedures

6. Data Retention

We retain your data in accordance with legal and regulatory requirements:

Medical Records: As per Medical Council of India guidelines (minimum 3 years for IP records, 5 years for OP records)
Financial Records: 8 years as per Income Tax Act requirements
Audit Logs: 3 years for compliance purposes
Account Information: Until account deletion request + legal retention period

After the retention period, data is securely destroyed using industry-standard methods.

7. Your Rights Under DPDP Act 2023

As a data principal under the DPDP Act 2023, you have the following rights:

Right to Access: Request copies of your personal data
Right to Correction: Request correction of inaccurate data
Right to Erasure: Request deletion (subject to legal requirements)
Right to Grievance Redressal: File complaints about data handling
Right to Data Portability: Receive your data in a structured format
Right to Withdraw Consent: Withdraw consent for data processing
Right to Nominate: Nominate someone to exercise rights after death

                To exercise any of these rights, please contact our Data Protection Officer at dpo@healthdock.org
            

8. Medical Data Protection

Medical data receives the highest level of protection:

All medical records are encrypted with patient-specific keys
Blockchain technology ensures tamper-proof medical records
Zero-knowledge proofs allow verification without data exposure
Strict access controls based on patient-provider relationships
Complete audit trails of all medical record access
Compliance with medical confidentiality and ethics guidelines

9. Cookies and Tracking

We use cookies and similar technologies to:

Maintain session security
Remember your preferences
Analyze platform usage for improvements
Ensure platform functionality

You can control cookie preferences through your browser settings. Essential cookies required for security cannot be disabled.

10. Children's Privacy

For patients under 18 years:

Parental/guardian consent is required for data processing
Parents/guardians have access rights to minor's records
Special protections for sensitive pediatric data
Age-appropriate privacy notices where applicable

11. International Data Transfers

In compliance with DPDP Act 2023:

All data is stored within India
Cross-border transfers only to countries with adequate protection
Explicit consent required for any international transfer
Appropriate safeguards for any permitted transfers

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through:

Email notification to registered users
Prominent notice on our platform
Update of the "Last Updated" date

Continued use after changes constitutes acceptance of the updated policy.

13. Contact Information

Data Protection Officer

Email: dpo@healthdock.org
Phone: +91-98755 87234
Address: HealthDock, Rosedale, New Town, Kolkata 700156

Grievance Officer

Email: grievance@healthdock.org
Response Time: Within 48 hours

General Inquiries

Email: privacy@healthdock.org
Website: www.healthdock.org

Table of Contents