1. Introduction
Welcome to Arogyam Hospital ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, share, and protect your data when you interact with our services, including our website, hospital management system, patient portal, and Ayurvedic healthcare services.
This policy is designed to comply with:
- Digital Personal Data Protection Act (DPDP), 2023 - India's primary data protection legislation
- Information Technology Act, 2000 and its amendments
- Clinical Establishments (Registration and Regulation) Act, 2010
- Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002
- International standards including HIPAA principles for healthcare data protection
ЁЯМР Bilingual Notice | рджреНрд╡рд┐рднрд╛рд╖реА рд╕реВрдЪрдирд╛: рдпрд╣ рдЧреЛрдкрдиреАрдпрддрд╛ рдиреАрддрд┐ рдЕрдВрдЧреНрд░реЗрдЬреА рдФрд░ рд╣рд┐рдВрджреА рджреЛрдиреЛрдВ рдореЗрдВ рдЙрдкрд▓рдмреНрдз рд╣реИред рдХрд┐рд╕реА рднреА рд╕реНрдкрд╖реНрдЯреАрдХрд░рдг рдХреЗ рд▓рд┐рдП рдХреГрдкрдпрд╛ рд╣рдорд╕реЗ рд╕рдВрдкрд░реНрдХ рдХрд░реЗрдВред
2. Information We Collect
2.1 Personal Information
We collect the following personal information with your consent:
- Identity Information: Name, date of birth, age, gender, photograph
- Contact Information: Address, phone number, email address, emergency contact details
- Government ID: Aadhaar number (only with explicit consent), PAN card, Voter ID (for identity verification purposes only)
- Financial Information: Payment details, billing address, insurance information
2.2 Health Information (Protected Health Information - PHI)
As an Ayurvedic hospital, we collect sensitive health information, including:
- Medical History: Past illnesses, surgeries, allergies, family medical history
- Current Health Status: Symptoms, diagnosis, treatment plans, prescriptions
- Prakruti Analysis: Ayurvedic constitution assessment (Vata, Pitta, Kapha)
- Treatment Records: Panchakarma procedures, medications, therapies, progress notes
- Lab Reports: Test results, diagnostic images, pathology reports
- Lifestyle Information: Diet, exercise habits, stress levels, sleep patterns
2.3 Technical Information
When you use our website or patient portal:
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages visited, time spent, click patterns, login timestamps
- Cookies: Session cookies for authentication and functionality
тЪая╕П Important: We collect health information ONLY with your explicit informed consent and solely for the purpose of providing quality Ayurvedic healthcare services.
3. How We Use Your Information
3.1 Primary Healthcare Purposes
- Providing Ayurvedic consultations, diagnosis, and treatment
- Creating and maintaining electronic health records (EHR)
- Scheduling appointments and managing hospital operations
- Communicating treatment plans and follow-up care
- Generating medical reports and prescriptions
- Coordinating care between different healthcare providers
3.2 Administrative Purposes
- Billing and payment processing
- Insurance claim processing and verification
- Managing patient registration and records
- Quality assurance and improvement of services
- Training and education of healthcare staff
3.3 Legal and Compliance
- Complying with legal obligations and regulations
- Responding to court orders and legal processes
- Maintaining records as required by Indian healthcare laws
- Reporting communicable diseases to public health authorities
3.4 Communication (With Your Consent)
- Sending appointment reminders via SMS/email/WhatsApp
- Sharing health tips and seasonal Ayurvedic recommendations
- Notifying about new services or facilities (you can opt-out anytime)
4. Data Sharing and Disclosure
We DO NOT sell, rent, or trade your personal or health information to third parties for marketing purposes.
4.1 When We May Share Your Information
- Healthcare Providers: With other doctors, specialists, or healthcare professionals involved in your care (with your consent)
- Laboratory Partners: For diagnostic tests and pathology services
- Pharmacy Services: For prescription fulfillment
- Insurance Companies: For claim processing (only information necessary for claims)
- Legal Authorities: When required by law, court orders, or public health emergencies
- Business Associates: Service providers (IT support, payment processors) who are bound by confidentiality agreements
4.2 De-identified Data
We may use aggregated, anonymized, and de-identified data for:
- Research and statistical analysis
- Quality improvement initiatives
- Public health studies
- Academic publications and presentations
This data cannot be traced back to individual patients.
5. Data Security Measures
We implement comprehensive security measures to protect your information:
5.1 Technical Safeguards
- Encryption: 256-bit SSL/TLS encryption for data transmission and AES-256 for data storage
- Access Controls: Role-based access with unique user IDs and strong password requirements
- Multi-Factor Authentication (MFA): For administrative access to sensitive systems
- Secure Servers: Data hosted on secure, India-based servers with regular security updates
- Firewall Protection: Network-level security to prevent unauthorized access
- Regular Backups: Automated daily backups with disaster recovery protocols
5.2 Physical Safeguards
- Restricted access to server rooms and data storage facilities
- 24/7 CCTV surveillance and security personnel
- Secure disposal of physical documents through shredding
- Locked storage for medical records and files
5.3 Administrative Safeguards
- Staff Training: Regular data protection and privacy training for all employees
- Confidentiality Agreements: All staff sign non-disclosure agreements
- Privacy Officer: Dedicated officer to oversee data protection compliance
- Audit Logs: Comprehensive logging of all data access and modifications
- Incident Response Plan: Protocols for handling data breaches
тЪая╕П Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours as required by DPDP Act, 2023.
6. Data Retention
We retain your information only for as long as necessary:
| Type of Data |
Retention Period |
| Medical Records & Treatment History |
7 years from last treatment (as per Indian healthcare regulations) |
| Prescription Records |
5 years |
| Financial & Billing Records |
8 years (as per Income Tax Act) |
| Appointment Records |
3 years |
| Marketing Communications |
Until consent is withdrawn |
| Website Cookies & Usage Data |
12 months |
After the retention period, data is securely deleted or anonymized beyond recovery.
7. Your Rights Under DPDP Act, 2023
As a patient, you have the following rights:
7.1 Right to Access
- Request a copy of your medical records and personal information
- Access your data through our patient portal
- Receive information about how your data is being used
7.2 Right to Correction
- Request correction of inaccurate or incomplete personal information
- Update your contact details and demographic information
7.3 Right to Erasure ("Right to be Forgotten")
- Request deletion of your personal data (subject to legal retention requirements)
- Withdraw consent for processing your data
7.4 Right to Data Portability
- Receive your medical records in a structured, commonly used format
- Transfer your data to another healthcare provider
7.5 Right to Grievance Redressal
- File complaints with our Data Protection Officer
- Escalate to the Data Protection Board of India if unresolved
ЁЯУз How to Exercise Your Rights:
Email:
privacy@arogyamhospital.com
Phone: +91-XXXX-XXXXXX
In-Person: Visit our front desk with valid ID proof
We will respond to your request within 30 days.
8. Consent Management
8.1 How We Obtain Consent
- Explicit Consent: For collecting and processing sensitive health information
- Informed Consent: Clear explanation of what data we collect and why
- Voluntary Consent: You can choose not to provide certain information (though this may affect service delivery)
8.2 Withdrawing Consent
You can withdraw your consent at any time by:
- Sending a written request to our Data Protection Officer
- Using the "Manage Consent" option in your patient portal
- Clicking "unsubscribe" in marketing communications
Note: Withdrawal of consent will not affect the lawfulness of processing based on consent before withdrawal.
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
- Essential Cookies: Required for website functionality (login, session management)
- Performance Cookies: Help us understand how visitors use our website
- Functional Cookies: Remember your preferences and settings
9.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.
10. Children's Privacy
Our services are not directed to children under 18 years of age. For pediatric patients:
- We collect information only with parental/guardian consent
- Parents/guardians have full access to their child's medical records
- We comply with all laws protecting children's privacy
11. Third-Party Links
Our website may contain links to third-party websites (e.g., payment gateways, insurance portals). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.
12. International Data Transfers
Your data is stored and processed within India. We do not transfer personal or health information outside India without your explicit consent and appropriate safeguards as required by DPDP Act, 2023.
13. Updates to This Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in legal or regulatory requirements
- Updates to our services and practices
- Improvements in data security measures
We will notify you of significant changes through:
- Email notification to your registered email address
- Prominent notice on our website and patient portal
- SMS notification for major policy changes
The "Last Updated" date at the top of this policy indicates the most recent revision.
15. Consent Acknowledgment
By using our services, registering as a patient, or accessing our website/portal, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.
For specific treatments or data processing activities, we will obtain separate informed consent as required by law.