Privacy Policy
Introduction
Welcome to MEDICA Digital Health Services ("MEDICA," "we," "us," or
"our"). This Privacy Policy outlines our practices regarding the
collection, use, and disclosure of personal information when you use our
mobile application and related services but not limited to doctor’s
appointment reservation, virtual consultation with a doctor, clinical
history and prescription storage. We are required to comply with the
laws and regulations that apply to protect your data and how it is used
as per the General Data Protection Regulation (GDPR) in the
countries/regions where the services are provided.
Information we Collect
Looking after your personal information
We are committed to protect your privacy, the data we collect and use to
provide our services. We are required to comply with the laws and
regulations that apply to protect your data and how it is used.
This privacy notice explains how we use information about you and how we
keep it safe, and protect your privacy.
This privacy notice applies to any personal data/information collected
by the user and automatically collected by us or on our behalf, by any
email format, online, or consultations face to face and virtually.
User provided data/information
-
Account Information: When you register in MEDICA app or website, we
collect personal information such as your name, email address, mobile
number, date of birth, gender and contact details.
-
Health Information: Users may voluntarily provide health-related
information, including medical conditions, allergies, prescriptions,
and other health records.
-
Communication Data: Information exchanged between users, healthcare
professionals, and caregivers on the app or during face to face or
virtual consultation.
Automatically collected data/information
-
Device Information: We collect device-specific information, including
device model, operating system, and unique identifiers.
-
Usage Information: We gather data on how users interact with the app,
including page views, clicks, and feature usage.
-
Log Information: Server logs may capture details such as IP addresses,
access times, and app errors.
What information do we collect?
Depending on your circumstances and the nature of the health care you
require, we may collect the following information about you:
-
Your general details (such as name, address, date of birth, telephone
number)
- Details about your GP
- Your medical history
- Any medications you are taking
- Details about your physical or mental health
- Your family details (for example, your next of kin)
- Your ethnicity
- Your religious beliefs
- Your lifestyle and social circumstances
- Your sexual life
- Scans, x-rays, and other diagnostic images
- Your genetic or biometric data
You have the right to receive a copy of your medical records through the
mobile app or website.
How do we use your information?
-
Personalized Services: We use the collected information to
provide personalized healthcare services, including health record
management, appointment scheduling, and communication features.
-
Communication: We may use contact information to send important
notices, updates, and promotional materials. Users can opt out of
promotional communications.
-
Analytic and Improvements: Aggregate and data anonymity may be
used for analytic, research, and app improvements.
-
To provide your care: The doctors and other health
professionals keep records about your health and the treatments you
have received through MEDICA in order to be able to provide you with
the most effective care. It is in your interests as a patient for a
full and complete medical record to be collected so that, we have an
accurate up-to-date information about you. The doctors and healthcare
professional can review and edit all or some of the data during face
to face or virtual consultation or any other health care delivery.
Data sharing and disclosure
-
With Your Consent: We may share your information with third
parties when you explicitly consent to such sharing.
-
Healthcare Providers and Caregivers: For the purpose of
facilitating healthcare services, we may share relevant user
information with authorized healthcare providers and caregivers.
-
Legal Compliance: We may disclose information when required by
law, legal processes, or to protect our rights and interests.
-
Improve or Services: We may also need to use some information
about you to manage the healthcare services we provide, help
investigation about any complaints, claims or incidents, help us to
plan new services, help us to keep track of spending our services and
assistance in clinical audits of the quality of our services.
How do we protect your information?
Everyone working for MEDICA has a legal duty to maintain the highest
levels of confidentiality and all MEDICA staff receive training in how
to handle your information securely. Except in certain specific
circumstances, your records will generally only be seen by those
involved in providing or administering your care.
Your paper healthcare electronic records held on computer systems are
protected by appropriate technology (such as data encryption and access
controls). We employ industry-standard security measures to protect user
data from unauthorized access, disclosure, alteration and destruction.
How long will we keep your information?
There is often a legal reason for keeping your personal information for
a set period of time and such time you request to delete your
information and no longer wish to continue with our services.
Data Sharing and Disclosures
-
With Your Consent:We may share your information with third
parties when you explicitly consent to sharing.
-
Healthcare Professionals:For the purpose of facilitating
healthcare services, we may share relevant user information with
authorized healthcare Professionals.
-
Legal Compliance:We may disclose information when required by
law, legal processes or to protect our rights and interests.
What are your rights?
Under the General Data Protection Regulation you have a number of rights
as a data subject you have the right to access, correct, delete, or
request the portability of their personal information.
-
The right to be informed:
We are required to inform you about how we collect and use your
personal information (for example, by the information given in this
Privacy Notice).
-
The right to access:
By law you are entitled to request a copy of the information we hold
about you on the app and our servers through the mobile app and
website.
-
The right to rectification:
You may request that we make changes to any data we hold about you
that is incorrect or incomplete through the mobile app and website.
-
The right to erasure:
you can delete the user profile through the mobile app and website.
Doing so we will ensure all your data is deleted/removed from access
and our servers. You will no longer have access to any of the health
information stored during use of MEDICA and you may not be able to
request us to restore any of your personal details and health records.
-
The right to restrict processing:
You may request that we restrict the processing of your information in
certain circumstances. In most cases a restriction of processing is a
temporary measure while we investigate your concerns. The right to
restrict processing is not an absolute right, and we may decide not to
restrict the processing of your information if we consider that
processing is necessary for the purpose of the public interest or for
the purpose of your legitimate interests.
-
The right to data portability:
We are not legally required to provide your information in a
machine-readable form but you can download, store any accessible
information through the mobile app and website. Note that protecting
your data once the app is downloaded is your responsibility.
-
Rights related to automated decision making (including profiling):
MEDICA makes automated decisions about patients or carries out
evaluations based on any automated processes (profiling).
Data Protection Impact Assessments
Under GDPR regulations we are required to carry out a Data Protection
Impact Assessment (DPIA) when undertaking new projects which involve the
processing of personal data. Completing a DPIA helps us to identify any
data risks at an early stage and to take steps to minimise these risks
as part of the project development process.
Data Protection Impact Assessments were completed for the following
projects during 2018/19:
- Implementation of virtual consultations
- Private patients email
- Recruitment web forms
- Health data management and analytical reporting system
- Nurse shift roster survey
- Equipment training database
- Stroke data capture system
Children’s Privacy
The MEDICA app or website is not intended for users under the age of 13.
We do not knowingly collect information from children under 13. If you
believe a child has provided us with personal information, please
contact us immediately.
Changes to this Privacy Policy
This Privacy Policy may be updated periodically to reflect changes in
our practices. Users will be notified of material changes.
Where can I get further advice?
For questions, concerns, or requests regarding this Privacy Policy,
please contact us at info@medica.lk.
Copyright © MEDICA Healthcare
Solutions