Privacy Policy

Introduction

Welcome to MEDICA Digital Health Services ("MEDICA," "we," "us," or "our"). This Privacy Policy outlines our practices regarding the collection, use, and disclosure of personal information when you use our mobile application and related services but not limited to doctor’s appointment reservation, virtual consultation with a doctor, clinical history and prescription storage. We are required to comply with the laws and regulations that apply to protect your data and how it is used as per the General Data Protection Regulation (GDPR) in the countries/regions where the services are provided.

Information we Collect

Looking after your personal information 

We are committed to protect your privacy, the data we collect and use to provide our services.   We are required to comply with the laws and regulations that apply to protect your data and how it is used.

This privacy notice explains how we use information about you and how we keep it safe, and protect your privacy.

This privacy notice applies to any personal data/information collected by the user and automatically collected by us or on our behalf, by any email format, online, or consultations face to face and virtually.

User provided data/information

• Account Information: When you register in MEDICA app or website, we collect personal information such as your name, email address, mobile number, date of birth, gender and contact details.
• Health Information: Users may voluntarily provide health-related information, including medical conditions, allergies, prescriptions, and other health records.
• Communication Data: Information exchanged between users, healthcare professionals, and caregivers on the app or during face to face or virtual consultation.

Automatically collected data/information

• Device Information: We collect device-specific information, including device model, operating system, and unique identifiers.
• Usage Information: We gather data on how users interact with the app, including page views, clicks, and feature usage.
• Log Information: Server logs may capture details such as IP addresses, access times, and app errors.

What information do we collect?

Depending on your circumstances and the nature of the health care you require, we may collect the following information about you:

• Your general details (such as name, address, date of birth, telephone number)
• Details about your GP
• Your medical history
• Any medications you are taking
• Details about your physical or mental health
• Your family details (for example, your next of kin)
• Your ethnicity
• Your religious beliefs
• Your lifestyle and social circumstances
• Your sexual life
• Scans, x-rays, and other diagnostic images
• Your genetic or biometric data

You have the right to receive a copy of your medical records through the mobile app or website.

How do we use your information?

• Personalized Services: We use the collected information to provide personalized healthcare services, including health record management, appointment scheduling, and communication features.
• Communication: We may use contact information to send important notices, updates, and promotional materials. Users can opt out of promotional communications.
• Analytic and Improvements: Aggregate and data anonymity may be used for analytic, research, and app improvements.
• To provide your care: The doctors and other health professionals keep records about your health and the treatments you have received through MEDICA in order to be able to provide you with the most effective care. It is in your interests as a patient for a full and complete medical record to be collected so that, we have an accurate up-to-date information about you. The doctors and healthcare professional can review and edit all or some of the data during face to face or virtual consultation or any other health care delivery.

Data sharing and disclosure

• With Your Consent: We may share your information with third parties when you explicitly consent to such sharing.
• Healthcare Providers and Caregivers: For the purpose of facilitating healthcare services, we may share relevant user information with authorized healthcare providers and caregivers.
• Legal Compliance: We may disclose information when required by law, legal processes, or to protect our rights and interests.
• Improve or Services: We may also need to use some information about you to manage the healthcare services we provide, help investigation about any complaints, claims or incidents, help us to plan new services, help us to keep track of spending our services and assistance in clinical audits of the quality of our services.

How do we protect your information?

Everyone working for MEDICA has a legal duty to maintain the highest levels of confidentiality and all MEDICA staff receive training in how to handle your information securely. Except in certain specific circumstances, your records will generally only be seen by those involved in providing or administering your care.

Your paper healthcare electronic records held on computer systems are protected by appropriate technology (such as data encryption and access controls). We employ industry-standard security measures to protect user data from unauthorized access, disclosure, alteration and destruction.

How long will we keep your information?

There is often a legal reason for keeping your personal information for a set period of time and such time you request to delete your information and no longer wish to continue with our services.

Data Sharing and Disclosures

• With Your Consent:We may share your information with third parties when you explicitly consent to sharing.
• Healthcare Professionals:For the purpose of facilitating healthcare services, we may share relevant user information with authorized healthcare Professionals.
• Legal Compliance:We may disclose information when required by law, legal processes or to protect our rights and interests.

What are your rights?

Under the General Data Protection Regulation you have a number of rights as a data subject you have the right to access, correct, delete, or request the portability of their personal information.

• The right to be informed: We are required to inform you about how we collect and use your personal information (for example, by the information given in this Privacy Notice).
• The right to access: By law you are entitled to request a copy of the information we hold about you on the app and our servers through the mobile app and website.
• The right to rectification: You may request that we make changes to any data we hold about you that is incorrect or incomplete through the mobile app and website.
• The right to erasure: you can delete the user profile through the mobile app and website. Doing so we will ensure all your data is deleted/removed from access and our servers. You will no longer have access to any of the health information stored during use of MEDICA and you may not be able to request us to restore any of your personal details and health records.
• The right to restrict processing: You may request that we restrict the processing of your information in certain circumstances. In most cases a restriction of processing is a temporary measure while we investigate your concerns. The right to restrict processing is not an absolute right, and we may decide not to restrict the processing of your information if we consider that processing is necessary for the purpose of the public interest or for the purpose of your legitimate interests.
• The right to data portability: We are not legally required to provide your information in a machine-readable form but you can download, store any accessible information through the mobile app and website. Note that protecting your data once the app is downloaded is your responsibility.
• Rights related to automated decision making (including profiling): MEDICA makes automated decisions about patients or carries out evaluations based on any automated processes (profiling). 

Data Protection Impact Assessments

Under GDPR regulations we are required to carry out a Data Protection Impact Assessment (DPIA) when undertaking new projects which involve the processing of personal data. Completing a DPIA helps us to identify any data risks at an early stage and to take steps to minimise these risks as part of the project development process.

Data Protection Impact Assessments were completed for the following projects during 2018/19:

• Implementation of virtual consultations
• Private patients email
• Recruitment web forms
• Health data management and analytical reporting system
• Nurse shift roster survey
• Equipment training database
• Stroke data capture system

Children’s Privacy

The MEDICA app or website is not intended for users under the age of 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

Changes to this Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in our practices. Users will be notified of material changes.

Where can I get further advice?

For questions, concerns, or requests regarding this Privacy Policy, please contact us at info@medica.lk.