At ZenoHosp ("we," "us," or "our"), we understand that privacy and data security are the most critical components of healthcare operations. This Privacy Policy outlines how we collect, use, and protect the personal and medical information entrusted to us by hospitals, clinics, healthcare professionals, and patients.
1. Information We Collect
We collect information primarily to provide our hospital management services. This includes:
- Account Information: Names, emails, and contact details of hospital administrators and staff using our platform.
- Protected Health Information (PHI): Patient records, medical history, diagnostics, and billing information entered into our system by healthcare providers.
- Usage Data: System logs, IP addresses, and interaction metrics used to monitor the performance and security of our platform.
2. How We Use Your Information
We process data strictly for the following purposes:
- To operate, maintain, and secure the ZenoHosp platform.
- To facilitate medical services, billing, and pharmacy management as instructed by our healthcare clients.
- To ensure compliance with legal obligations, including HIPAA and the DPDP Act (India).
- To provide customer support and technical assistance.
We never sell patient data or PHI to third parties under any circumstances.
3. Data Protection and HIPAA Compliance
ZenoHosp operates as a "Business Associate" under HIPAA regulations when serving US clients, and complies with equivalent data protection laws in India (such as the Digital Personal Data Protection Act). We employ industry-standard security measures including:
- AES-256 encryption for all data at rest.
- TLS 1.3 encryption for all data in transit.
- Role-Based Access Control (RBAC) to ensure staff only see data necessary for their roles.
- Mandatory Multi-Factor Authentication (MFA) for administrative access.
4. Data Retention and Deletion
We retain healthcare data for as long as required by our hospital clients or as mandated by applicable healthcare retention laws. Upon termination of a service agreement, we offer secure data export and irreversible deletion protocols.
5. Your Rights
Depending on your jurisdiction, you may have rights regarding your personal data (such as access, correction, or deletion). Because ZenoHosp acts as a data processor for hospitals, patients seeking to exercise these rights should generally contact their healthcare provider directly. We will fully assist our clients in fulfilling these requests.
6. Changes to this Policy
We may update this Privacy Policy to reflect changes in legal requirements or our system architecture. We will notify our active clients of any material changes via email or an in-app notification.
7. Contact Us
If you have any questions or concerns about this Privacy Policy or our data handling practices, please contact our Data Protection Officer at:
Email: privacy@zenohosp.com
Address: ZenoHosp Legal Department, Bangalore, India
Disclaimer: This document is provided as a standard framework and must be reviewed by independent legal counsel before governing any official data processing agreements.