Privacy Policy

Last updated on January 15, 2025.

ReHospital Technologies Pvt. Ltd. (“ReHospital,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal and health information of our users. This Privacy Policy describes how we collect, use, store, and protect information when you interact with our hospital management platform, websites, or services (collectively, the “Services”).

As a healthcare technology provider, we understand the sensitive nature of medical data and maintain the highest standards of data protection in compliance with applicable healthcare regulations.

Information We Collect

We collect information that you and your organization provide when using our Services, including:

  • Account Information: Name, email address, phone number, role, and organization details provided during registration and setup.
  • Patient Health Information (PHI): Medical records, diagnoses, prescriptions, lab results, and other clinical data entered by authorized healthcare professionals through the platform.
  • Billing Information: Invoice details, payment records, insurance information, and financial data processed through our billing modules.
  • Usage Data: Browser type, device information, IP address, access logs, and general usage patterns collected automatically to maintain security and improve our Services.

How We Use Your Information

Information collected through our Services is used for the following purposes:

  • Providing, operating, and maintaining the hospital management platform
  • Processing appointments, prescriptions, lab orders, and clinical workflows
  • Generating billing, invoicing, and insurance claims
  • Maintaining audit trails and access logs for regulatory compliance
  • Improving platform features, performance, and user experience
  • Communicating service updates, security alerts, and support responses
  • Complying with applicable healthcare laws and regulations

Data Security and Protection

We implement industry-standard security measures to protect your data, including:

  • End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access control (RBAC) with 8 distinct permission levels
  • Comprehensive audit logging of all data access and modifications
  • Regular security assessments and penetration testing
  • Multi-tenant data isolation ensuring complete separation between organizations
  • Automated daily backups with point-in-time recovery capabilities

While we take extensive measures to protect your data, no method of electronic transmission or storage is 100% secure. We continuously evaluate and enhance our security practices.

Data Sharing and Disclosure

We do not sell, trade, or rent personal or health information. We may share data only in the following circumstances:

  • With your organization: Data is accessible to authorized users within your healthcare facility based on their assigned roles and permissions.
  • Service providers: We work with trusted infrastructure providers (cloud hosting, email delivery) who process data solely on our behalf under strict confidentiality agreements.
  • Legal requirements: We may disclose information when required by law, court order, or government regulation, or to protect the rights, safety, or property of our users.

Data Retention

We retain data for as long as your organization maintains an active account with us. Patient health records are retained in accordance with applicable medical record retention laws. Upon account termination, we retain data for 90 days to allow for data export, after which it is securely deleted.

Your Rights

Depending on your jurisdiction, you may have rights regarding your personal information, including:

  • Accessing and receiving a copy of your personal data
  • Requesting correction of inaccurate information
  • Requesting deletion of personal data (subject to legal retention requirements)
  • Exporting your data in standard formats (CSV, PDF, HL7/FHIR)
  • Withdrawing consent for non-essential data processing

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be reflected by updating the “Last updated” date at the top of this page. For significant changes, we will provide notice through the platform or via email. Continued use of the Services after changes indicates acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

ReHospital Technologies Pvt. Ltd.
Email: privacy@rehospital.com
Data Protection Officer: dpo@rehospital.com