Kauvery Hospital Privacy Policy

“We,” “Us,” and “Our” refer to Kauvery Hospital. We are committed to safeguarding the privacy and security of your personal and health data. This Privacy Policy outlines how we collect, use, process, store, and protect your personal information in compliance with applicable laws, including:

  • The Digital Personal Data Protection Act, 2023 (DPDPA),
  • The Information Technology Act, 2000 – Section 43A, and
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011.

This policy applies to all personal information collected and processed during the course of providing our services, both online (via [Hospital Website URL]) and offline. The terms ‘You’ or ‘Your’ refer to patients, caregivers, or visitors, and ‘We,’ ‘Us,’ and ‘Our’ refer to Kauvery Hospital.

1. Scope and Applicability

This Privacy Policy applies to:

  • Personal information collected when you visit our hospital, access our services, or interact with us through our website.
  • Data shared during consultations, registrations, or other hospital-related processes.

Our compliance with the above laws ensures that we process sensitive personal data with the highest standards of privacy and security.

2. Personal Information We Collect

We may collect the following categories of personal information:

  • Identity Information: Name, gender, date of birth, and contact details.
  • Health Information: Medical history, diagnostic records, prescriptions, and treatment plans.
  • Financial Information: Billing details, insurance information, and payment transaction data.
  • Website and Technical Data: IP address, browser type, device information, and usage patterns through cookies.
  • Any additional data provided voluntarily by you during registration, feedback, or consultations.

3. Legal Framework for Data Processing

We process your personal information in compliance with:

  1. The Digital Personal Data Protection Act, 2023 (DPDPA):
    • Ensuring lawful, fair, and transparent processing of personal and sensitive personal data.
    • Obtaining explicit consent where necessary.
  2. The Information Technology Act, 2000 – Section 43A:
    • Implementing and maintaining reasonable security practices to protect sensitive personal information.
  3. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011:
    • Processing sensitive personal information (e.g., medical data) only with consent.
    • Following reasonable security practices such as encryption, access controls, and regular audits.

4. Purpose of Data Collection

Your personal information is used for the following purposes:

  • Delivering healthcare services, including diagnosis, treatment, and follow-up care.
  • Managing hospital operations, such as patient registration, billing, and medical record maintenance.
  • Complying with legal, regulatory, and audit requirements.
  • Improving the quality of care through research and analysis.
  • Communicating appointment reminders, updates, or promotional offers.

Aggregated, anonymized data may be used for research and operational insights.

5. Consent for Data Processing

By accessing our services or sharing your personal information, you consent to:

  • The collection, use, and transfer of your personal information as per this Privacy Policy.
  • The processing of sensitive personal data for the purposes mentioned above, including healthcare delivery.

You may withdraw consent at any time (refer to Clause 8).

6. Data Sharing and Transfers

We do not sell or rent your personal information. Data may be shared in the following circumstances:

  • With Health Professionals: For delivering medical care.
  • With Service Providers: For lab tests, imaging, or insurance claims, under confidentiality agreements.
  • Legal and Regulatory Requirements: To comply with applicable laws or court orders.
  • Cross-Border Transfers: Data will be shared only with countries that are allow-listed under the applicable provisions of DPDPA, ensuring adequate safeguards are in place.

7. Data Security

We have adopted reasonable security practices and procedures as required under Section 43A of the IT Act and the 2011 Rules. These include:

  • Encryption of sensitive personal data during storage and transmission.
  • Role-based access controls to ensure only authorized personnel handle your data.
  • Regular security audits, monitoring, and vulnerability assessments.
  • Secure backups and disaster recovery mechanisms to ensure data availability.

While we take every precaution, no system is completely secure. We encourage you to protect your login credentials and report any suspicious activity immediately.

8. Your Rights

You have the following rights regarding your personal data:

  • Access: Request details of your personal data.
  • Correction: Rectify inaccuracies in your data.
  • Erasure: Request deletion of your personal information, subject to legal or regulatory requirements.
  • Data Portability: Obtain a copy of your data in a structured format.
  • Withdrawal of Consent: Withdraw consent by contacting us at the email address below.

To exercise your rights, please contact our Grievance Officer (refer to Clause 11).

9. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy or comply with applicable laws.

  • Medical Records: Retained as per legal and regulatory requirements.
  • Billing and Financial Data: Retained for audit and compliance purposes.

Once the retention period expires, data is securely deleted or anonymized.

10. Use of Cookies

We use cookies and similar technologies to:

  • Enhance the functionality of our website.
  • Analyze user behavior and improve user experience.

You can manage cookie preferences via your browser settings. Disabling cookies may affect certain features of the website.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website. Significant changes will be communicated directly to you.

12. Contact and Grievance Redressal

If you have any concerns or complaints regarding this Privacy Policy or your data privacy, please contact us at [email protected]
Our Data Protection Officer will address your concerns within a reasonable timeframe.

Kauvery Hospital
Find Doctor
Book Appointment