This Privacy Policy ("Policy") is designed to address the collection, use, and disclosure of personal information by One Ayush ("Provider," "we," "us," or "our"), in connection with the services provided through our Healthcare Information Technology (IT) platforms, including but not limited to, our Web-Based Electronic Medical Records (EMR) system, and our Revenue Cycle Management Solution, each being specifically designed to meet the opportunities and challenges of the modern healthcare landscape, marking a next-level evolution in Healthcare IT ("Services").

1. ACCEPTANCE OF POLICY:

By accessing or using our Services, all users ("users," "you," or "your"), which term shall include but not be limited to patients, healthcare professionals, and affiliated entities, agree to the practices and requirements delineated in this Policy. We reserve the right to update or modify this Policy at our sole discretion, and the continued use of Services post such changes shall constitute your consent to the modified terms.

2. COMPLIANCE WITH REGULATIONS:

We recognize the imperative nature of adhering to all applicable laws and regulations governing the privacy and security of health information, including but not limited to the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and other pertinent legal instruments that may be promulgated from time to time by competent authorities. Our commitment extends to alignment with industry standards and best practices to ensure compliance and maintain the integrity of our Services.

3. BUILDING TRUST WITH PATIENTS:

We are firmly committed to establishing and nurturing trust with our patients by transparently communicating our privacy practices and empowering patients with rights to access and control their personal information. Trust is a pivotal cornerstone upon which our patient-provider relationship is built, and we shall endeavor to maintain this trust through diligent and ethical handling of personal information.

4. PATIENT CARE:

Outstanding patient care is a fundamental tenet of our operational philosophy. We ensure that the usability and functionality of our Services enhance the quality, efficiency, and effectiveness of patient care. Patient care considerations are deeply embedded in the design and continuous evolution of our technological solutions.

5. PROTECTING REGULATION:

As guardians of personal information, we acknowledge the solemn responsibility to protect and secure patient data in strict consonance with protecting regulations. We adopt rigorous data security protocols and engage in active oversight to prevent any unauthorized access, use, or disclosure of patient information.

6. ISOLATE PROTECTS THE DATA OF PATIENTS:

We are dedicated to employing advanced methodologies and technological safeguards to isolate and protect the data of patients. Measures such as encryption, access controls, network security, and physical security controls are implemented to ensure the sanctity of patient data is untouched.

7. CONFIDENTIALITY:

Confidentiality of patient information is regarded with the utmost gravity. All employees, contractors, and third-party service providers are subject to confidentiality obligations and are educated regarding appropriate handling of sensitive information. Breaches of confidentiality are subject to strict disciplinary action, up to and including termination of engagement and legal proceedings.

8. GRIEVANCE POLICY

8.1 The Healthcare Provider shall establish a Grievance Redressal Policy to address any concerns, complaints or grievances that Patients may have with respect to the handling, management, or treatment of their Confidential Information.

8.2 Upon receipt of a written grievance from a Patient, the Healthcare Provider shall:

1. a. Acknowledge receipt of the grievance within 7 Working days.
2. b. Appoint a Grievance Officer to address the Patient's concerns, who shall:
1. i. Investigate the matter within 7 Working days.
2. ii. Maintain confidentiality and impartiality throughout the investigatory process;
3. iii. Provide a written response to the Patient outlining the findings and, where appropriate, steps taken to resolve the grievance, no later than 7 Working Days

8.3 The Healthcare Provider shall complete the grievance redressal process within a reasonable period not exceeding 7 Working Days from the date of receipt of the grievance.

8.4 The contact details of the Grievance Officer shall be prominently displayed at the Healthcare Provider's facility and on the Healthcare Provider's official website.

8.5 The Healthcare Provider shall take all necessary steps to address the issues raised in the grievance in a satisfactory and timely manner and take appropriate action to prevent the recurrence of similar grievances.

INFORMATION COLLECTION AND USE:

For the purpose of this Policy, 'personal information' shall refer to any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

1. A. Types of Information Collected:
1. 1. Personal Identification Information: Name, age, gender, contact information, identification numbers, and other demographic details.
2. 2. Health Information: Medical history, current health conditions, treatment records, diagnostic reports, and other health-related information.
3. 3. Payment Information: Insurance details, billing information, transaction history, credit/debit card numbers, and other financial data.
4. 4. Technical Information: IP addresses, browser types, access times, referring website addresses, and other technical data related to the user's interaction with our Services.
2. B. Purpose of Collection:
1. 1. To provide personalized and efficient healthcare services.
2. 2. To process payments for services rendered.
3. 3. To maintain medical records in compliance with legal obligations.
4. 4. To improve and enhance our Services, features, and functionality.
5. 5. To comply with legal and regulatory requirements and respond to lawful requests from public authorities.
3. C. Disclosure of Information:
1. 1. Information may be disclosed to healthcare professionals, insurance providers, third-party service vendors, consultants, and affiliates, as necessary to conduct operations and provide Services.
2. 2. Information may be disclosed when legally required to do so, such as in response to a subpoena, court order, or government investigation, or to protect our rights and prevent fraud or other illegal activities.
4. D. Data Retention:
1. 1. Information shall be retained only for as long as is necessary for the purposes set out in this Policy.
2. 2. Information shall be retained and disposed of in a manner that ensures the security of personal information, in accordance with our established data retention policy and applicable laws.
5. E. Patients' Rights:
1. 1. Right to Access: Patients may request access to their personal information and receive copies of records.
2. 2. Right to Rectification: Patients may request that inaccuracies in their personal information be corrected.
3. 3. Right to Erasure: Patients may request the deletion or removal of personal information where there is no compelling reason for continued processing.
4. 4. Right to Restrict Processing: Patients may request the restriction of processing of their personal information.
6. We may transfer information about you to another company in connection with a merger, sale or acquisition by or of One Ayush. In this event, we will use reasonable efforts to notify you before information about you is transferred and becomes subject to a different privacy policy. One Ayush does not share, sell, rent or trade your Personal Information with any third parties for their promotional purposes.

GOVERNING LAW AND DISPUTE RESOLUTION:

This Policy and any issues relating to the Services provided by One Ayush shall be governed by and construed in accordance with the laws of India, without giving effect to any choice or conflict of law provisions. Any disputes that arise under this Policy or the use of Services shall be submitted to the exclusive jurisdiction of the competent courts located in Hyderabad, Telangana, India.

CHANGES TO THIS POLICY:

We reserve the right to update or change our Privacy Policy at any time. The updated Policy will be posted on our website and, where appropriate, notified to you by email. Your continued use of our Services after any modification to this Policy will constitute your acceptance of such modification.

CONTACT INFORMATION:

If you have any questions or concerns regarding this Privacy Policy or our practices, you may contact our Privacy Officer at:

Email: info@oneayush.com.

This Policy has been adopted as of 23/04/2024 and by accessing or using the Services on or after the Effective Date, you agree to be bound by this Policy.