Miracle Hospital, its affiliates, and its subsidiaries (“Miracle Hospital,” “we,” “us,” or “our”) are committed to protecting the privacy and confidentiality of your personal data, particularly your sensitive health information. This Privacy Policy is a legally binding document that governs our data processing activities and outlines our obligations and your rights regarding your personal data. We process your data in strict compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and other applicable laws and regulations in India.

This policy applies to all individuals who interact with us, including patients, their family members, visitors to our facilities, users of our website and mobile applications, and third-party service providers.

1. Scope of the Policy

This policy details the manner in which we collect, store, process, use, and disclose your personal data. We are the data fiduciary responsible for the data you entrust to us. We process this data for the specific purposes outlined herein and will only disclose it as permitted by law or with your explicit consent.

2. Collection of Personal Data

We collect various types of personal data, which may be classified as Personal Identifiable Information (PII) and Sensitive Personal Data (SPD), to deliver our services effectively.

2.1 Personal Identifiable Information (PII) This includes data that can be used to identify you, such as:

• Contact Information: Name, address, telephone number, and email address.
• Demographic Information: Date of birth, gender, marital status, and nationality.
• Identification Data: Aadhar card number, passport number, or other government-issued identification.
• Financial Information: Health insurance details, payment card information, and bank account details for billing purposes.

2.2 Sensitive Personal Data (SPD) This includes data related to your health and well-being, such as:

• Medical Records: Patient history, diagnoses, treatment plans, prescriptions, lab results, and diagnostic reports.
• Biometric Data: Fingerprints or other biometric information used for patient authentication.
• Genetic Data: Results of genetic tests and family medical history.
• Health Status: Information about your physical, physiological, and mental health condition.

Data is collected through various means, including patient registration forms, during medical consultations, through our Electronic Health Records (EHR) system, and via our digital platforms.

3. Purpose of Data Processing

We process your personal data for the following specific and legitimate purposes:

• 3.1 Provision of Healthcare: To provide, manage, and coordinate your medical treatment, diagnosis, and care.
• 3.2 Appointment and Administrative Management: To schedule appointments, manage hospital admissions, and maintain internal records.
• 3.3 Billing and Financial Operations: To process payments, manage health insurance claims, facilitate cashless treatment, and handle billing inquiries.
• 3.4 Legal and Regulatory Compliance: To comply with legal obligations, including reporting to government and regulatory authorities (e.g., the National Medical Commission), and for medico-legal purposes.
• 3.5 Internal Operations and Quality Improvement: For internal audit, quality control, training, and research to enhance the efficacy of our healthcare services.
• 3.6 Communication: To communicate with you regarding your treatment, test results, and to send you relevant health-related information and updates.

4. Legal Basis for Data Processing

We process your personal data based on the following legal grounds:

• 4.1 Consent: We obtain your explicit, informed consent for the collection and processing of your sensitive personal data, especially for medical treatment.
• 4.2 Legal Obligation: Processing is necessary to comply with a legal or regulatory obligation binding on us.
• 4.3 Legitimate Interests: Processing is necessary for the legitimate interests pursued by us or a third party, except where such interests are overridden by your rights and freedoms.

5. Data Sharing and Disclosure

Your personal data is handled with the utmost confidentiality. We will not share your data with any third party without your explicit consent, except in the following limited circumstances:

• 5.1 Inter-Departmental Sharing: Your data is shared with our medical staff, including doctors, nurses, and technicians, on a “need-to-know” basis to facilitate your comprehensive care.
• 5.2 Third-Party Service Providers: We may share your data with trusted third parties, such as diagnostic laboratories, pharmaceutical suppliers, and IT service providers, who assist us in delivering our services. We ensure all such providers are bound by strict confidentiality and data protection agreements.
• 5.3 Insurance and Financial Entities: Your data may be shared with your health insurance provider for the purpose of claim processing and payment.
• 5.4 Regulatory and Legal Authorities: We may be compelled by law to disclose your data to regulatory bodies, law enforcement agencies, or in response to a court order.
• 5.5 Public Health and Safety: In the event of a public health crisis or for reasons of public interest, we may disclose relevant data to authorized public health authorities.

6. Data Security and Safeguards

We have implemented comprehensive technical, organizational, and physical security measures to protect your personal data from unauthorized access, accidental loss, disclosure, or destruction. Our security protocols include:

• Access Control: Role-based access to patient data, ensuring that only authorized personnel can view or modify records.
• Encryption: The use of encryption to secure data both in transit and at rest.
• Physical Security: Storing physical patient files in secure, locked locations with restricted access.
• Regular Audits: Conducting regular security audits and vulnerability assessments to maintain a high level of data protection.

7. Data Retention

We retain your personal data for a period necessary to fulfill the purposes for which it was collected, as well as to comply with our legal and regulatory obligations. As per medical record-keeping standards, we may retain your health information for an extended period. Once the data is no longer required, we will securely destroy or de-identify it.

8. Your Rights as a Data Subject

In accordance with the DPDP Act, you have the following rights regarding your personal data:

• 8.1 Right to Information: The right to be informed about the processing of your personal data.
• 8.2 Right to Access and Correction: The right to request access to and correction of your personal data.
• 8.3 Right to Erasure: The right to request the erasure of your personal data, subject to legal and regulatory requirements.
• 8.4 Right to Grievance Redressal: The right to raise a grievance with our designated Grievance Officer.

To exercise any of these rights, please submit a written request to our Grievance Officer.

9. Grievance Redressal Mechanism

We have established a formal grievance redressal mechanism to address any concerns or complaints regarding our data privacy practices.

Grievance Officer: Name: Mrs Rekha

 Email: grievance@miraclehospital.com 

Address: 765, Whitefield Hoskote Main road, Chaitanya Ananya, Seegehalli, Hobli, Bidarahalli, Bengaluru, Karnataka 560049

Phone: 080 66116611

We will acknowledge your grievance within 24 hours and endeavor to resolve it within 30 days.

10. Consent and Policy Updates

By using our services, you signify your acceptance of this Privacy Policy. We may update this policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website. Your continued use of our services constitutes your acceptance of the updated policy.