M
Medicore Healthcare ← Back to Home

Privacy Policy

Last updated: April 01, 2026 | Effective date: April 01, 2026

1. Introduction

Medicore Healthcare ("we", "us", "our", or "Company") operates the CurePath platform and associated websites and mobile applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our digital properties.

We are committed to protecting your privacy and ensuring you have a positive experience on our platforms. This Policy applies to healthcare professionals, clinic administrators, patients, and website visitors.

2. Data We Collect

2.1 Information You Provide Directly

  • Name, email address, phone number, clinic name, address
  • Business registration details (GST number, clinic license)
  • Communication preferences and support messages
  • Profile information on the CurePath platform

2.2 Patient Health Information (PHI)

  • Patient names, DOB, contact information, medical records
  • Appointment history, prescriptions, lab results, imaging reports
  • Clinical notes and diagnoses (collected by healthcare providers)
  • This data is collected only by clinic staff as part of clinical care

2.3 Automatically Collected Information

  • Device identifiers (mobile app), app usage analytics

3. How We Use Your Data

  • Service Delivery: Provide CurePath platform functionality, appointments, billing, EMR services
  • Account Management: Authenticate users, reset passwords, manage subscriptions
  • Communication: Send service updates, security alerts, support responses
  • Improvements: Analyze usage patterns to improve product features
  • Compliance: Meet Indian healthcare regulations, GST requirements, legal obligations
  • Marketing: Send newsletters/promotional content (with explicit consent only)
  • Legal: Enforce terms of service, prevent fraud, protect rights

4. Data Storage & Security

4.1 Data Location

All data is stored and processed in AWS Mumbai (ap-south-1) region to comply with Indian data residency requirements. No data is transferred outside India without explicit legal mandate.

4.2 Encryption & Protection

  • In Transit: TLS 1.2+ encryption for all data transmission
  • At Rest: AES-256 encryption for stored patient data
  • Access Control: Role-based access control (RBAC) by clinic staff role
  • Audit Logs: All access to patient data is logged for compliance audits
  • API Security: OAuth 2.0, JWT tokens with expiration, rate limiting

4.3 Incident Response

In case of a security breach affecting patient data, we will notify all affected clinic administrators within 48 hours and provide guidance on mitigation steps.

5. Data Sharing & Third Parties

5.1 We Do NOT Share Your Data With

  • Third-party advertisers or marketing companies
  • Data brokers or list sellers
  • Any external parties without your explicit written consent

5.2 We Share Data Only With

  • AWS: Infrastructure hosting (covered by AWS BAA for HIPAA compliance)
  • Payment Processors: Razorpay
  • Legal Requirements: Police/court orders, Government agencies as required by law
  • Service Providers: Email, SMS providers (under strict NDAs)

6. Patient Rights & Consent

6.1 Patient Consent

CurePath requires clinic staff to obtain explicit written consent from patients before storing their health records. This consent is documented in the platform for audit purposes.

6.2 Patient Rights

Patients have the right to:

  • Access their medical records in digital format
  • Request correction of inaccurate information
  • Request deletion (right to be forgotten) of non-mandatory records
  • Withdraw consent at any time (though may limit clinic services)
  • File complaints with clinic management or regulatory authorities

7. Regulatory Compliance

  • India Data Protection: Aligned with proposed DPDP Act 2023 principles
  • GST Compliance: All billing records maintained per GST regulations
  • Medical Council: Compliance with Indian Medical Association guidelines
  • RBI Guidelines: Payment data protection as per Reserve Bank of India

8. Data Retention

  • Patient Records: Retained per clinic policy or legal requirements (minimum 3 years in India)
  • Billing Records: Retained for 7 years (GST & IT Act compliance)
  • Logs: Access logs retained for 1 year
  • Backups: Encrypted backups retained for disaster recovery

Upon account deletion, data is anonymized except where legal retention is required.

9. Your Privacy Rights

You have the right to:

  • Access: Request a copy of your data we hold
  • Correction: Request changes to inaccurate information
  • Deletion: Request erasure (where legally permissible)
  • Portability: Receive your data in structured format
  • Restrict: Limit how we use your data
  • Object: Opt-out of marketing communications

Submit requests to hello@medicorehealthcare.in. We will respond within 2 business days.

10. Contact Us

For privacy questions, complaints, or data requests:

Medicore Healthcare Pvt. Ltd.

76, Tarun Vihar Apartment, Sector-13, Rohini, Delhi-110085

📧 hello@medicorehealthcare.com

📞 +91 93105 71038

💬 WhatsApp: +91 93105 71038

11. Policy Updates

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated effective date. Continued use of CurePath constitutes acceptance of the updated policy.