Privacy Policy

Effective Date: April 3, 2026 | Version 2.0

1. Commitment to Data Sovereignty

Medical365 is a professional B2B healthcare infrastructure provider. We recognize that health data is one of the most sensitive categories of information. This policy outlines our rigorous standards for data protection, strictly adhering to the Digital Personal Data Protection (DPDP) Act 2023 of India and the ABDM (Ayushman Bharat Digital Mission) framework.

2. Role as a Data Processor

For our HIMS and EHR clients (hospitals and clinics), Medical365 acts as a Data Processor. The healthcare provider remains the Data Fiduciary. We process patient health records specifically for the purpose of clinical management, billing, and regulatory compliance as directed by the healthcare provider.

3. Data Security & ISO 27001 Standards

We implement enterprise-grade security measures consistent with ISO 27001 standards, including:

  • AES-256 Encryption: All patient identifiable information is encrypted at rest and in transit.
  • Role-Based Access Control (RBAC): Strict access controls ensuring only authorized clinical staff can view specific records.
  • Audit Trails: Immutable logs of every data access event for forensic verification.
  • Database Residency: All primary databases are located on secure, Tier-IV Indian data centers (MeitY empaneled).

4. ABDM Compliance & Consent Manager

In accordance with the Ayushman Bharat Digital Mission, Medical365 facilitates the secure exchange of health records via the ABDM Consent Manager. Patient data is only shared with other ecosystem providers (like diagnostic labs or referring doctors) after explicit digital consent is verified via the ABHA (Ayushman Bharat Health Account).

5. Patient Rights under DPDP Act 2023

Patients whose data is processed through Medical365 systems (via our client hospitals) have the right to:

  • Access a summary of their personal data and processing activities.
  • Correction, completion, and erasure of personal data.
  • Grievance redressal through our designated Grievance Officer.
  • Withdraw consent at any time through the ABDM framework.

6. Contact our Grievance Officer

For any privacy-related inquiries or data protection concerns, please contact our Data Protection Officer:

Email: privacy@medical365.in
Address: Bhamashah Techno Hub, Malviya Nagar, Jaipur, Rajasthan 302017