PRIVACY POLICY

Last Updated: January 2025

At MEDTIUM, we understand the critical importance of protecting your health information and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information within our Unified Health Ecosystem.

1. Information We Collect

1.1 Personal Information

We collect information that can identify you, including but not limited to:

• Name, date of birth, and contact information
• Medical history and health records
• Insurance and payment information
• Professional credentials (for healthcare providers)
• Authentication credentials

1.2 Technical Information

We automatically collect certain information when you use our platform:

• Device and browser information
• IP address and location data
• Usage patterns and preferences
• System logs and activity records

2. How We Use Your Information

We use your information for the following purposes:

• Providing and improving healthcare services
• Facilitating communication between healthcare providers
• Processing insurance claims and payments
• Conducting research and analytics (with de-identified data)
• Ensuring platform security and preventing fraud
• Complying with legal and regulatory requirements

3. PDPA Compliance

As a healthcare technology provider, we maintain strict compliance with the Personal Data Protection Act (PDPA). Our platform implements all required administrative, physical, and technical safeguards to protect Protected Health Information (PHI).

4. Data Security Measures

We employ industry-leading security measures to protect your information:

• End-to-end encryption for data transmission
• Advanced access controls and authentication
• Regular security audits and penetration testing
• Secure data centers with redundant backups
• Continuous monitoring for security threats

5. Information Sharing

We share your information only in the following circumstances:

• With healthcare providers involved in your care
• With insurance companies for claims processing
• With business associates who help operate our platform
• When required by law or regulation
• With your explicit consent

6. AI and Analytics

Our platform uses artificial intelligence and analytics to improve healthcare delivery. When using these technologies, we:

• De-identify personal health information
• Implement strict data access controls
• Maintain transparency in AI decision-making
• Regular audit AI systems for bias and accuracy

7. Your Rights and Choices

You have the right to:

• Access your personal health information
• Request corrections to your data
• Receive an accounting of disclosures
• Restrict certain uses of your information
• Opt-out of certain data sharing
• Request data portability

8. Data Retention

We retain your information for as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

9. International Data Transfers

If we transfer your information across borders, we ensure appropriate safeguards are in place and comply with applicable data protection laws.

10. Children's Privacy

We comply with all applicable laws regarding children's privacy and only collect information about children with appropriate parental consent.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes and obtain consent where required.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact our Privacy Officer at:

MEDTIUM Privacy Contact
Email: [email protected]

13. Regulatory Information

MEDTIUM references with:

• Personal Data Protection Act (PDPA)
• Other applicable healthcare privacy regulations

By using the MEDTIUM Unified Health Ecosystem, you acknowledge that you have read and understood this Privacy Policy.