Skip to main content

Privacy Policy

Last updated: March 25, 2026

MedOS Health Technologies Pvt. Ltd. ("MedOS", "we", "us") operates the MedOS Hospital Management System. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform.

1. Information We Collect

1.1 Clinic & Staff Information

When a clinic registers, we collect: clinic name, address, GSTIN, phone number, email, and staff details (name, phone, role). This is necessary to provide the service and generate GST-compliant invoices.

1.2 Patient Health Information

Patient data is entered by clinic staff and may include: name, phone, Aadhaar last 4 digits, ABHA ID, medical history, prescriptions, lab results, vitals, and billing records. This data is classified as Sensitive Personal Data under the IT Act 2000 SPDI Rules and as Health Information under DISHA.

1.3 Usage Data

We collect anonymized analytics on feature usage, page views, and performance metrics to improve the product. No patient health data is included in analytics.

2. How We Use Your Data

  • To provide and maintain the MedOS platform services
  • To generate appointments, invoices, lab reports, and prescriptions
  • To send appointment reminders via WhatsApp/SMS (with patient consent)
  • To comply with ABDM requirements (with patient consent)
  • To generate GST invoices and NIC e-invoices as required by law
  • To send service-related communications to clinic staff
  • To improve product quality through anonymized usage analytics

3. Data Storage & Security

All data is stored on AWS infrastructure in the Mumbai region (ap-south-1). Data never leaves India. We implement:

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Role-based access control (RBAC) for all users
  • Automatic session timeout after 30 minutes of inactivity
  • Complete audit trail for all data access and modifications
  • Encrypted backups with 90-day retention

4. ABDM & Health Information Exchange

When patients link their ABHA (Health ID), MedOS acts as a Health Information Provider (HIP) on the ABDM network. Health records are shared only with explicit patient consent through the ABDM consent manager. Patients can revoke consent at any time.

5. Data Sharing

We do not sell patient data. We share data only in these circumstances:

  • With the patient (via patient portal, WhatsApp, or ABDM)
  • With insurance TPAs for claim processing (with patient consent)
  • With government schemes (PM-JAY, CGHS, ESI) for claim submission
  • When required by law or court order
  • With our infrastructure providers (AWS) who process data under contract

6. Patient Rights

Under DISHA and IT Act 2000, patients have the right to:

  • Access their complete health records
  • Request correction of inaccurate data
  • Request deletion of their data (subject to legal retention requirements)
  • Withdraw consent for data sharing
  • Receive a copy of their data in a standard format

7. Data Retention

Medical records are retained for the duration required by applicable laws (minimum 3 years under the Indian Medical Council regulations). Clinics may request data export or deletion of their account data, subject to regulatory retention requirements.

8. Cookies

We use essential cookies for session management (authentication). We do not use advertising or third-party tracking cookies.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered clinic administrators at least 30 days before taking effect.

10. Contact

For privacy-related inquiries or to exercise your data rights:
Data Protection Officer: dpo@medos.in
Phone: +91 40 4567 8900
Address: WeWork Rajapushpa Summit, Financial District, Hyderabad 500032