MedCoreLegal

Privacy Policy

Effective 28 May 2026

MedCore Health (“MedCore”, “we”, “us”) provides hospital and clinic information systems to healthcare providers across India. This Privacy Policy explains what personal and medical information we collect when you interact with a MedCore-powered hospital, how we use it, and the rights you have under the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

1. Who is responsible for your data

Your hospital or clinic is the Data Fiduciary for the medical records created during your care. MedCore acts as a Data Processor on the hospital’s behalf and only processes your information per the hospital’s written instructions. See our Data Processing Notice for the technical and contractual safeguards involved.

2. What we collect

  • Identity: name, gender, date of birth, MR number, photograph (optional), Aadhaar / ABHA number (when you choose to link it).
  • Contact: phone, email, address, emergency contact.
  • Clinical: visits, diagnoses, prescriptions, lab results, imaging (X-ray, CT, MRI, ultrasound), vitals, allergies, immunisations.
  • Financial: bills, payments, insurance policy details, claims.
  • Operational telemetry: device type, browser, IP address, session timing. Used only for security and reliability.

3. How we use it

  • Deliver care: booking, consultations, prescriptions, diagnostics.
  • Bill and accept payment for the services you receive.
  • Send appointment reminders, prescription notices, report-ready alerts, and payment receipts via SMS, WhatsApp, push notification, or email — you can opt out of any channel at any time.
  • Comply with statutory record-keeping under the NMC, NABH, and DPDP Act.
  • Improve clinical-AI features (e.g. radiology drafting, triage routing). Personally identifying details are stripped before any model training.

4. Who we share it with

  • Clinicians, nurses, and authorised staff at your hospital, scoped by role.
  • The Ayushman Bharat Digital Mission (ABDM) gateway when you explicitly link your ABHA and grant consent for record exchange.
  • Insurance partners only when you submit a cashless / claim request.
  • Payment processors (Razorpay) to collect bills. Card and UPI credentials never touch MedCore servers.
  • Government authorities when compelled by valid legal process.

5. Your rights under the DPDP Act

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or outdated information.
  • Erase data that is no longer required for the purpose for which it was collected (subject to medical retention rules).
  • Withdraw consent to non-essential processing (e.g. marketing).
  • Nominate another person to exercise your rights on your behalf.
  • Lodge a complaint with the Data Protection Board of India if you believe your rights have been violated.

To exercise these rights, email support@medcore.software with the subject line “DPDP request”. We respond within 30 days.

6. How long we keep it

Medical records are retained for the minimum period mandated by the Indian Medical Council Act and your hospital’s NABH retention schedule (typically 3 years for outpatient records, 10 years for in-patient records, lifetime for paediatric records). Non-clinical telemetry is purged within 90 days unless required for a security investigation.

7. Children

Care for patients under 18 requires verifiable consent from a parent or legal guardian, captured at registration. Marketing communications are never sent to minors.

8. Cross-border transfers

Personal data is stored in MedCore’s India region (ap-south-1). AI features that route to OpenAI may transfer de-identified content internationally; full identifiers (name, MRN, phone, address) are stripped before any such transfer.

9. Updates

We update this policy when our practices change. If a change is material (e.g. a new category of recipient), we notify you in-app and by SMS at least 14 days before it takes effect. The current version is always available at /legal/privacy.

10. Contact

Email: support@medcore.software
Postal address: MedCore Health Technologies Pvt. Ltd., 4th Floor, Prestige Atlanta, Koramangala, Bengaluru 560034, India.