MedisVoice Patient Portal · Last updated: May 2026
Your health information is sensitive and personal. This policy explains exactly how we collect, use, protect, and share it — and the rights you have over your data.
HIPAA Compliant
US Healthcare Standard
256-bit SSL
End-to-end encryption
No Data Sales
Never sold to 3rd parties
We collect information you provide directly to us when you register for or use the Patient Portal, including:
• Identity & Contact: Full name, date of birth, gender, contact number, email address, and government-issued ID details. • Medical Records: Diagnoses, prescriptions, lab reports, imaging results, treatment history, allergies, and clinical notes as recorded by your healthcare provider. • Appointment & Billing Data: Appointment requests, visit history, insurance details, payment records, and invoice information. • Account Credentials: Your Patient ID (MRN), mobile number, and hashed password used to authenticate your account. • Usage Data: Pages visited, features used, device type, IP address, and browser type for security and quality improvement purposes.
We do not collect information beyond what is necessary to deliver healthcare services or as required by applicable law.
Your information is used solely for the following purposes:
• Healthcare Delivery: Sharing your records with authorised clinicians and staff involved in your care. • Appointment Management: Scheduling, confirming, and managing your appointments and follow-ups. • Billing & Insurance: Processing payments, generating invoices, and facilitating insurance claims on your behalf. • Communication: Sending appointment reminders, lab result notifications, and critical health alerts via SMS or email. • Portal Operations: Authenticating your identity, maintaining session security, and providing technical support. • Quality Improvement: Anonymised, aggregated analytics to improve care delivery — never linked to individual patients. • Legal Compliance: Fulfilling obligations under applicable healthcare regulations (including DPDP Act 2023, IT Act 2000, and hospital accreditation standards).
We do not sell, rent, or trade your personal health information to third parties for commercial purposes.
We implement industry-standard safeguards to protect your data:
• Encryption in Transit: All data is transmitted over TLS 1.2+ (HTTPS). Your connection is secured with 256-bit SSL encryption. • Encryption at Rest: Sensitive health data is encrypted at the database level. • Access Controls: Role-based access ensures only authorised clinical and administrative staff can view your records. Every access is logged with a timestamp and user identifier. • Authentication: Multi-factor authentication is available and recommended for all portal accounts. • Audit Trails: All record views, edits, and exports are logged for compliance and fraud detection. • Infrastructure: Hosted on ISO 27001-compliant infrastructure with regular penetration testing and security audits.
Despite these measures, no digital system is 100% secure. Please use strong, unique passwords and log out after each session.
We share your information only in these limited circumstances:
• Your Care Team: Doctors, nurses, and clinical staff at your treating facility who are directly involved in your care. • Diagnostic Partners: External laboratories or imaging centres when ordered by your physician, for the purpose of delivering test results. • Insurance & TPA: Third-party payers or insurance companies when you request claim processing or pre-authorisation. • Legal Requirements: When required by a court order, statutory authority, or applicable law (e.g., notifiable disease reporting to public health authorities). • Business Continuity: Successor entities in case of hospital acquisition or merger, under equivalent privacy protections. • Emergency: To emergency responders when disclosure is necessary to protect life.
We require all third parties to maintain equivalent privacy and security standards. We do not share data for marketing or advertising.
The Patient Portal uses the following types of cookies:
• Strictly Necessary: Session cookies required for authentication and secure navigation. These cannot be disabled. • Functional: Preference cookies that remember your language and display settings between sessions. • Analytics: Anonymised, aggregated usage analytics to identify performance issues and improve the portal experience.
We do not use advertising cookies or cross-site tracking technologies. You can manage cookie preferences through your browser settings, though disabling strictly necessary cookies will prevent you from logging in.
We retain your personal health information for the periods required by applicable law and medical standards:
• Medical Records: Retained for a minimum of 7 years from the date of last treatment (or until the age of 25 for minors), as required by the Clinical Establishments Act and applicable State regulations. • Account Data: Retained while your portal account is active and for 2 years thereafter, unless a longer retention is mandated by law. • Audit Logs: Security and access logs are retained for 3 years for compliance purposes. • Billing Records: Financial and insurance records are retained for 8 years per GST/IT Act requirements.
After the applicable retention period, data is securely deleted or anonymised. You may request early deletion of non-clinical data (see Your Rights below).
Under applicable Indian law (including the Digital Personal Data Protection Act, 2023) and medical ethics standards, you have the following rights:
• Right to Access: Request a copy of the personal data we hold about you in a structured, readable format. • Right to Correction: Request correction of inaccurate or incomplete personal information. • Right to Erasure: Request deletion of non-clinical personal data where processing is no longer necessary (subject to legal retention requirements for medical records). • Right to Nomination: Nominate a trusted individual to exercise these rights on your behalf. • Right to Grievance Redressal: Lodge a complaint with the Data Protection Board of India if your rights are violated. • Right to Withdraw Consent: Withdraw consent for non-essential data processing at any time (this will not affect prior lawful processing).
To exercise these rights, contact the hospital's Data Protection Officer (details below). We will respond within 30 days.
The Patient Portal may be used for minors (patients under 18) by their parent, legal guardian, or authorised caregiver.
• A parent or guardian must register and manage the account on behalf of a minor. • We do not knowingly collect personal data directly from children under 18 without parental consent. • When a minor patient reaches the age of 18, the portal account can be transitioned to their own direct control upon identity verification.
If you believe we have inadvertently collected data from a minor without appropriate parental consent, please contact us immediately.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.
• Material changes will be communicated via an in-portal notification and/or email at least 15 days before they take effect. • The "Last Updated" date at the top of this page will always reflect the most recent revision. • Continued use of the portal after a policy update constitutes acceptance of the revised terms. • If you object to any changes, you may close your account by contacting the hospital.
We encourage you to review this policy periodically.
For privacy-related queries, concerns, or to exercise your rights, please contact:
Data Protection Officer MedisVoice Healthcare Platform Email: privacy@medisvoice.com Phone: Available through the hospital's main reception
Grievance Officer (as per IT Act 2000) For urgent concerns regarding unauthorised access or data breach, our Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 30 days.
For general support, use the in-portal messaging feature or contact your hospital's front desk directly.