A few possible privacy issues and concerns for the users are stipulated hereunder:
Personal data or personal information means any data about an individual from which that person can be identified.
We may collect, use, store and transfer the following kinds of personal data about you:
We use the following methods to collect your data:
Anahat Solutions Pvt. Ltd. collects your data for the following purposes:
We do not share your data to any third party. Further unless a specific consent is taken, it can never be shared with the third party.
We may be compelled to share your details under following special circumstances such as when we believe in good faith and is required by law:
Where it concerns processing operations related to the business relationship with you, Anahat Solutions Pvt. Ltd. will not be able to adequately establish, conduct or terminate a business relationship with you and generally perform the purposes described above without certain data.
Although we cannot obligate you to share your personal data with us, please note that this then may have consequences which could affect the business relationship in a negative manner, such as not to establish and continue the business relationships you have asked for.
Anahat Solution takes appropriate security measures to protect your data from being accidentally lost, used or accessed by unauthorized sources. We limit access to your personal data to employees within the organization, medical practitioners, and to those with a legitimate business or industry need.
We will only retain your data for stipulated time to fulfil the purposes, we collected it for, including for the purposes of satisfying any legal, accounting, audit, or reporting requirements or until you notify us that you no longer wish to receive the services and storage/consultation facilities provided by Anahat Solution.
In general, customer related personal data is kept for the duration of the contractual relationship and for a minimum period or for longer period if required by local laws and regulatory requirements.
For data provided to us by our clients, we are governed by their data retention rules as specified in their privacy notices.
Through the setting of IT applications and policies we ensure that our keeping of your personal data is deleted when we no longer need it.
We strictly refrain from sharing, disclosing, selling, renting or otherwise provide personal information to other companies (other than to specific Anahat Solution marketplace administrators you are interacting with, or to third party apps or service providers being used by the administrators you are interacting with) for the marketing of their own products or services.
If you are a medical practitioner using Anahat Solutions’ services, we do not use the personal information to independently contact or market your patients. However, Anahat Solutions may contact or market your patients, if we obtain their information from another source, such as from the patients themselves.
In the event any personal data of a minor, i.e., below 18 years of age, is submitted via our website, mobile application, email form, surveys, etc., the same shall be submitted and collected by us only after obtaining due consent from the minor’s parents or guardian.
In such circumstances, a valid ID proof of the parent or guardian along with the minor should be mandatorily submitted in order to verify the consent of the parent or guardian.
Anahat Solutions will not collect, use, process or transfer the personal data of a minor in any manner that is likely to cause harm to the minor.
Under data protection law, you have the following rights:
Anahat Solutions’ website, Health-e, may contain links to external sites. These external sites will have their own privacy policies, and Anahat Solutions holds no direct or indirect responsibility for the privacy policies and/or practices or the content of such third-party websites.
Anahat Solutions Pvt Ltd. will not rent or sell your personal data to any individual or entity. We will not disclose your personal data to third parties, except as required in the course of providing our services or for purposes as described above.
Other than to contractors, medical practitioners associated with Anahat Solutions and affiliated organizations, we disclose personal data only in response to a subpoena, court order or other governmental request or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Anahat Solutions, third parties or the public health or interest at large.
If you want to access your personal data, make use of any of your other rights mentioned above or if you have any questions or concerns about how Anahat Solutions Pvt. Ltd. processes your personal data, please contact us via your registered email or in writing to the:
Email: [email protected]
If you have any concerns about how Anahat Solutions Pvt. Ltd. uses and stores your personal data, please contact us in the first instance, so that, we can address and rectify the issue.
Should you not be satisfied with our response or believe we are processing your personal data against the law, you may also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the Courts where you believe an infringement of data privacy laws may have taken place.
It is exclusive property of “Anahat Solutions Pvt. Ltd.”. No part of the same can be reproduced, copied, shared, altered, photocopied, etc., in any direct or indirect manner whether directly or indirectly.
What is ABDM?
The Ayushman Bharat Digital Mission (ABDM) aims to develop the backbone necessary to support the integrated digital health infrastructure of the country and to bridge the existing gap amongst different stakeholders of the ecosystem through digital highways.
For the purpose of creating health records and record keeping, the ABDM has also introduced the system of a unified ID for an individual, called Ayushman Bharat Health Account (ABHA) Number. Your ABHA number is a hassle-free method of accessing and sharing your health records digitally. It enables your interaction with participating healthcare providers, and allows you to receive your digital lab reports, prescriptions and diagnosis seamlessly from verified healthcare professionals and service providers.
If you have an ABHA Number, you can easily link this to your medical records and reports on Health-e.
What is the Unified Health Interface (UHI)?
UHI is envisioned as an open protocol for various digital health services, wherein, the UHI Network will be an open one for End User Applications (EUAs) and participating Health Service Provider (HSP) applications. This will enable a wide variety of digital health services between patients and health service providers (HSPs) including appointment booking, teleconsultation, service discovery, and others.
What are we doing at Health-e to be ABDM compliant?
Health-e is mindful of the vision and framework set forth by the Government of India through the Ayushman Bharat Digital Mission (ABDM). We are happy to declare that we are already in compliance with the draft Health Data Management Policy published by ABDM so far and will strive to be one of the first ones to implement the necessary compliances when the final policy is published.
The Health-e app is also being submitted to ABDM for integration with its ecosystem and we are constantly working on making our app future ready for whenever UHI (the health equivalent of UPI) testing and implementation is initiated by the concerned authorities.
We, at Health-e strongly believe that UHI will transform the entire healthcare ecosystem by making it more affordable and accessible throughout the country, especially the rural areas. We intend to be a part of this enormous and visionary initiative that will make healthcare easier for the service giver and seeker.
In an ‘always on’ world where users are constantly engaged with their mobile devices for different purposes, be it work emails, reading the news, shopping, bank transactions, or even watching their favourite shows, there is a lot of data being collected and exchanged on various levels. Businesses utilise data such as adoption and usage statistics, preferences, location, phone number, etc. that can help them make more strategic decisions to improve their service or product. During this time, if the data shared falls in the wrong hands, it could make a user’s life very vulnerable.
We at Health-e realise that mobile security has become the need of the hour. With some of the Big Tech companies recently taking concrete steps towards data privacy, we endeavour to join and fully support them in their attempt to respect user privacy, enable transparency and ethical data collection.
Here are some basic app security protocols that we have put in place at Health-e and why:
Developers usually include authentication procedures while developing the app to verify that the user is who they claim to be and is not using a false identity. This is usually put in place by asking the user to enter their username and password as soon as they log into the application. For an added layer of security, some apps also enable multi-factor authentication which could range from asking a user to input something they know (a password), something they have (a mobile device) or something they are (a biometric).
The team at Health-e has implemented both – Two-factor and biometric authentication to mitigate risks.
Once authenticated, the user may be able to access the app but only after the system verifies the user’s permission to access the platform. This is done by matching the user’s identification to a list of authorised users. At this stage, authentication must take place before authorization for the application to be able to compare user credentials to their approved user list.
To facilitate this, we at Health-e have used OAuth Token in all API calls to ensure that only authorised users have access.
Once a user is authenticated and authorised, further security measures can be adopted within the app framework to safeguard their data from being a victim to cyber-attacks. This can easily be put into place by encrypting the traffic containing sensitive data that flows between the user and the cloud (in cloud-based applications).
At Health-e, we have adopted the practice of storing user data in an encrypted format on a non-SQL Database.
Security protocols are never a one-time task, they have to be updated and continuously worked on for them to be effective at different stages of the app’s developmental cycle. Multiple aspects of the application’s security flaws will come to surface at various stages of development and will reflect the time, effort, cost, and vulnerability trade-offs. Here are some of the practices that we have in place as part of our on-going checks: