Privacy Policy

1. Introduction

Mediloop Health ("Mediloop," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our website, mobile applications, WhatsApp integration, and Universal Health ID (UHID) platform.

By using Mediloop services, you agree to the collection and use of information in accordance with this policy. We comply with Uganda's Data Protection and Privacy Act, 2019, and international healthcare data protection standards.

2. Information We Collect

2.1 Personal Information

• Full name, date of birth, and gender
• National Identification Number (NIN)
• Contact information (phone number, email address, physical address)
• Emergency contact information
• Payment information for paid services

2.2 Health Information

• Medical history, diagnoses, and treatment plans
• Prescription and medication records
• Laboratory test results and diagnostic reports
• Vital signs and health measurements
• Immunization records
• Allergies and adverse reactions
• Doctor's notes and clinical observations
• Medical images and scans (when applicable)

2.3 Usage Information

• WhatsApp messages and consultation history
• App usage patterns and feature interactions
• Device information (device type, operating system, browser type)
• IP address and location data (when permitted)
• Login times and access logs

3. How We Use Your Information

3.1 Primary Healthcare Purposes

• Provide medical consultations and healthcare services
• Maintain your Universal Health ID and medical records
• Enable communication between you and healthcare providers
• Process prescriptions and lab orders
• Coordinate care across multiple healthcare facilities
• Provide AI-powered health insights and recommendations

3.2 Service Improvement

• Improve our AI models and healthcare algorithms
• Enhance user experience and platform functionality
• Develop new features and services
• Conduct research and analytics (using anonymized data)

3.3 Communication

• Send appointment reminders and health notifications
• Provide medication reminders
• Share test results and medical updates
• Send service updates and important announcements

4. Data Sharing and Disclosure

4.1 Healthcare Providers

We share your health information with authorized healthcare providers (doctors, nurses, pharmacists, lab technicians) only when necessary to provide you with care and only with your explicit consent.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform, including:

• Cloud hosting providers (for secure data storage)
• Payment processors (for handling transactions)
• SMS and WhatsApp communication services

All service providers are bound by strict confidentiality agreements and are not permitted to use your data for any other purpose.

4.3 Legal Requirements

We may disclose your information when required by law, such as in response to court orders, government requests, or to comply with legal obligations. We will notify you of such requests unless prohibited by law.

4.4 Public Health Emergencies

In cases of public health emergencies or disease outbreaks, we may share anonymized, aggregated data with government health authorities to support disease surveillance and public health responses.

5. Your Privacy Rights and Control

5.1 Access and Review

You have the right to access and review all your health information stored in Mediloop at any time through your patient portal or by contacting us.

5.2 Consent Management

You control who can access your health information. You can:

• Grant or revoke access to specific healthcare providers
• Set time-limited access permissions
• View audit logs of who has accessed your records
• Restrict access to certain sensitive information

5.3 Data Correction

If you believe any information we hold about you is incorrect or incomplete, you have the right to request corrections through your healthcare provider or by contacting us.

5.4 Data Export

You can request a complete export of your health records in a portable, machine-readable format at any time.

5.5 Account Deletion

You may request deletion of your account, though we may be required to retain certain medical records for legal and regulatory compliance purposes (typically 7 years from last interaction).

6. Data Security

6.1 Technical Safeguards

• End-to-end encryption for all data transmission
• Encrypted data storage using AES-256 encryption
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Secure API architecture with rate limiting
• Real-time threat monitoring and intrusion detection

6.2 Administrative Safeguards

• Role-based access controls for all staff
• Regular security training for all employees
• Strict confidentiality agreements with all personnel
• Incident response and breach notification procedures
• Regular security policy reviews and updates

6.3 Physical Safeguards

• Secure data centers with 24/7 monitoring
• Redundant backup systems and disaster recovery plans
• Controlled physical access to servers and equipment

7. Data Retention

We retain your health information for as long as necessary to provide services and comply with legal obligations:

• Active health records: Retained indefinitely while you use our services
• After account closure: Minimum 7 years as required by Ugandan healthcare regulations
• Anonymized research data: May be retained indefinitely for public health research
• Usage logs and analytics: Retained for 2 years

8. Children's Privacy

Mediloop services can be used for children under 18. Health records for minors are managed by parents or legal guardians until the child reaches 18 years of age. Parents/guardians have full access to and control over their children's health information.

9. International Data Transfers

Your data is primarily stored within Uganda and Africa. If we need to transfer data outside Uganda for specific services (such as specialized cloud infrastructure), we ensure appropriate safeguards are in place, including data processing agreements and compliance with international data protection standards.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and sending notifications through WhatsApp or email. Your continued use of Mediloop services after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your health data, please contact us:

12. Regulatory Compliance

Mediloop complies with:

• Uganda Data Protection and Privacy Act, 2019
• Uganda National Health Information Systems (HIS) standards
• HL7 FHIR R4 international healthcare data standards
• ISO 27001 Information Security Management standards