1. Our Commitment to Your Privacy

The Hospital is committed to protecting the privacy and confidentiality of your health information. This policy applies only to the data and interactions associated with your use of our Online Services.

2. Information We Collect Through Online Services

We collect various types of information necessary to provide, manage, and secure your virtual care. This information is primarily collected electronically:

A. Protected Health Information (PHI)

This includes identifiable health data collected via the Online Services:

1. Personal and Identifying Data: Name, date of birth, address, phone number, email address, and patient portal login ID.
2. Medical Data: Health history, diagnosis, symptoms discussed during virtual visits, treatment plans, prescriptions, laboratory results, and images (e.g., photos uploaded to the portal).
3. Financial and Insurance Data: Policy numbers, billing codes, payment status, and guarantor information, primarily used for payment processing.
4. Virtual Care Data: Video and audio recordings (if consent for recording is provided), chat transcripts, and secure message contents exchanged with providers.

B. Technical and Usage Data

Information automatically collected about your device and usage for security and operational purposes:

• Device Information: IP address, operating system, browser type, and time zone.
• Usage Logs: Dates and times of access to the Patient Portal, features used, and technical failures.
• Cookies: Small data files used to maintain session stability and track non-personal usage patterns within the Online Services.

3. How We Use Your Information

We use the information collected via the Online Services for the following necessary purposes:

A. Treatment

• To provide, manage, and coordinate your medical care, including conducting telehealth appointments, diagnosing conditions, prescribing medication, and facilitating referrals to specialists (including independent Consultants).
• To communicate with you via secure messaging regarding your care, appointments, and test results.

B. Payment

• To bill and collect payment from you, your Guarantor, or third-party payers (like insurance companies) for the services provided.
• To manage claims, determine eligibility, and coordinate benefits.

C. Healthcare Operations

• To improve the quality and effectiveness of our Online Services, including technical support and performance monitoring.
• For internal planning, budgeting, legal compliance, and training of staff involved in virtual care.
• To ensure the security and integrity of our digital platforms against unauthorized access or malicious activity.

4. Disclosures and Sharing of Your Information

We may disclose your PHI without your specific authorization in the following circumstances:

1. To Healthcare Providers: We share necessary PHI with attending physicians and independent Consultants involved in your care, regardless of whether they are employees of the Hospital, to ensure coordinated treatment.
2. For Payment Processing: We share financial and relevant medical information with insurance companies, third-party administrators, and payment processors to secure payment for services.
3. Required by Law: We will disclose information when required to do so by court order, judicial process, or public health activities (e.g., disease reporting).
4. Authorized Representative: We disclose information to your legally authorized representative (parent, guardian, or proxy) as confirmed in your registration records.

5. Data Security and Storage

1. Protection Measures: We utilize industry-standard security protocols, including data encryption, multi-factor authentication, and secure servers, to protect the electronic PHI transmitted and stored within our Online Services.
2. User Responsibility: Securing your personal device and maintaining the confidentiality of your login credentials is your responsibility. The Hospital assumes no liability for data accessed as a result of a failure to protect your device or password.
3. Storage: All PHI collected through the Online Services is stored in secure electronic medical record systems maintained by the Hospital in compliance with Myanmar data retention laws.

6. Your Rights Regarding Online PHI

You have the following rights concerning your electronic PHI (ePHI):

• Right to Access: You have the right to inspect and obtain a copy of your ePHI contained in the Patient Portal records.
• Right to Request Amendment: You can request an amendment to your ePHI if you believe it is inaccurate or incomplete.
• Right to Confidential Communications: You can request to receive confidential communications of your PHI by alternative means or at alternative locations (e.g., receiving portal notifications only at a specific email address).

7. Modifications and Contact

1. Policy Changes: We reserve the right to amend this Privacy Policy at any time. Any changes will be posted on the Hospital's official website or within the Patient Portal, and the Effective Date will be updated.
2. Contact: For questions about this Privacy Policy, your rights, or to file a complaint regarding the privacy of your information, please contact at our email: info@mingalarhospitals.com.