Privacy Policy (HIPAA & GDPR Compliant)

1. Information We Collect

We collect:

• Personal identifiers (name, DOB, contact details).

• Medical history, reports, and treatment records.

• Payment and insurance-related details (if applicable).

2. How We Use Information

• To provide medical consultations and care coordination.

• To schedule appointments, manage referrals, and deliver medications.

• To comply with medical, legal, and regulatory obligations.

3. Data Protection Standards

• HIPAA Compliance (U.S.): All protected health information (PHI) is stored and transmitted securely. Access is limited to authorized staff only.

• GDPR Compliance (EU/Global): Patients have the right to access, correct, or request deletion of their data.

4. Data Sharing

We may share data with:

• Referring physicians, hospitals, and partner facilities (with patient consent).

• Pharmacies for medication orders.

• Regulatory authorities when legally required.

We do not sell or share patient data for marketing purposes.

5. Data Retention

Medical records are securely retained for the legally required period (7 years minimum, unless longer required by law).

6. Patient Rights

• Right to access your medical record.

• Right to correct inaccurate information.

• Right to withdraw consent for data use (except where required by law).

• Right to request transfer of records to another provider.

7. Security Measures

• Encrypted storage and transmission of health data.

• Role-based access controls.

• Regular audits to ensure compliance.

8. Contact Information

For privacy concerns, data access requests, or questions about these policies, contact:
connect@sunnyvaleconciergemedical.com