- Notice of Health Information Privacy Practices
- How is patient privacy protected?
As a trusted partner in facilitating online medical and clinical/consultation services by Doctors through the Platform (collectively referred to as "us", "we", "our"), we understand that information about you and your health is personal. Because of this, we strive to maintain the confidentiality of your health information. We continuously seek to safeguard that information through administrative, physical and technical means, and otherwise abide by applicable national and district guidelines. Your Health Information is protected by general laws and medical ethics under the Bangladesh Medical and Dental Council Telemedicine Guidelines July 2020 (“the Guidelines”), the Bangladesh Medical and Dental Council Code of Professional Conduct, Etiquette and Ethics (“the Code of Conduct”), and rules, regulations and direction related to data protection and privacy laws of Bangladesh.
- How do we use and disclose health information?
We may use and disclose your health information for the normal business activities, the purposes described in the Informed Consent and in case of any emergency situation related to you that the law sees as falling in the categories of patient management, payment and healthcare operations. Below we provide examples of those activities, although not every use or disclosure falling within each category is listed:
- Patient Management – We keep a record of the Health Information you provide us. This record may include your test results, diagnoses, medications, your response to medications or other therapies, and information we learn about your medical condition through the online Services. We may disclose this information so that other doctors, nurses, and entities such as laboratories can meet your healthcare needs.
- Health care Operations – Health information is used to improve the services we provide, to train staff, for business management, quality assessment and improvement, and for customer service. For example, we may use your health information to review our treatment and services and to evaluate the performance of Doctors providing services to you.
- Video call – The consultation is provided by the doctor on a video call. The video call is encrypted by 256 bits encryption method. Therefore, only the doctor and the patient can see the video. We do not record the video call. However, we may take screenshots of the video call to keep a proof of the consultation. These screenshots are securely stored in our server and will only be used if a question is raised by the patient about the quality of the consultation, or to prove whether a consultation has happened at all.
We may also use your health information to:
- Comply with national or local laws that require disclosure.
- Assist in public health activities such as tracking diseases or medical devices.
- Inform authorities to protect victims of abuse or neglect.
- Comply with national health oversight activities such as fraud investigations.
- Respond to law enforcement officials or to judicial orders, subpoenas or other processes.
- Inform coroners, medical examiners and funeral directors of information necessary for them to fulfill their duties.
- Conduct research following internal review protocols to ensure the balancing of privacy and research needs.
- Avert a serious threat to health or safety.
- Assist in specialized government functions such as national security, intelligence and protective services.
- Inform military and veteran authorities if you are an armed forces member (active or reserve).
- Inform a correctional institution if you are an inmate.
- Inform workers' compensation carriers or your employer if you are injured at work.
- Recommend treatment alternatives.
- To conduct and support health-related study.
- To develop health-related products and improvement activities.
- For research studies, if permitted by Informed Consent.
- Tell you about our health-related products and services.
- Transmission of summary of Health Information to stakeholders, such as lab, other doctors.
- Communicate within our organization for treatment, payment, or healthcare operations.
- Communicate with other providers, health plans, or their related entities for their treatment or payment activities, or health care operations activities relating to quality assessment and improvement, care coordination and the qualifications and training of healthcare professionals.
- Provide information to other independent third parties with whom we do business, such as a record storage provider. However, you should know that in these situations, we require third parties to provide us with assurances that they will safeguard your information.
- We may also use or disclose your personal or health information for operational purposes. For example, we may communicate with individuals involved in your care, such as friends and family or your hired care service providers, and send appointment reminders.
Your Personal Information will be separated from the rest of the Health Information collected from you through the Platform or pseudonymized/ anonymized before it is shared with a third party pursuant to purposes mentioned above, unless the sharing of data/information is for the purpose of patient management, health-care operations and video calls.
All other uses and disclosures, not described above, may only be done with your explicit written authorization in the form - Informed Consent for Telemedicine Services (link attached). We will also obtain your authorization before we use or disclose your health information for marketing purposes or before we would sell your information. You may revoke your authorization at any time; however, this will not affect prior uses and disclosures. In some cases, laws of Bangladesh, may require that we apply extra protections to some of your health information and in such case, we will abide by the obligations imposed by the law.
What are the Doctor's Responsibilities?
The Doctors are responsible to adhere to the Guideline, the Code of Conduct, general medical ethics and general data protection and privacy laws of Bangladesh. The Doctors must:
- always maintain the highest standards of professional conduct.
- protect patient’s privacy and right to confidentiality, unless release of information is required by law or by public-interest consideration.
- provide this Notice of our duties and privacy practices.
- abide by the terms of the Notice currently in effect.
- tell you if there has been a breach that compromises your health information.
We reserve the right to change our privacy practices and make the new practices effective for all the information we maintain. Revised notices will be posted on the TopSeba website and mobile application.
Medical records Inspection
As per the laws prevailing in Bangladesh and if required by Guidelines and Code of Conduct, you may have the following options:
- Inspect and copy certain portions of your health information. To the extent permitted by law, We may deny your request. You may request that we provide your health records to you in an electronic format.
- Access personal data and receive copies of the data collected.
- You may have access the reports, lab results, if any.
- Request amendment of your health information if you feel the health information is incorrect or incomplete. However, under certain circumstances we may deny your request.
- Request that we restrict how we use or disclose your health information. However, we are not required to agree with your requests, unless you request that we restrict information provided to a payor, the disclosure would be for the payor's payment or healthcare operations, and you have paid for the health care services completely out of pocket.
- Request that we communicate with you at a specific telephone number or address.
- Obtain a paper copy of this notice even if you receive it electronically.
- Request deletion of personal information through written instruction.
We may ask that you make some of these requests in writing.
Who Will Follow This Notice?
This Notice describes the privacy practices of:
- Any Doctors authorized to access and/or enter information into your health records;
- All departments and units of TopSeba and affiliates through which online health services are provided; and
- All affiliates and volunteers.
Children under age 18.
We do not knowingly allow individuals under the age 18 to create Accounts that allow access to our Platform.
The Information we collect or maintain may include:
- For patients:
- Personal Information including your name, age, email address, password, gender, phone logs, email records, chat/test record, video integration logs etc and other registration information.
- Health Information that the patient provides us, which may include information or records relating to your medical or health history, health status and laboratory testing results, diagnostic images, and other health related information.
- Health information about you prepared or obtained by the Doctor(s) who provide clinical services through the Platform such as medical and therapy records, treatment and examination notes, and other health related information.
- Information about the computer or mobile device you are using, such as what Internet browser you use, the kind of computer or mobile device you use, and other information about how you use the Platform.
- For doctors:
- Full name, age, BMDC number, Gender, Professional Qualification, Experience Information, Chamber Information. This information will be publicly accessible in our app and website. We also collect confidential personal data such as: NID/Passport number, email address, Mobile number of the doctors. This information will be only accessible to our internal members of staff. Sensitive data such as passwords will not be accessible by anyone.
- Other information the Doctor inputs into the Platform or related services such as optional information like a photograph, that the Doctor elects to associate with the account. Log-in details and password, demographic information such as gender, User generated content that the doctors post or share while using the text messaging feature of the PLATFORM.
We may use Personal Information for the following purposes (subject to the restrictions relating to the use of Health Information described in Section I):
- To provide the Services.
- To improve healthcare quality through the performance of quality reviews and similar activities.
- To create De-identified Information such as aggregate statistics relating to the use of the Services.
- To notify the Users when Platform updates are available.
- To market and promote the Platform and the Services to Users.
- To fulfill any other purpose for which you provide us Personal Information.
- For the purposes described in Section I relating to the use of Health Information.
- For the purpose of transmitting or informing in-person care providers or medical institutions/hospitals/clinics for providing life-saving support.
- For any other purpose for which you give us authorization.
We may also disclose Personal Information that we collect, or you provide (subject to the restrictions relating to the use of Health Information described in Section I):
- To our subsidiaries and affiliates.
- To contractors, service providers and other third parties we collaborate with in furtherance of our business and who are bound by contractual obligations to keep personal information confidential.
- As required by law, which can include providing information as required by a court order.
- When we believe in good faith that disclosure is necessary to protect your safety or the safety of others, to protect our rights, to investigate fraud, or to respond to a government request.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of TopSeba's assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information maintained by the Platform is among the assets transferred.
- For any other purpose disclosed by us when you provide the information.
Information We Collect via Technology.
As you use the Platform or the Services, certain information may be passively collected by Cookies, navigational data like Uniform Resource Locators (URLs) and third-party tracking services, including:
- Platform Activity Information. We may keep track of some of the actions you take on the Platform, such as the content of searches you perform on the Platform.
- Access Device and Browser Information. When you access the Platform from a computer or other device, we may collect anonymous information from that device, such as your Internet protocol address, browser type, connection speed and access times (collectively, "Anonymous Information").
- Cookies. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies to make the Platform and Services easier to use, to make our advertising better, and to protect both you and TopSeba. You can instruct your browser, by changing its options, to stop accepting Cookies or to prompt you before accepting a Cookie from the websites you visit. If you do not accept Cookies, however, you will not be able to stay logged in to the Platform. We may also use Pixels to make the Platform and Services easier to use and to make our advertising better by, for example, summarizing usage patterns. We presently do not honor "Do Not Track" requests across all parts of our Platform.
- Mobile Services. We may collect non-personal information from your mobile device or computer. This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include how you use the application(s) and information about the type of device or computer you use. In addition, in the event our application(s) crashes on your mobile device we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our application(s).
Risk of sending unencrypted emails
The emails we send you are not secure because they are unencrypted. Other people may be able to read and forward the emails we send you and the emails you send us. Emails we send you may include a wide range of identifiers that include but aren't limited to your name, your email address, your visit number, your patient number, the date you used our service etc.
When you create an account on the App or Website we ask you to give us your email address. We send an email to the email address you give us. If you give us an incorrect email address, we will unknowingly send an email to the wrong person.
Risk of sending unencrypted SMS/text messages
The SMS/text messages we send you are not secure because they are unencrypted. Other people may be able to read and SMS/text messages we send you and any SMS/text messages you send us.
SMS/text messages we send you will include your telephone number. It will be clear that SMS/text messages we send you have come from TopSeba.
Risk of storing PHI (Protected Health Information) on your mobile
When you use the App or Website there is a risk that your PHI will be stored unencrypted on your mobile. We take a variety of technical safeguards to make sure that your PHI does not leak onto your mobile, but we cannot guarantee that these safeguards work.
Risk of our systems getting hacked and compromised
We take a number of administrative, technical and physical safeguards to look after the PHI that we hold electronically on our servers. But despite these safeguards, no system is full-proof and we cannot guarantee that our systems and your PHI will not be hacked or otherwise compromised by unauthorized third parties.
The rights you have over your PHI (Protected Health Information)
Right to obtain a copy of your medical record. We are allowed to charge you a fee if we think it's appropriate.
Right to request that we limit how we use and share your PHI. There may be occasions when we cannot agree to your request.
Right to request that we change or update information held in your medical record. There may be occasions when we cannot agree to your request.
Right to request how we send you PHI. The electronic nature of our service limits our ability to agree to such requests.
How to contact TopSeba to Use your Rights
Please write to us at: firstname.lastname@example.org
What if I have a Complaint?
If you believe that your privacy has been violated, you may file a complaint with us.
We may use De-Identified Information created by us without restriction.
Information You Share With Third Parties.
Modification of Information.
Members will be able to update some of their information through the Platform. Requests to modify any information may also be submitted to email@example.com
Limitations on Deletion of Information.
Steps we take to keep your information secure.
We employ reasonable physical, electronic and managerial security methods to help protect against unauthorized access to Personal Information, such as encryption. But please be aware that no data transmission over the Internet or data storage facility can be guaranteed to be perfectly secure. As a result, while we try to protect your Personal Information, we cannot ensure or guarantee the security of any information you transmit to us.
Right to Non-Discrimination
If you have questions or concerns about our Privacy Practices, or would like to report a violation, please contact us by sending an email to firstname.lastname@example.org.