Privacy Policy

Last Updated: April 7, 2025

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in the course of providing dental teleradiology reporting services. We are committed to maintaining the highest standards of privacy, confidentiality, data protection, and ethical handling of health information in compliance with applicable Indian laws.

1. Scope of This Policy

This policy applies to:

  • Patients whose dental imaging data is submitted to us for reporting
  • Dental clinics, hospitals, imaging centers, and partners using our services
  • Visitors to our website or digital platforms
  • Radiologists engaged with us on a contractual or consultancy basis

2. Information We Collect

We may collect and process the following categories of information:

2.1 Patient Information

  • Dental radiographic data (CBCT, OPG, CT/MRI if dental-related, etc.)
  • DICOM files and imaging metadata
  • Patient identifiers (name, age, gender, case ID) as provided by the referring clinic
  • Relevant clinical history and referral notes

2.2 Clinic / Referrer Information

  • Clinic name, address, and contact details
  • Authorized personnel contact information
  • Billing and payment details (for invoicing only)

2.3 Radiologist / Internal Workforce Information

  • Professional details, qualifications, and licensing information
  • Contact information for reporting coordination
  • Performance or workflow metrics (internal use only)

2.4 Technical & Usage Data

  • Website usage analytics (cookies, IP address, browser type)
  • Platform or file-transfer system logs
  • Error logs for troubleshooting

3. How We Use the Information

We use the collected information for the following purposes:

  • Diagnostic Reporting: Reviewing imaging data to prepare radiological reports
  • Service Delivery: Case allocation, communication with clinics, and report submission
  • Quality Assurance: Internal audits, double reading, and training
  • Compliance: Meeting regulatory or medico-legal requirements
  • Billing: Invoicing clients and processing payments
  • Technical Support: Debugging, system improvement, and security monitoring
  • Communication: Responding to queries, updates, notifications

We do not use patient information for marketing or unrelated purposes.

4. Legal Basis for Processing (India)

We process information based on:

  • Explicit or implied consent provided by the referring dentist/clinic on behalf of the patient
  • Contractual necessity to provide services
  • Legitimate business interests in secure handling of healthcare data
  • Compliance with applicable guidelines (NMC, DCI, teleradiology norms, upcoming DPDP Act compliance)

5. Data Sharing and Disclosure

We may share information only under the following circumstances:

5.1 With Radiologists

  • Imaging data is shared only with assigned, qualified radiologists who need it for reporting
  • All radiologists adhere to confidentiality agreements

5.2 With Referring Clinics

  • Report outputs, clarifications, and follow-up communication

5.3 Service Providers

  • Secure cloud storage services
  • Encrypted file transfer or PACS systems
  • IT support vendors
    All vendors follow strict data-protection obligations.

5.4 Legal Requirements

We may disclose information if required:

  • To comply with applicable laws, regulations, or court orders
  • To respond to lawful authorities

We do not sell, rent, or trade personal information.

6. Data Security

We implement strong administrative, technical, and physical safeguards, including:

  • Encryption of data in transit and at rest
  • Access control and multi-factor authentication
  • Strict role-based access for radiologists and staff
  • Secure, monitored servers or cloud environments
  • Regular security audits and system updates
  • Confidentiality and data-handling training for team members

7. Data Retention

We retain information only for as long as necessary:

  • Imaging data and reports: Typically six months, depending on clinical/legal requirements
  • Operational logs: As required for audit and security
  • Billing data: As per taxation laws

After retention expiry, data is securely deleted or anonymized.

8. Patient Rights (Where Applicable)

Patients (through their referring clinic) may request:

  • Access to the report or imaging data
  • Corrections to identifiable information
  • Withdrawal of consent (for future processing)
  • Deletion of data after legal obligations are fulfilled

Requests must be initiated through the referring clinic/hospital to ensure verification.

9. Data Transfer Outside India

If cross-border consultations or cloud services are used, data may be processed outside India under strict safeguards and compliant with relevant data-protection norms.

10. Children’s Privacy

We receive pediatric imaging only through authorized clinics. We do not directly interact with minors or collect information from them without clinic-mediated consent.

11. Website Cookies & Analytics

Our website may use cookies to enhance user experience. Users may disable cookies through browser settings.

12. Changes to This Policy

We may update this policy occasionally. Changes will be effective upon publication on our website. We encourage clients to review the policy periodically.

13. Contact Information

For privacy-related queries, corrections, or requests, please contact:

Privacy Officer / Data Protection Contact
Heidelberg Medical Consultancy and Health Tourism Private Limited
Dotspace Business Center, Kowdiar, Thiruvananthapuram, India – 695003
Email: mubashir@heidelbergmedical.com
Phone: +91 9526263673