Privacy Policy
Last Updated: [Date]
At Doxtor, we prioritize the privacy of clinics, patients, and partners. This policy outlines our practices regarding the collection, use, sharing, and protection of personal and health-related information. By utilizing Doxtor’s platform, you consent to these practices.
MedLink provides a customized, AI-driven platform that allows Facilities to securely share lab results with patients, connect with laboratories and electronic health records (EHRs), and optimize operations. Patients ("Participants") can access their results through secure and personalized online portals provided by the Facilities.
For Clinics and Labs:
Admin Details: Name, email, clinic address, and credentials.
EHR/Lab Information: Blood test results, patient IDs, and clinic notes shared through integrations.
Billing Information: Agreed pricing arrangements and payment history.
For Patients:
Personal Details: Name, email, phone number, and date of birth (collected by clinics).
Health Information: Blood test results, AI-generated summaries, and follow-up recommendations.
Usage Information: Login times, pages viewed, and interactions with AI tools.
Automatically Collected Data:
Device/IP Information: Browser type, IP address, and cookies (for security and analytics purposes).
Service Delivery: Share test results, AI insights, and facilitate communication between clinics and patients.
AI Processing: Analyze health data to create simplified summaries and recommendations.
Platform Improvement: Review usage patterns to enhance features (using anonymized data).
Security Measures: Identify and prevent fraud, breaches, or misuse.
Legal Compliance: Fulfill legal obligations (e.g., audits, tax reporting).
We share data only when necessary:
Clinics and Labs: Patient results are shared with the ordering clinic and designated laboratories.
Third-Party Services:
Laboratories: Quest, LabCorp, etc., through secure APIs.
Couriers: Trackable shipment data (excluding health details).
Cloud Service Providers: AWS, Google Cloud (HIPAA-compliant hosting).
Communication Tools: Twilio/SendGrid for SMS/email notifications.
Legal Obligations: Disclose data when mandated by law (e.g., court orders).
Encryption: AES-256 for data at rest, TLS 1.3+ for data in transit.
Access Controls: Role-based permissions and two-factor authentication for clinic administrators.
Audits: Regular penetration testing and SOC 2 compliance checks.
Training: Staff receive annual training on data privacy best practices.
Patients and clinics have the following rights:
Access: Request a copy of their data.
Correction: Update any inaccurate information (through clinic administrators).
Deletion: Request clinics to anonymize or erase data (with restrictions for legal compliance).
Opt-Out: Withdraw consent for non-essential data uses (e.g., marketing).
Portability: Export data in a machine-readable format.
Submit requests to: privacy@doxtor.com
AI Training: Health data may be anonymized and aggregated to enhance AI models. Patients can opt out through clinic settings.
No Re-Identification: Anonymized data cannot be traced back to individuals.
Doxtor does not knowingly collect data from users under the age of 18. Clinics are required to obtain parental consent for minors.
Changes will be posted here. Clinics will be notified via email; continued use indicates acceptance.
For inquiries, requests, or complaints:
Email: privacy@doxtor.com
Address: [Physical Address]
EU Representative: [Details if GDPR applies]