Privacy Policy

Information We Collect

To provide you with safe, effective medical care, Sentara Hospital may collect the following categories of information:

Personal Identification Information:

• Full name, date of birth, gender, and nationality
• Government-issued ID numbers (Aadhaar, PAN, Passport)
• Contact information: phone number, email address, home address
• Emergency contact details

Medical & Health Information:

• Medical history, current diagnoses, and prior treatment records
• Medications, allergies, and immunization records
• Lab reports, imaging results, and diagnostic data
• Surgical records and procedure notes
• Mental health information where applicable to care

Financial Information:

• Health insurance policy details and claims information
• Payment information (billing address, transaction references — we do not store full card numbers)

Technical & Usage Information (Website):

• IP address, browser type, device identifiers
• Pages visited, time spent, and navigation patterns
• Form submissions and appointment requests

How We Use Your Information

We use your information only for legitimate purposes directly related to your healthcare and our operational needs:

• Providing Medical Care: To diagnose, treat, manage, and document your health conditions accurately and safely.
• Appointment Management: To schedule, confirm, remind, and follow up on your appointments and procedures.
• Billing & Insurance: To process payments, submit insurance claims, and manage financial records.
• Communication: To contact you about your care, test results, prescription reminders, and health updates.
• Quality Improvement: To analyze de-identified, aggregated data to improve our clinical practices and services.
• Research: With appropriate ethical approval and patient consent, to participate in anonymized medical research.
• Legal Compliance: To fulfill obligations under applicable laws, including medical record-keeping requirements under Indian law.
• Safety: To identify and prevent fraud, abuse, or security threats to our patients and systems.

Notification & Communication Consent

More specifically, your consent covers the following types of communications:

We may use the following communication methods:

• SMS (Short Message Service): Text messages for appointment reminders, health alerts, and promotional updates.
• Email: Detailed health information, reports, invoices, and newsletters to your registered email address.
• OBD (Outbound Dialing): Automated voice calls for appointment confirmations and health reminders.
• Google RCS (Rich Communication Services): Enhanced messaging with rich content for service updates and promotions.
• WhatsApp: Conversational updates, appointment management, and health tips through WhatsApp Business.

You may withdraw your consent to non-clinical communications at any time by contacting us at info@sentarahospital.shop or by calling +91 99929 00127. Note that opting out of promotional communications will not affect essential clinical communications related to your active treatment.

Sharing & Disclosure of Information

Sentara Hospital does not sell your personal information. We share information only in the following limited circumstances:

• Treating Physicians & Clinical Teams: Specialists, nurses, and support staff directly involved in your care have access to your relevant medical records.
• Referral Hospitals & Specialists: When we refer you for specialized treatment or diagnostics, we share necessary medical information with your consent.
• Insurance Providers: We share claim-related information with your health insurance company to process reimbursements and pre-authorizations.
• Legal & Regulatory Authorities: When required by Indian law, court orders, or public health reporting obligations (e.g., notifiable diseases).
• Technology & Service Providers: Third-party vendors (e.g., cloud storage, IT services) under strict data processing agreements and confidentiality obligations.
• Emergency Situations: In life-threatening emergencies where sharing information is necessary to protect you or others.

Data Security

We implement comprehensive, multi-layered security measures to protect your personal and health information from unauthorized access, disclosure, alteration, or destruction:

• Encryption: All data transmitted between your device and our systems is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption.
• Access Controls: Role-based access control (RBAC) ensures that only authorized personnel can access specific categories of patient data, limited to what is necessary for their role.
• Physical Security: Our data centers and server rooms are protected by 24/7 surveillance, biometric access controls, and environmental safeguards.
• Regular Audits: We conduct quarterly internal audits and annual third-party security audits to identify and remediate vulnerabilities.
• Staff Training: All staff receive mandatory training on data privacy, HIPAA-equivalent principles, and information security protocols.
• Incident Response: We maintain a documented data breach response plan. In the event of a breach affecting your data, we will notify you within 72 hours as required by applicable regulations.
• Secure Destruction: When data is no longer needed, it is securely destroyed using certified data destruction methods.

Data Retention

We retain your personal and health information for the periods required by applicable law and clinical necessity:

• Medical Records: Minimum 7 years from date of last treatment, as required under the Medical Council of India guidelines; longer for pediatric records (until the patient reaches 25 years of age).
• Financial Records: 8 years from the date of the transaction for tax and audit compliance.
• Website Usage Data: Anonymized analytics data retained for up to 2 years; personally identifiable usage logs for 12 months.
• Marketing Consent Records: Until consent is withdrawn plus 2 years for legal compliance documentation.
• Communication Records: SMS and email logs retained for 12 months for quality assurance purposes.

Your Rights

Under applicable Indian privacy laws and our own commitment to patient rights, you have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal information we hold about you at any time.
• Right to Correction: Request correction of any inaccurate or incomplete information in your records.
• Right to Deletion: Request deletion of non-clinical personal data where we no longer have a legal obligation to retain it.
• Right to Restrict Processing: Request that we limit how we use your information in certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, machine-readable format for transfer to another provider.
• Right to Withdraw Consent: Withdraw your consent to non-essential data processing and marketing communications at any time.
• Right to Complain: Lodge a complaint with us or with the relevant data protection authority if you believe your rights have been violated.

To exercise any of these rights, please contact our Privacy Officer at info@sentarahospital.shop or call +91 99929 00127. We will respond within 30 days.

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and understand how visitors use our site:

• Essential Cookies: Required for the website to function properly (e.g., session management, security). Cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics, anonymized). Can be disabled.
• Preference Cookies: Remember your preferences such as language and region settings. Can be disabled.
• Marketing Cookies: Used to track appointment form completions and measure effectiveness of health campaigns. Can be disabled.

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect website functionality. We do not use cookies for behavioral advertising or cross-site tracking.

Children's Privacy

Sentara Hospital provides extensive pediatric services, and we take the privacy of minors especially seriously. For patients under 18 years of age:

• Parental or guardian consent is required before collecting personal health information.
• Parents/guardians have full access and control rights over their child's health records.
• Marketing communications regarding children's health services are directed only to parents/guardians.
• We do not knowingly collect personal information from children under 13 for non-clinical purposes through our website.

Third-Party Links

Our website and communications may contain links to third-party websites, applications, or services (e.g., payment gateways, insurance portals, medical reference sites). Sentara Hospital is not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policy of any third-party site you visit before providing personal information.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or technology. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy.
• Notify registered patients via email and/or SMS about significant changes.
• Post a prominent notice on our website homepage for 30 days.
• For changes affecting consent or data processing purposes, we may request fresh consent from existing patients.

Your continued use of Sentara Hospital services after the effective date of any updated policy constitutes your acceptance of the revised policy.

Contact Us About Privacy

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please reach out to our dedicated Privacy & Data Protection team:

We take all privacy concerns seriously and are committed to resolving any issues promptly and transparently. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant data protection authority.