Notice of Health Information Privacy Practices

This Privacy Policy summarises the health information DocTime Pharma and Doctors may collect or receive in connection with your use of the Platform, and describes how the personal data such as personal information, health information, medical records from time to time, may be used and shared, and your choices regarding this data. Please review this section of our Privacy Policy (Section I, "Notice of Health Information Privacy Practices" or "Notice"), which highlights key points about our privacy practices.

The PLATFORM constitutes a technology platform that facilitates healthcare and health-related services by Registered Medical the Doctor (“the Doctor” or “Medical Service Provider”) to patients, with the assistance of healthcare workers/professional, if any, using information and communication technologies (“the Services”). The Doctors who deliver Services through DocTime Pharma are independent medical practitioners registered with the Bangladesh Medical and Dental Council, and they are under professionally responsibility to maintain strict confidentiality of the health information. Any health data or information related to a patient, such as patient’s history, physical findings, information about disease risks and information about the actual physiological or biomedical state of an individual independent of its source, investigation, medical data, medical images, medical, pathological or investigation reports, lab reports and/or radiological investigations, medication, diagnosis, health education, counselling, treatment clinical progress and supplementary data; handwritten, printed or electronically generated or audio and visual recordings (“Health Information”) shall be covered by the Privacy Policy. You must first review and sign the Informed Consent for Telemedicine Services (link attached) (“Informed Consent”), thus, providing explicit consent to the collection, use, and sharing of your information as described in this Privacy Policy and as outlined in the Informed Consent. To the extent anything in this Privacy Policy conflicts with the Informed Consent, the terms of the Informed Consent will control.

How is patient privacy protected?

As a trusted partner in facilitating online medical and clinical/consultation services by Doctors through the Platform  (collectively referred to as "us", "we", "our"), we understand that information about you and your health is personal. Because of this, we strive to maintain the confidentiality of your health information. We continuously seek to safeguard that information through administrative, physical and technical means, and otherwise abide by applicable national and district guidelines. Your Health Information is protected by general laws and medical ethics under the  Bangladesh Medical and Dental Council Telemedicine Guidelines July 2020 (“the Guidelines”), the Bangladesh Medical and Dental Council Code of Professional Conduct, Etiquette and Ethics (“the Code of Conduct”), and rules, regulations and direction related to data protection and privacy laws of Bangladesh.

How do we use and disclose health information?

We may use and disclose your health information for the normal business activities, the purposes described in the Informed Consent and in case of any emergency situation related to you that the law sees as falling in the categories of patient management, payment and healthcare operations. Below we provide examples of those activities, although not every use or disclosure falling within each category is listed:

Patient Management – We keep a record of the Health Information you provide us. This record may include your test results, diagnoses, medications, your response to medications or other therapies, and information we learn about your medical condition through the online Services. We may disclose this information so that other doctors, nurses, and entities such as laboratories can meet your healthcare needs.
Health care Operations – Health information is used to improve the services we provide, to train staff, for business management, quality assessment and improvement, and for customer service. For example, we may use your health information to review our treatment and services and to evaluate the performance of Doctors providing services to you.
Video call – The consultation is provided by the doctor on a video call. The video call is encrypted by 256 bits encryption method. Therefore, only the doctor and the patient can see the video. We do not record the video call. However, we may take screenshots of the video call to keep a proof of the consultation. These screenshots are securely stored in our server and will only be used if a question is raised by the patient about the quality of the consultation, or to prove whether a consultation has happened at all.

We may also use your health information to:

Comply with national or local laws that require disclosure.
Assist in public health activities such as tracking diseases or medical devices.
Inform authorities to protect victims of abuse or neglect.
Comply with national health oversight activities such as fraud investigations.
Respond to law enforcement officials or to judicial orders, subpoenas or other processes.
Inform coroners, medical examiners and funeral directors of information necessary for them to fulfil their duties.
Conduct research following internal review protocols to ensure the balancing of privacy and research needs.
Avert a serious threat to health or safety.
Assist in specialized government functions such as national security, intelligence and protective services.
Inform military and veteran authorities if you are an armed forces member (active or reserve).
Inform a correctional institution if you are an inmate.
Inform workers' compensation carriers or your employer if you are injured at work.
Recommend treatment alternatives.
To conduct and support health-related study.
To develop health-related products and improvement activities.
For research studies, if permitted by Informed Consent.
Tell you about our health-related products and services.
Transmission of summary of Health Information to stakeholders, such as lab, other doctors.
Communicate within our organization for treatment, payment, or healthcare operations.
Communicate with other providers, health plans, or their related entities for their treatment or payment activities, or health care operations activities relating to quality assessment and improvement, care coordination and the qualifications and training of healthcare professionals.
Provide information to other independent third parties with whom we do business, such as a record storage provider. However, you should know that in these situations, we require third parties to provide us with assurances that they will safeguard your information.
We may also use or disclose your personal or health information for operational purposes. For example, we may communicate with individuals involved in your care, such as friends and family or your hired care service providers, and send appointment reminders.

Your Personal Information will be separated from the rest of the Health Information collected from you through the Platform or pseudonymized/ anonymized before it is shared with a third party pursuant to purposes mentioned above, unless the sharing of data/information is for the purpose of patient management, health-care operations and video calls.

All other uses and disclosures, not described above, may only be done with your explicit written authorization in the form - Informed Consent for Telemedicine Services (link attached). We will also obtain your authorization before we use or disclose your health information for marketing purposes or before we would sell your information. You may revoke your authorization at any time; however, this will not affect prior uses and disclosures. In some cases, laws of Bangladesh, may require that we apply extra protections to some of your health information and in such case, we will abide by the obligations imposed by the law.

What are the Doctor's Responsibilities?

The Doctors are responsible to adhere to the Guideline, the Code of Conduct, general medical ethics and general data protection and privacy laws of Bangladesh. The Doctors must:

always maintain the highest standards of professional conduct.
protect patient’s privacy and right to confidentiality, unless release of information is required by law or by public-interest consideration.
provide this Notice of our duties and privacy practices.
abide by the terms of the Notice currently in effect.
tell you if there has been a breach that compromises your health information.

We reserve the right to change our privacy practices and make the new practices effective for all the information we maintain. Revised notices will be posted on the DocTime Pharma website and mobile application.

Medical records Inspection

As per the laws prevailing in Bangladesh and if required by Guidelines and Code of Conduct, you may have the following options:

Inspect and copy certain portions of your health information. To the extent permitted by law,we may deny your request. You may request that we provide your health records to you in an electronic format.
Access personal data and receive copies of the data collected.
You may have access the reports, lab results, if any.
Request amendment of your health information if you feel the health information is incorrect or incomplete. However, under certain circumstances we may deny your request.
Request that we restrict how we use or disclose your health information. However, we are not required to agree with your requests, unless you request that we restrict information provided to a payor, the disclosure would be for the payor's payment or healthcare operations, and you have paid for the health care services completely out of pocket.
Request that we communicate with you at a specific telephone number or address.
Obtain a paper copy of this notice even if you receive it electronically.
Request deletion of personal information through written instruction.

We may ask that you make some of these requests in writing.

Who Will Follow This Notice?

This Notice describes the privacy practices of:

Any Doctors authorized to access and/or enter information into your health records;
All departments and units of DocTime Pharma and affiliates through which online health services are provided; and
All affiliates and volunteers.

DocTime Pharma Platform Privacy Policy

Introduction.

This Section of our Privacy Policy (Section II, "Platform Privacy Policy") explains how we collect, use, and disclose personal information from and/or about you when you use the Platform or the Services.

THE PLATFORM WILL BE COLLECTING AND TRANSMITTING PERSONAL, MEDICAL AND HEALTH-RELATED INFORMATION ABOUT YOU. IN ORDER TO USE THE PLATFORM, YOU MUST AGREE THAT WE CAN COLLECT AND USE YOUR PERSONAL AND OTHER INFORMATION AS DESCRIBED IN THIS PLATFORM PRIVACY POLICY IN ADDITION TO GRANTING THE INFORMED CONSENT FOR OBTAINING TELEMEDICINE SERVICES [LINK]. IF YOU DO NOT AGREE, PLEASE DO NOT USE THE PLATFORM.

Our privacy policy explains how we treat your personal data and protect your privacy when you use our Services. By using our Services, you agree that we can use such data in accordance with the privacy policy. We collect a variety of information that you provide directly to us. We process your information when necessary to provide you with the Services that you have requested when accepting our T&C, or where we have obtained your prior consent, or where we have a legitimate interest to do so. For example, we may have a legitimate interest to process your information for security, testing, maintenance, and enhancement purposes of the Services we provide to you, or for analytics, research, and reporting purposes. In the extreme circumstances, due to life-saving measures arising from your health condition, we may be constrained to use or share your personal information with third parties for your own benefit. We will only use your personal information for providing and improving the Services.

Important Definitions.

When we use the term “Personal Information” in this Privacy Policy, we mean information about you that is personally identifiable to you, such as your contact information (e.g. name, email address, mobile numberphotograph, address, date of birth, mother’s name, father’s name, signature, national identity card number, birth and death registration number, finger print, passport number, bank account number, driving license, e-TIN number, electronic or digital signature, username, credit or debit card number, voice print, retina image, iris image, DNA profile, security related question or any other identification), personally identifiable health or medical information such as your patient records, reports, documents, images, diagnostics, data etc (digital or otherwise) utilized in the telemedicine consultation, and any other non-public information that is associated with such information. When we use the term “De-Identified Information”, we mean information that is neither used nor intended to be used to personally identify an individual. When we use the term “Cookies”, we mean the small pieces of information that a Platform sends to your browser while you are viewing a website. When we use the term “Pixel”, we mean the HTML code snippet that may be embedded in certain parts of the Platform to collect information about the device that you use to access the Platform and your use of the Platform that may be shared with third parties in accordance with this Privacy Policy. Lastly, when we use the term “User”, we mean the user of this Platform, either as a patient or doctor/health-care service provider.

Children under age 18.

We do not knowingly allow individuals under the age 18 to create Accounts that allow access to our Platform.

The Information we collect or maintain may include:

For patients:
Personal Information including your name, age, email address, password, gender, phone logs, email records, chat/test record, video integration logs etc and other registration information.
Health Information that the patient provides us, which may include information or records relating to your medical or health history, health status and laboratory testing results, diagnostic images, and other health related information.
Health information about you prepared or obtained by the Doctor(s) who provide clinical services through the Platform such as medical and therapy records, treatment and examination notes, and other health related information.
Information about the computer or mobile device you are using, such as what Internet browser you use, the kind of computer or mobile device you use, and other information about how you use the Platform.
For doctors:
Full name, age, BMDC number, Gender, Professional Qualification, Experience Information, Chamber Information. This information will be publicly accessible in our app and website. We also collect confidential personal data such as: NID/Passport number, email address, Mobile number of the doctors. This information will be only accessible to our internal members of staff. Sensitive data such as passwords will not be accessible by anyone.
Other information the Doctor inputs into the Platform or related services such as optional information like a photograph, that the Doctor elects to associate with the account. Log-in details and password, demographic information such as gender, User generated content that the doctors post or share while using the text messaging feature of the PLATFORM.

We may use Personal Information for the following purposes (subject to the restrictions relating to the use of Health Information described in Section I):

To provide the Services.
To improve healthcare quality through the performance of quality reviews and similar activities.
To create De-identified Information such as aggregate statistics relating to the use of the Services.
To notify the Users when Platform updates are available.
To market and promote the Platform and the Services to Users.
To fulfil any other purpose for which you provide us Personal Information.
For the purposes described in Section I relating to the use of Health Information.
For the purpose of transmitting or informing in-person care providers or medical institutions/hospitals/clinics for providing life-saving support.
For any other purpose for which you give us authorization.

We may also disclose Personal Information that we collect, or you provide (subject to the restrictions relating to the use of Health Information described in Section I):

To our subsidiaries and affiliates.
To contractors, service providers and other third parties we collaborate with in furtherance of our business and who are bound by contractual obligations to keep personal information confidential.
As required by law, which can include providing information as required by a court order.
When we believe in good faith that disclosure is necessary to protect your safety or the safety of others, to protect our rights, to investigate fraud, or to respond to a government request.
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of DocTime Pharma's assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information maintained by the Platform is among the assets transferred.
For any other purpose disclosed by us when you provide the information.

Information We Collect via Technology.

As you use the Platform or the Services, certain information may be passively collected by Cookies, navigational data like Uniform Resource Locators (URLs) and third-party tracking services, including:

Platform Activity Information. We may keep track of some of the actions you take on the Platform, such as the content of searches you perform on the Platform.
Access Device and Browser Information. When you access the Platform from a computer or other device, we may collect anonymous information from that device, such as your Internet protocol address, browser type, connection speed and access times (collectively, "Anonymous Information").
Cookies. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies to make the Platform and Services easier to use, to make our advertising better, and to protect both you and DocTime Pharma. You can instruct your browser, by changing its options, to stop accepting Cookies or to prompt you before accepting a Cookie from the websites you visit. If you do not accept Cookies, however, you will not be able to stay logged in to the Platform. We may also use Pixels to make the Platform and Services easier to use and to make our advertising better by, for example, summarizing usage patterns. We presently do not honor "Do Not Track" requests across all parts of our Platform.
Real-Time Location. Certain features of the Platform use GPS technology to collect real-time information about the location of your device so that the Platform can connect you to a Healthcare Professional who is licensed or authorized to provide Services in the district where you are located. When accessing Google Maps services on our Platform, you are agreeing to Google's Terms of Service and Privacy Policy
Mobile Services. We may collect non-personal information from your mobile device or computer. This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include how you use the application(s) and information about the type of device or computer you use. In addition, in the event our application(s) crashes on your mobile device we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our application(s).
Analytics Tools. We use tools such as Firebase Analytics to help analyze how Users use the Platform. Such third parties may use cookies, APIs, and SDKs in our services to enable them to collect and analyze User and device related data and information on our behalf. Firebase Analytics uses Cookies to collect information such as how often users visit the Platform, what pages they visit, and what other Platforms they used prior to coming to the Platform. We use the information we get to improve our Platform and Services. Although Firebase Analytics plants a persistent Cookie on your web browser to identify you as a unique User the next time you visit the Platform, the Cookie cannot be used by anyone but Google. Google's ability to use and share information collected by Firebase Analytics about your visits to the Platform is restricted by the Firebase Analytics Terms of Use and the Google Privacy Policy. You may prevent your data from being used by Firebase Analytics by downloading and installing the Firebase Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.

Risk of sending unencrypted emails

The emails we send you are not secure because they are unencrypted. Other people may be able to read and forward the emails we send you and the emails you send us. Emails we send you may include a wide range of identifiers that include but aren't limited to your name, your email address, your visit number, your patient number, the date you used our service etc.

When you create an account on the App or Website we ask you to give us your email address. We send an email to the email address you give us. If you give us an incorrect email address, we will unknowingly send an email to the wrong person.

Risk of sending unencrypted SMS/text messages

The SMS/text messages we send you are not secure because they are unencrypted. Other people may be able to read and SMS/text messages we send you and any SMS/text messages you send us.

SMS/text messages we send you will include your telephone number. It will be clear that SMS/text messages we send you have come from DocTime Pharma.

Risk of storing PHI (Protected Health Information) on your mobile

When you use the App or Website there is a risk that your PHI will be stored unencrypted on your mobile. We take a variety of technical safeguards to make sure that your PHI does not leak onto your mobile, but we cannot guarantee that these safeguards work.

Risk of our systems getting hacked and compromised

We take a number of administrative, technical and physical safeguards to look after the PHI that we hold electronically on our servers. But despite these safeguards, no system is full-proof and we cannot guarantee that our systems and your PHI will not be hacked or otherwise compromised by unauthorized third parties.

The rights you have over your PHI (Protected Health Information)

Right to obtain a copy of your medical record. We are allowed to charge you a fee if we think it's appropriate.

Right to request that we limit how we use and share your PHI. There may be occasions when we cannot agree to your request.

Right to request that we change or update information held in your medical record. There may be occasions when we cannot agree to your request.

Right to request how we send you PHI. The electronic nature of our service limits our ability to agree to such requests.

Right to a paper copy of this Privacy Policy. The electronic nature of our service limits our ability to agree to such requests.

How to contact DocTime Pharma to Use your Rights

Please write to us at: support@DocTime Pharma.com.bd

What if I have a Complaint?

If you believe that your privacy has been violated, you may file a complaint with us.

Email: admin@doctimepharma.com.bd

De-Identified Information.

We may use De-Identified Information created by us without restriction.

Information You Share With Third Parties.

This Platform Privacy Policy applies only to information we collect through the Platform and in email, text and other electronic communications set through or in connection with the Platform. This Platform Privacy Policy DOES NOT apply to information collected by any third party. When you click on links on the Platform you may leave our Platform. We are not responsible for the privacy practices of other sites, and we encourage you to read their privacy policies.

Modification of Information.

Members will be able to update some of their information through the Platform. Requests to modify any information may also be submitted to support@DocTime Pharma.com.bd.

Limitations on Deletion of Information.

You may request deletion of your Personal Information by us, however, we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete Personal Information, it will be deleted from the active database, but may remain in our archives and we may also retain anonymous information about your use of our services. Once we disclose some of your Personal Information to third parties, we may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. After we delete Personal Information, we may retain De-Identified Data and will continue to use De-Identified Data as permitted under this Platform Privacy Policy.

Steps we take to keep your information secure.

We employ reasonable physical, electronic and managerial security methods to help protect against unauthorized access to Personal Information, such as encryption. But please be aware that no data transmission over the Internet or data storage facility can be guaranteed to be perfectly secure. As a result, while we try to protect your Personal Information, we cannot ensure or guarantee the security of any information you transmit to us.

Right to Non-Discrimination

DocTime Pharma will not discriminate against you for exercising any of your privacy rights under law, or as set forth in this Platform Privacy Policy.

Changes to the Platform Privacy Policy.

We may change the Platform Privacy Policy from time to time in the future. We will post any revised version of the Platform Privacy Policy on this page. Continued use of our services following notice of such changes will indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes. By using the Platform, you are agreeing to our collection, use and disposal of Personal Information and other data as described in this Platform Privacy Policy, both as it exists now and as it is changed from time to time.

All capitalized terms in the Privacy Policy (Sections I and II) not defined herein shall have the meaning set forth in the DocTime Pharma Terms of Use.

If you have questions or concerns about our Privacy Practices, or would like to report a violation, please contact us by sending an email to admin@doctimepharma.com.bd.