Privacy Policy

1. Protected Health Information We Collect

Care+Center collects protected health information (PHI) and personal data necessary to provide healthcare services. This includes:

• Personal identifiers (name, email, phone number, date of birth, address)
• Medical information (appointment details, medical history, symptoms, diagnoses)
• Healthcare provider communications and consultation records
• Insurance and payment information
• Emergency contact information
• Account credentials and platform usage data

2. How We Use Your Protected Health Information

We use your PHI for treatment, payment, and healthcare operations, including:

• Providing healthcare management and communication services
• Facilitating appointments and consultations with healthcare providers
• Processing payments and insurance claims
• Maintaining your medical records and health history
• Coordinating care between healthcare providers
• Ensuring platform security and preventing fraud
• Complying with healthcare regulations and legal requirements

3. Information Sharing and Disclosure

We may share your PHI with:

• Healthcare providers involved in your treatment
• Insurance companies for payment processing
• Authorized family members or emergency contacts (with your consent)
• Legal authorities when required by law or court order
• Public health authorities for disease prevention and control
• Business associates who assist in healthcare operations (under strict confidentiality agreements)

We may engage third-party service providers (such as hosting providers, communication platforms, payment processors, and telemedicine platforms) who are contractually obligated to protect the confidentiality and security of your health information through business associate agreements.

4. Healthcare Data Security Measures

We implement comprehensive security measures to protect your PHI:

• Advanced encryption for data at rest and in transit
• Secure authentication and access controls
• Regular security assessments and penetration testing
• Employee training on healthcare data protection
• Audit logs and monitoring systems
• Secure backup and disaster recovery procedures

5. Your Healthcare Privacy Rights

You have the right to:

• Access and obtain copies of your health information
• Request amendments to your health records
• Request restrictions on how we use or disclose your PHI
• Request confidential communications
• Receive an accounting of disclosures
• File a complaint if you believe your privacy rights have been violated

6. Healthcare Data Retention and Disposal

We retain your PHI for the minimum period required by healthcare regulations, typically 6 years from the last date of service or as required by applicable law. Medical records are maintained according to professional healthcare standards and regulatory requirements. When PHI is no longer needed, we securely dispose of it using methods that ensure it cannot be reconstructed or retrieved, including:

• Physical destruction of paper records
• Secure electronic deletion and overwriting of digital records
• Certification of destruction by authorized personnel
• Maintenance of disposal logs for audit purposes

7. Authorized Access and Minimum Necessary Standard

Access to your PHI is limited to authorized personnel who need the information to provide healthcare services. We follow the minimum necessary standard, ensuring that only the minimum amount of PHI necessary is accessed, used, or disclosed. This includes:

• Role-based access controls for all system users
• Regular review and adjustment of access permissions
• Audit trails for all PHI access and modifications
• Training requirements for all personnel with PHI access
• Background checks for employees handling sensitive health information

8. Data Breach Response and Incident Management

In the event of a security breach involving your PHI, we will:

• Notify you and relevant authorities within required timeframes (typically within 60 days)
• Conduct a thorough investigation and risk assessment
• Implement immediate corrective measures to prevent further exposure
• Provide detailed information about the breach, including what information was involved
• Offer identity protection services if appropriate
• Maintain detailed records of the breach and our response
• Review and update our security measures to prevent similar incidents

9. Third-Party Healthcare Services and Business Associates

We may use third-party services for healthcare operations, such as telemedicine platforms, payment processing, medical record management, cloud hosting, and communication services. All third parties are required to sign business associate agreements ensuring they maintain the same level of PHI protection. These agreements include:

• Written assurances of PHI protection
• Requirements for breach notification
• Access controls and security measures
• Regular compliance audits and assessments
• Termination procedures for non-compliance
• Return or destruction of PHI upon contract termination

10. Consent and Authorization

We obtain your consent for the collection, use, and disclosure of your PHI as required by law. This includes:

• General consent for treatment, payment, and healthcare operations
• Specific authorization for uses and disclosures not covered by general consent
• Revocable consent that you may withdraw at any time
• Clear explanation of how your information will be used
• Your right to request restrictions on certain uses and disclosures

11. Minor and Dependent Privacy

For patients under 18, we may share PHI with parents or legal guardians as permitted by law. For adult patients with legal guardians, we will follow applicable laws regarding PHI access and disclosure. Special considerations include:

• Age-appropriate privacy protections for minors
• Parental access rights and limitations
• Emancipated minor privacy rights
• Guardian consent requirements for dependent adults

12. Changes to This Privacy Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of material changes through the platform or via email, and the updated policy will be posted with a new effective date.

13. Contact Information and Complaints

If you have questions about this Privacy Policy or believe your privacy rights have been violated, please contact us at privacy@carecenter.ph. You also have the right to file a complaint with the appropriate healthcare regulatory authority.