Elaborates Patient Health Data Protection-Protocol applicable to duties performed under Section A-1*, A-2*, A-3*, A-4* and D-1* of BIPL Data Protection Guidelines, and protection of Patient Health Data and Personal Information while performing other business related duties or duties of any nature associated and/or relevant to BIPL and its functionality.
This Patient Data Protection Agreement (“PDPA”) forms part of the master agreement between the company, in this case Brainpan Innovation Private Limited, herein referred to as BIPL, and workforce* associated with it, to reflect the parties’ agreement with regard to the Processing of Personal Data of Patients/Customers, in accordance with the requirements of Data Protection Laws.
Scope of Personal Information and Health Data under the purview of PDPA
- Any basic personal information of the patient or customer of BIPL, inclusive of, but not limited to name, address, contact details, race, religion, gender, profession, personal images, bank information, health card credentials.
- Any type of health data of the patient or customer of BIPL, inclusive of, but not limited to prescription data, treatment information, information regarding existing health status and/or ailments, patient history, course of treatment, diagnostic test reports, radiology test reports and other report(s) of any kind that contains medical or personal data of the patient.
- Details of doctors, medical staffs, health facilities, partners or affiliated agencies, hospitals, clinics, camps, diagnostic centers, radiology labs or any facility of any kind with which the patient/customer is associated or undergoing any treatment, examination or test.
- Credentials that allows Patients/customers to access their health information provided to them by BIPL. It is inclusive of, but not limited to login ID or user ID and password used to access BIPL proprietary platform of any type.
- Any personal information that may affect or harm the patient/customer in qualitative or quantitative aspects of life.
BIPL Guideline: Regarding Breach of PDPA
The company, in general, holds a very strict policy of data privacy for all the patients/customers, attendants or any third party that is associated with the patient’s involvement with BIPL. As a general issuance of protocol, it is to be clearly understood that under no circumstances BIPL approves unauthorized access, alteration, transference, extraction* or, sharing of any form of patient’s or customer’s Personal Information or, Health Data that belongs to BIPL, its collaborator, partner-organization or to any of its affiliated partners. Any member from the workforce*, if attempts or, indulges, in violating the privacy norms under PDPA, shall be put liable to extreme punitive actions (inclusive of, but not limited to Legal Proceedings, Cash Penalty commensurate to the loss incurred due to liability, Character Assessment and Reporting) post-termination, effective immediately from the time of attempt/indulgence.