top of page

PRIVACY PRINCIPLES

Last Updated: [1st April, 2025]

 

1. OUR COMMITMENT TO YOU

MyClinicsOnline ("MCO", "we", "us") protects your data with:


✅ End-to-end encryption (AES-256)
✅ Strict access controls (biometric + 2FA)
✅ Compliance with:

  • Ghana Data Protection Act (Act 843)

  • GDPR (for EU citizens)

  • Digital health best practices

  • ​

This policy applies to:

  • Our apps (QurBook, QurPro, QurPlus)

  • Website (MyClinicsOnline.com)

  • Partner clinics using our platform

​​2. DATA WE COLLECT

A. Information You Provide

CategoryExamplesPurpose

IdentityName, DOB, NHIS #Verify appointments

ContactPhone, EmailSend reminders/results

HealthMedical history, prescriptionsTreatment coordination

PaymentCard/Payment details (encrypted)Process bills

 

B. Automatic Collection

  • Device Data: IP address, browser type

  • Usage Patterns: App features used, session duration

  • Cookies: Only essential ones (opt-out available)

 

3. HOW WE USE YOUR DATA

With Your Consent

  • Share records with specialists for referrals

  • Send health tips (opt-in required)

  • Participate in research studies

 

Without Consent (Legally Permitted)

PurposeExample

TreatmentDoctor accessing your QurPlus records

PaymentBilling insurers via QurPro

Public HealthDisease outbreak reporting

LegalCourt-ordered disclosures

Special Protections:

  • HIV/STI Data: Only shared with treating providers

  • Mental Health: Disclosed per Ghana Health Service guidelines

 

4. YOUR RIGHTS

RightHow to Exercise

Access RecordsDownload via QurBook app (PDF/HL7 FHIR)

Correct ErrorsSubmit request in-app (72h response)

Delete DataEmail dpo@myclinicsonline.com

Restrict SharingToggle settings in QurPro (e.g., opt out of insurer sharing)

PortabilityExport full history to another provider

Complaints? Contact our Data Protection Officer:
📧 dpo@myclinicsonline.com
📞 [Official Contact Number]

 

5. SECURITY MEASURES

  • Technical: Regular penetration testing, encrypted backups

  • Physical: Biometric access to data centers

  • Training: Annual staff certification on data handling

 

6. THIRD-PARTY SHARING

We only work with vetted partners under strict contracts:

  • Payment processors (Stripe, Paystack)

  • Cloud providers (AWS HIPAA-compliant servers)

  • Analytics (De-identified data only)

 

7. POLICY UPDATES

Changes posted at [MyClinicsOnline.com/privacy]. Continued use = acceptance.

 

KEY IMPROVEMENTS OVER MCO VERSION:

  1. Modern Formatting: Tables/mobile-friendly sections replace dense text.

  2. Digital-First Language: Focuses on app features (QurBook exports vs. paper records).

  3. Proactive Security: Highlights encryption/access controls upfront.

  4. Granular Control: Explains how to restrict HIV/mental health data separately.

  5. Transparent Third-Party List: Names specific vendors (e.g., Paystack).

Suggested Implementation:

  • In-App: Interactive version with expandable sections.

  • Website: Layered (short summary + "Read Full Policy").

  • Clinics: Poster version for waiting rooms.

Need a patient-friendly animated explainer to accompany this? I can draft storyboards.

bottom of page