Privacy Policy

Last updated: January 31, 2026

1. Introduction

MIF Medical Center ("we," "our," or "us") is committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our electronic health record platform and related services.

We understand the sensitive nature of healthcare data and take our responsibility to protect it seriously. This policy applies to all users of our Services, including healthcare providers, staff members, and administrators.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and contact information
  • Email address
  • Organization name and details
  • Professional credentials and license information
  • Billing and payment information

2.2 Protected Health Information (PHI)

Through your use of our Services, you may store PHI including:

  • Patient demographics and contact information
  • Medical history and clinical notes
  • Diagnoses and treatment plans
  • Prescription and medication information
  • Lab results and vital signs
  • Insurance and billing information

2.3 Usage Information

We automatically collect certain information about how you use our Services:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Feature usage patterns
  • Error reports and performance data

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and abuse
  • Comply with legal obligations

4. HIPAA Compliance

As a Business Associate under HIPAA, we are committed to:

  • Implementing appropriate administrative, physical, and technical safeguards
  • Reporting any security incidents or breaches as required
  • Ensuring our subcontractors agree to the same restrictions
  • Making PHI available to patients as required by the Privacy Rule
  • Maintaining audit logs of PHI access and modifications

We will enter into a Business Associate Agreement (BAA) with all covered entities using our Services.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Role-based access controls with 14 distinct clinical roles
  • Automatic session timeouts (30 minutes of inactivity)
  • Comprehensive audit logging with tenant isolation
  • Regular data backups with encryption
  • Rate limiting to prevent brute force attacks
  • Failed login tracking with automatic account lockout
  • PHI field encryption for sensitive data (SSN, addresses)

Our infrastructure is hosted on secure cloud platforms that maintain SOC 2 Type II, ISO 27001, and HIPAA compliance certifications.

6. Data Sharing and Disclosure

We do not sell your personal information or PHI. We may share information in the following circumstances:

  • Service Providers: With vendors who assist in providing our Services, under strict confidentiality agreements
  • Legal Requirements: When required by law, subpoena, or court order
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given explicit permission

7. Data Retention

We retain your data for as long as your account is active or as needed to provide Services. For PHI, we follow healthcare industry standards and legal requirements, which typically require retention for a minimum of 6-10 years depending on jurisdiction.

Upon account termination, you will have 30 days to export your data. After this period, data will be securely deleted in accordance with our data destruction policies.

8. Your Rights

You have the right to:

  • Access your personal information and account data
  • Correct inaccurate or incomplete information
  • Export your data in standard formats (FHIR, PDF, CCD)
  • Request deletion of your account (subject to legal retention requirements)
  • Opt out of non-essential communications

For PHI, patients may exercise their rights under HIPAA through their healthcare provider.

9. AI and Machine Learning

Our AI features may process clinical data to provide suggestions and assistance. We ensure:

  • AI processing occurs within our secure infrastructure
  • No PHI is used to train general AI models without explicit consent
  • AI suggestions are clearly labeled and require human verification
  • You can opt out of AI features while retaining access to core functionality

10. Cookies and Tracking

We use essential cookies to maintain your session and provide core functionality. We may also use analytics cookies to understand how our Services are used. You can control cookie preferences through your browser settings.

11. Children's Privacy

Our Services are intended for use by healthcare professionals and are not directed at children under 13. We do not knowingly collect personal information from children under 13.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and, where appropriate, sending you an email notification. Your continued use of the Services after such changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

MIF Medical Center - Privacy Team

Email: [email protected]

Website: novushealth-rrzbcesz.manus.space