MedWave Provider - Privacy Policy
Introduction
MedWave Provider ("we," "our," or "us") is committed to protecting the privacy and security of healthcare professionals and their patients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our mobile application and related services.
IMPORTANT: MedWave Provider is designed exclusively for licensed healthcare professionals for legitimate medical treatment purposes. This application handles Protected Health Information (PHI) and complies with applicable healthcare privacy regulations.
Information We Collect
Patient Health Information (PHI)
As a healthcare application, we collect and process the following patient information under your direction as a healthcare professional:
- Personal Identifiers: Patient names, ID numbers, dates of birth, contact information
- Medical Information: Medical history, current conditions, medications, allergies, wound diagnoses
- Treatment Data: Wound measurements, healing progress, VAS pain scores, weight measurements, nutritional assessments
- Disease and Condition Management: Wound care tracking, healing status, complication monitoring
- Medication and Treatment Management: Prescribed treatments, medication schedules, treatment protocols
- Physical Therapy and Rehabilitation Data: Wound healing progress, mobility assessments, rehabilitation milestones
- Medical Images: Wound photographs for documentation and progress tracking (stored encrypted)
- Session Notes: Treatment observations, progress notes, clinical assessments
- Consent Records: Digital signatures and consent forms
Healthcare Professional Information
- Professional Details: Name, credentials, practice information, contact details
- Authentication Data: Email address, encrypted passwords, authentication tokens
- Usage Data: App interaction patterns, feature usage, session duration
Technical Information
- Device Information: Device type, operating system, app version
- Log Data: Error reports, performance metrics, security events
- Camera Access: For wound photography and documentation purposes only
How We Use Information
Primary Purposes (Healthcare Treatment)
- Patient Care: Document wound healing progress and treatment outcomes
- Clinical Decision Support: Provide evidence-based recommendations for wound care management
- Disease and Condition Management: Track wound healing, monitor complications, and manage chronic wound conditions
- Medication and Treatment Management: Document prescribed treatments, track medication adherence, and manage treatment protocols
- Physical Therapy and Rehabilitation: Monitor wound healing progress, track mobility improvements, and document rehabilitation milestones
- Nutritional Management: Track weight changes and nutritional factors affecting wound healing
- Clinical Documentation: Maintain accurate medical records and treatment histories
- Progress Tracking: Monitor healing progress with visual analytics and measurements
- Report Generation: Create treatment summaries and motivation letters for medical aid
- Communication: Facilitate communication between healthcare providers
- Medical Reference and Education: Provide access to wound care protocols, best practices, and educational resources
Secondary Purposes (App Functionality)
- Authentication: Verify healthcare professional identity and credentials
- Security: Protect against unauthorized access and maintain data integrity
- Improvement: Enhance app functionality and user experience
- Compliance: Meet regulatory requirements and audit obligations
Camera Permission Usage
We request camera permission specifically to:
- Document Wounds: Capture photographs of wounds for medical documentation
- Track Healing: Create visual records of healing progress over time
- Generate Reports: Include medical images in treatment reports and motivation letters
- Baseline Documentation: Establish initial wound condition for comparison
Important Notes:
- Photos are taken only when you explicitly use the camera feature
- All images are encrypted and stored securely in our healthcare-compliant cloud infrastructure
- Images are associated only with the specific patient and healthcare provider
- We do not access your camera for any other purposes
- You can revoke camera permission at any time through your device settings
Data Storage and Security
Security Measures
- Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3)
- Access Controls: Role-based access with multi-factor authentication
- Data Isolation: Each healthcare provider can only access their own patients
- Regular Audits: Continuous monitoring and security assessments
- Compliance: HIPAA, POPIA, and GDPR compliant infrastructure
Data Location
- Primary Storage: Google Cloud Platform (Firebase) with healthcare compliance
- Geographic Regions: Data stored in regions with adequate privacy protections
- Backup Systems: Encrypted backups with geographic redundancy
Data Sharing and Disclosure
We DO NOT Share Patient Data Except:
- With Your Patients: When you share reports or information as part of treatment
- Legal Requirements: When required by law, court order, or regulatory authority
- Medical Aid: When you generate and submit motivation letters or reports
- Emergency Situations: To prevent serious harm to patient health or safety
Service Providers
We may share limited technical data with:
- Google Cloud/Firebase: For hosting and infrastructure (Business Associate Agreement in place)
- Analytics Providers: Anonymized usage data for app improvement
- Security Services: For threat detection and prevention
We NEVER:
- Sell patient data to third parties
- Use patient data for marketing purposes
- Share data with unauthorized parties
- Access patient data without legitimate healthcare purpose
Your Rights and Choices
As a Healthcare Professional
- Access: Review your account information and patient data
- Correction: Update incorrect information
- Deletion: Request deletion of patient records (subject to legal retention requirements)
- Export: Download patient data in machine-readable format
- Consent: Withdraw consent where legally permissible
Patient Rights (Exercised Through Healthcare Provider)
- Access: Patients may request copies of their medical records
- Correction: Request correction of inaccurate information
- Restriction: Request limitations on use of their information
- Deletion: Request deletion (subject to medical record retention laws)
Data Deletion Instructions
For Users Who Connected via Facebook Login:
If you connected your MedWave account using Facebook Login and wish to delete your data, please follow these steps:
How to Request Data Deletion
Step 1: Delete Data from MedWave App
- Open the MedWave Provider app
- Go to Profile → Settings
- Select "Delete My Account"
- Confirm deletion when prompted
Step 2: Contact Us Directly
Alternatively, you can email us directly to request data deletion:
- Email: privacy@medwave.co.za
- Subject: "Data Deletion Request - Facebook Login"
- Include: Your registered email address and Facebook user ID (if known)
What Data Will Be Deleted
Upon receiving your deletion request, we will delete:
- Your healthcare professional account information
- Your authentication credentials and tokens
- Your app usage data and preferences
- Any non-medical personal information
Important Notes About Medical Records
Legal Retention Requirements:
- Patient medical records must be retained for 7 years (or longer) as required by healthcare regulations
- We cannot immediately delete patient medical records due to legal and regulatory obligations
- Medical records will be anonymized and retained only for the legally required period
- After the retention period expires, all medical records will be permanently deleted
Deletion Timeline
- Account Data: Deleted within 30 days of request
- Authentication Tokens: Revoked immediately
- Backup Systems: Purged within 90 days
- Medical Records: Anonymized and retained per legal requirements (7+ years)
Confirmation
Once your data deletion is complete, we will send you a confirmation email to your registered email address. If you do not receive confirmation within 30 days, please contact us at privacy@medwave.co.za.
Data Retention
Patient Medical Records
- Active Patients: Retained while patient receives ongoing care
- Inactive Patients: 7 years after last treatment (or longer per local regulations)
- Legal Requirements: Extended retention if required by law or regulation
System Data
- Audit Logs: 7 years for compliance purposes
- Security Logs: 2 years for security monitoring
- Usage Analytics: 12 months in anonymized form
International Data Transfers
When data is transferred internationally, we ensure:
- Adequate Protection: Transfers only to countries with adequate privacy laws
- Contractual Safeguards: Standard contractual clauses for data protection
- Encryption: All transfers are encrypted and monitored
Children's Privacy
MedWave Provider is designed for use by licensed healthcare professionals. While the app may be used to document treatment of pediatric patients, we do not knowingly collect personal information directly from children under 13. All pediatric patient information is collected and managed by the healthcare professional in accordance with applicable laws and medical ethics.
Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:
- Notify Users: Provide notice of material changes through the app
- Effective Date: Clearly indicate when changes take effect
- Review Options: Allow reasonable time to review changes before they take effect
Health App Features Declaration
MedWave Provider is a Health App as defined by Google Play Store policies. Our app includes the following health-related features:
Medical Features
- Clinical Decision Support: AI-powered wound assessment and treatment recommendations
- Healthcare Services and Management: Comprehensive patient and wound care management system
- Medical Reference and Education: Access to wound care protocols, ICD-10 codes, and clinical guidelines
- Diseases and Conditions Management: Tracking and management of wound conditions, healing progress, and complications
- Medication and Treatment Management: Documentation of prescribed treatments, medications, and treatment protocols
- Physical Therapy and Rehabilitation: Monitoring wound healing progress and rehabilitation milestones
Health and Fitness Features
- Nutrition and Weight Management: Tracking weight changes and nutritional factors affecting wound healing
Data Handling for Health Features
All health data collected through these features is:
- Encrypted: AES-256 encryption at rest, TLS 1.3 in transit
- Access-Controlled: Only accessible by the treating healthcare professional
- HIPAA-Compliant: Stored in HIPAA-compliant infrastructure with Business Associate Agreements
- Audit-Logged: All access and modifications are logged for security and compliance
- Not Shared: Never sold or shared with third parties for marketing purposes
Regulatory Compliance
This Privacy Policy and our practices comply with:
- HIPAA (Health Insurance Portability and Accountability Act) - United States
- POPIA (Protection of Personal Information Act) - South Africa
- GDPR (General Data Protection Regulation) - European Union
- Google Play Health Apps Policy - Health data handling requirements
- Local Privacy Laws in jurisdictions where the app is used
Contact Information
Complaints and Regulatory Contacts
If you have concerns about our privacy practices, you may contact: