Last Updated: May 5, 2025

Welcome to Inova Hospital. This Privacy Policy explains how we collect, use, and protect your information when you visit our website (https://inovahospital.com.np) or use the Inovacare mobile application (“App”).

Who we are

Suggested text: Our website address is: https://inovahospital.com.np.

Scope and Consent

By visiting our website or registering for or using the Inovacare App, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy and our Terms & Conditions.

Information We Collect

We may collect the following categories of personal data:

• Identity & Contact Data: Name, date of birth, gender, address, email, and phone number.
• Protected Health Information (PHI): Medical history, lab results, diagnoses, prescriptions, treatment plans, and clinician notes.
• Usage Data: App crash logs, session durations, feature interactions, and navigation behavior.
• Device & Technical Data: Device model, operating system, browser type, IP address, and unique device identifiers.
• Communications Data: Messages and consultations with healthcare providers via in-app chat or teleconsultation.

Legal Bases for Processing

We process data based on the following legal grounds:

• Consent: Explicit consent given by users upon registration.
• Contractual Necessity: To fulfill healthcare services.
• Legal Obligation: To comply with applicable laws regarding healthcare data retention and public health reporting.

How We Use Your Data

Your data is used for:

• Delivering Healthcare Services: Appointment bookings, teleconsultations, prescriptions, and access to EHR.
• Enhancing the App and Website: Analytics and crash reporting to improve functionality and stability.
• Communication: Notifications for appointments, results, and important updates.
• Research & Innovation: Aggregated, de-identified data for clinical research and improvements.

Data Sharing and Disclosure

We do not sell your data. We may share your data with:

• Healthcare Providers: To deliver medical care and coordinate treatment.
• Third-party Service Providers: Under strict confidentiality and HIPAA-compliant agreements.
• Legal Authorities: If required by law or judicial proceedings.
• Researchers: In de-identified and aggregated form only.

Data Security

We protect your information using:

• Encryption: TLS in transit and AES-256 at rest.
• Access Controls: Role-based access, multi-factor authentication, and regular audits.
• Incident Response: A HIPAA-compliant breach response protocol.

Data Retention

We retain your data only as long as necessary:

• To provide services;
• To comply with legal obligations (e.g., healthcare data retention laws: typically 7–10 years);
• To resolve disputes.

Your Rights

You may exercise the following rights:

• Access & Portability: Request a copy of your personal data.
• Correction: Update inaccurate or outdated information.
• Deletion: Request erasure of your data (subject to legal obligations).
• Restrict Processing: Opt-out of certain uses (e.g., marketing).

Children’s Privacy

Our services are intended for individuals aged 18 and above. We do not knowingly collect data from children under 18. If we become aware of such data, we will delete it promptly.

International Transfers

Your data may be processed in Nepal or other countries where our partners operate. We ensure adequate protection measures are in place for cross-border data transfers.

Cookies and Tracking Technologies

Comments: When visitors leave comments, we collect the data entered, as well as the IP address and browser info for spam detection.

Gravatar: An anonymized hash of your email may be shared with Gravatar to display your profile image (see: Gravatar Privacy Policy).

Media Uploads: Images with EXIF GPS data may reveal your location to visitors.

Cookies:

• Saving name/email on comment submission (expires after 1 year).
• Login-related cookies (2–14 days).
• Post-edit tracking cookie (expires after 1 day).

Embedded Content: Third-party content (e.g., YouTube, articles) behaves as if visited directly—these may collect data and set cookies.

Where Your Data Is Sent

Visitor comments may be screened using automated spam detection tools.

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be reflected with a revised “Last Updated” date. Continued use of our services implies acceptance of the revised policy.

Contact Us

For privacy concerns, rights requests, or data inquiries:

Inova Hospital – Data Protection
📧 contact@inovahospital.com.np
📞 +977 9802348721