Privacy Policy
Effective Date: 13-10-2025
Last Updated: 13-10-2025

1.Introduction

The HMIS Mobile App (“the App”, “we”, “our”, or “us”) is managed by the Management Information System (MIS) Department, MTI Khyber Teaching Hospital (KTH), Peshawar, Pakistan. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our App. We are committed to maintaining the privacy, confidentiality, and security of your personal and health-related information in accordance with applicable data protection and healthcare privacy laws.

By using the App, you agree to the terms outlined in this Privacy Policy.

2. Scope of the Policy

This policy applies to all users of the HMIS Mobile App, including patients, healthcare providers, and administrative staff who access hospital information systems through the app.

3. Information We Collect

We collect only the information necessary to provide secure access to hospital services and patient records.

  1. Personal Identification Information
  • Full name
  • Contact number and email address
  • CNIC or patient registration number
  • Account credentials (username, user ID)
  1. Medical Information
  • Visit records, diagnostic reports, prescriptions, and billing data
  • Clinical and appointment details accessible through the app
  1. Device and Usage Information
  • Device type, operating system, and version
  • IP address, access timestamps, and app usage activity
  • System logs for troubleshooting and performance optimization

4. Purpose of Data Collection

Your information is collected and processed for the following purposes:

  • To authenticate users and manage secure login sessions
  • To provide access to medical records, appointments, and billing
  • To ensure operational reliability and improve app functionality
  • To comply with hospital and government healthcare regulations

We do not sell, trade, or use your data for marketing or commercial purposes.

5. Legal Basis for Processing

Data processing is carried out under the following legal bases:

  • Performance of a public healthcare function under MTI KTH
  • Compliance with legal obligations under national healthcare laws

Legitimate interests in maintaining secure IT operations

6. Data Storage and Security

  • All data is stored on secure on-premise servers managed by MTI KTH’s Data Centers.
  • Encryption (SSL/TLS) is used for all data transmissions between the app and servers.
  • Regular backups, monitoring, and access audits are conducted to prevent unauthorized access or data loss.
  • Access to data is role-based and limited to authorized hospital staff only.

7. Data Retention

We retain personal and medical data for as long as required by hospital policy and healthcare regulations. Once the retention period expires, the data is securely deleted or anonymized.

8. Data Sharing and Disclosure

Your data may be shared only under the following conditions:

  • With authorized hospital departments for patient care
  • With government or regulatory authorities where legally required

No data is shared with commercial or third-party entities.

9. User Rights

In accordance with international privacy standards (GDPR/HIPAA principles), users have the following rights:

  • Access: Request a copy of your stored information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request removal of your data (where legally permissible)
  • Restriction: Limit the processing of your personal information

Requests can be submitted via the contact details provided below.

10. Policy Updates

We may revise this Privacy Policy from time to time to reflect updates in our services or legal requirements. The revised policy will be posted in the App and on the hospital’s official website with an updated “Effective Date.”

11.Contact Information

For any questions, concerns, or data access requests, please contact:
MIS Department
Medical Teaching Institution (MTI) – Khyber Teaching Hospital (KTH)
Peshawar, Pakistan

 

Privacy Policy