Privacy Policy

Privacy Policy

Effective Date: 31 July 2025 Last Updated: 1 August 2025

Introduction

This Privacy Policy describes how Klinik Rafa ("we," "us," or "our") collects, uses, protects, and shares your personal information when you use our medical services, visit our website, make appointments, process payments, or participate in telemedicine consultations via Zoom. This policy applies to all services provided by Klinik Rafa.

We are committed to protecting your privacy and maintaining the confidentiality of your personal health information in accordance with applicable healthcare privacy laws and regulations.

Information We Collect

Medical Information

  • Medical history and health records
  • Symptoms, diagnoses, and treatment information
  • Prescription and medication details
  • Test results and medical imaging
  • Insurance information
  • Emergency contact details

Personal Information

  • Full name and date of birth
  • Contact information (phone number, email address, mailing address)
  • Government-issued identification numbers
  • Payment and billing information
  • Appointment scheduling preferences

Technical Information

  • Website usage data and analytics
  • IP addresses and device information
  • Cookies and similar tracking technologies
  • Zoom meeting logs and recordings (for telemedicine consultations)
  • Online payment transaction records

How We Use Your Information

Medical Care and Treatment

  • Providing medical consultations, diagnosis, and treatment
  • Coordinating care with other healthcare providers
  • Maintaining accurate medical records
  • Following up on treatments and appointments
  • Emergency medical situations

Administrative Purposes

  • Scheduling and managing appointments
  • Processing payments and insurance claims
  • Sending appointment reminders and health-related communications
  • Maintaining patient records and clinic operations
  • Complying with legal and regulatory requirements

Telemedicine Services

  • Conducting video consultations via Zoom
  • Recording consultations when medically necessary and with your consent
  • Providing secure access to consultation notes and prescriptions
  • Technical support for online services

Information Sharing and Disclosure

We do not sell, rent, or trade your personal health information. We may share your information only in the following circumstances:

Healthcare Operations

  • With other healthcare professionals involved in your care
  • With laboratories, pharmacies, and medical facilities as needed for treatment
  • For insurance verification and claims processing
  • With healthcare accreditation organizations

Legal Requirements

  • When required by law or court order
  • To report suspected abuse, neglect, or domestic violence
  • For public health reporting requirements
  • To prevent serious harm to you or others

Business Operations

  • With our secure third-party service providers (payment processors, IT support, appointment scheduling systems)
  • With Zoom for telemedicine consultations (subject to their privacy policy)
  • For clinic management and administrative purposes

Data Security and Protection

We implement appropriate technical, administrative, and physical safeguards to protect your personal health information, including:

  • Encrypted data transmission and storage
  • Secure access controls and authentication
  • Regular security assessments and updates
  • Staff training on privacy and security practices
  • Secure video conferencing platforms for telemedicine
  • Secure payment processing systems

Telemedicine and Zoom Consultations

When you participate in telemedicine consultations via Zoom:

  • Consultations may be recorded for medical record purposes with your explicit consent
  • You are responsible for ensuring your consultation environment is private
  • We use Zoom's healthcare-compliant features and settings
  • Consultation recordings are stored securely and treated as part of your medical record
  • You may request that consultations not be recorded (where medically appropriate)

Online Payments and Booking

Our website allows you to:

  • Schedule appointments online
  • Make secure payments for services
  • Access patient portals and health information

We use secure, encrypted payment processing systems and do not store complete credit card information on our servers.

Your Rights and Choices

You have the right to:

  • Access and review your medical records
  • Request corrections to inaccurate information
  • Request restrictions on how we use or share your information
  • Receive a copy of your health information
  • File a complaint if you believe your privacy rights have been violated
  • Withdraw consent for non-essential communications
  • Request deletion of certain personal information (subject to medical record retention requirements)

Cookies and Website Analytics

Our website uses cookies and similar technologies to:

  • Improve website functionality and user experience
  • Analyze website traffic and usage patterns
  • Remember your preferences and login information
  • Provide secure access to patient portals

You can control cookie settings through your browser preferences.

Data Retention

We retain your medical records and personal information as required by applicable healthcare laws and regulations. Generally:

  • Medical records are retained for a minimum of [7-10 years] after your last visit
  • Payment records are kept for [7 years] for tax and accounting purposes
  • Website usage data is typically retained for [2 years]
  • Telemedicine recordings are retained as part of your permanent medical record

International Data Transfers

If you are located outside Malaysia, please note that your information may be transferred to and processed in Malaysia where our clinic is located and where our service providers operate.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Sending notification via email or patient portal
  • Providing notice during your next visit or consultation

Continued use of our services after changes take effect constitutes acceptance of the updated policy.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Klinik Rafa Address: [Insert Clinic Address] Phone: [Insert Phone Number] Email: [Insert Email Address] Website: [Insert Website URL]

Privacy Officer: [Insert Name and Contact Information]

For complaints about privacy practices, you may also contact relevant healthcare regulatory authorities in your jurisdiction.


This Privacy Policy is effective as of the date listed above and supersedes all previous versions.