Arthomed Clinic - Dr. Raghu Nagaraj
Dr. Raghu Nagaraj - Arthroscopy & Robotic Joint Replacement Specialist
Address: No 54, 2nd Floor, ESI Hospital, Link Rd 4, Next to Nalli Silks Corporate Office, Near Indiranagar, Appareddipalya, Indiranagar, Bengaluru, Karnataka 560038, India
Email: [contact@arthomed.in]
Phone: [Clinic Phone Number]
Website: https://arthomed.in/
Personal Information
Name, email address, phone number, postal address
Date of birth, age, gender
Government-issued ID numbers (when required for insurance or legal purposes)
Name, email address, phone number, postal address
Health Information (Protected Health Information - PHI)
Previous injuries, surgeries, treatments, allergies
Symptoms, pain levels, mobility assessments
Surgical procedures, rehabilitation progress, medication history
Health insurance details, policy numbers, coverage information
Financial Information
Credit card information, billing addresses, payment history
Processing information for cashless treatments
Direct Collection
In-Person Consultations:
During medical appointments and examinations
Website Forms:
Contact forms, appointment booking, patient registration
Phone Communications:
Appointment scheduling, follow-up calls
Email Communications:
Medical inquiries, treatment updates
Paper Forms:
Patient intake forms, consent documents
Automatic Collection
Website Analytics:
Through cookies and similar technologies
Diagnostic Equipment:
Medical imaging and testing devices
Security Systems:
CCTV recordings in clinic premises (where legally permitted)
Third-Party Sources
Insurance Providers:
For cashless treatment processing
Referring Physicians:
Medical records and referral information
Laboratory Services:
Test results and diagnostic reports
We process your personal and health information based on the following legal grounds:
Consent
Explicit Consent:
For marketing communications, research participation
Implied Consent:
For standard medical care and website usage
Legitimate Interests
Medical Treatment:
Providing orthopedic care and surgical services
Appointment Management:
Scheduling and confirming medical appointments
Insurance Processing:
Facilitating cashless treatments
Quality Improvement:
Enhancing our medical services
Legal Obligations
Regulatory Compliance:
Meeting healthcare licensing requirements
Insurance Requirements:
Fulfilling policy claim obligations
Court Orders:
: Responding to legal proceedings when required
Vital Interests
Emergency Care:
Providing urgent medical treatment
Public Health:
Reporting communicable diseases when required
Primary Medical Purposes
Diagnosis and Treatment:
Evaluating orthopedic conditions and providing appropriate care
Surgical Planning:
Preparing for arthroscopic and joint replacement procedures
Follow-up Care:
Post-operative monitoring and rehabilitation support
Medication Management:
Prescribing and monitoring therapeutic treatments
Administrative Purposes
Appointment Scheduling:
Managing consultation and surgery schedules
Insurance Processing:
Facilitating cashless treatments and claim submissions
Billing and Payment:
Processing financial transactions
Quality Assurance:
Maintaining high standards of medical care
Communication
Treatment Updates:
: Informing about test results and treatment plans
Appointment Reminders:
SMS, email, or phone call notifications
Health Education:
Sharing relevant orthopedic health information
Emergency Contact:
Reaching you in urgent medical situations
Legal and Safety
Regulatory Compliance:
Meeting healthcare authority requirements
Safety Monitoring:
Identifying potential medical complications
Legal Proceedings:
Responding to court orders or legal investigations
Healthcare Team
Medical Staff :
Doctors, nurses, physiotherapists involved in your care
Specialists:
Referrals to other medical professionals when necessary
Laboratory Services:
Sharing information for diagnostic testing
Business Associates
Insurance Companies:
For cashless treatment processing
Billing Services:
For payment processing and financial management
IT Service Providers:
For secure data storage and website maintenance
Cleaning and Maintenance:
Limited access for facility management
Legal Requirements
Government Authorities:
When required by law or regulation
Court Orders:
In response to valid legal proceedings
Public Health:
Reporting communicable diseases when mandated
Legal and Safety
Regulatory Compliance:
Meeting healthcare authority requirements
Safety Monitoring:
Identifying potential medical complications
Legal Proceedings:
Responding to court orders or legal investigations
Emergency Situations
Family Members:
In medical emergencies with your consent
Emergency Services:
When immediate medical intervention is required
Research and Analytics
De-identified Data:
For medical research and quality improvement (with consent)
Anonymized Statistics:
For healthcare planning and public health research
International Data Transfers
In some cases, we may transfer your data outside India for the following purposes:
Cloud Storage:
Using international cloud service providers with adequate security measures
Medical Equipment:
Diagnostic equipment that may store data on international servers
We ensure all international transfers comply with applicable data protection laws and include appropriate safeguards such as:
Adequacy Decisions:
Transferring to countries with adequate data protection
Standard Contractual Clauses:
Using approved data transfer agreements
Binding Corporate Rules:
When dealing with multinational healthcare organizations
Physical Security
Secure Premises:
Locked filing cabinets for paper records
Access Controls:
Restricted access to medical record areas
CCTV Monitoring:
Security cameras in common areas (where legally permitted)
Technical Security
Encryption:
SSL/TLS encryption for website data transmission
Secure Servers:
Protected data storage with regular security updates
Access Controls:
Role-based access to patient information
Regular Backups:
Secure backup procedures for data recovery
Administrative Security
Staff Training:
Regular privacy and security training for all personnel
Confidentiality Agreements:
All staff sign comprehensive confidentiality agreements
Audit Trails:
Monitoring access to patient information
Incident Response:
Procedures for handling potential security breaches
Network Security
Firewalls:
Advanced network protection systems
Antivirus Software:
Regular malware protection updates
Secure Wi-Fi:
Protected wireless networks in clinic premises
Medical Records
Active Patients:
Throughout the duration of the treatment relationship
Inactive Patients:
10 years from last treatment (or as required by Indian medical regulations)
Pediatric Records:
Until patient reaches age of majority plus 10 years
Financial Records
Billing Information:
7 years for tax and audit purposes
Insurance Claims:
As required by insurance provider agreements
Website Data
Analytics Data:
2 years for website improvement purposes
Communication Records:
3 years for quality assurance
Marketing Data
Consent-based Communications:
Until consent is withdrawn
Newsletter Subscriptions:
Until unsubscribed
We will securely dispose of all personal and health information when the retention period expires, unless required to retain it longer by law.
Access Rights
Right to Access:
Request copies of your personal and health information
Right to Portability:
Receive your data in a structured, commonly used format
Right to Information:
Understand how your data is being processed
Control Rights
Right to Rectification:
Correct inaccurate or incomplete information
Right to Erasure:
Request deletion of your personal data (subject to legal requirements)
Right to Restrict Processing:
Limit how we use your information
Right to Object:
Object to certain types of data processing
Communication Rights
Right to Withdraw Consent:
Withdraw permission for data processing at any time
Right to Opt-out:
Unsubscribe from marketing communications
Right to Data Portability:
Transfer your data to another healthcare provider
Legal Rights
Right to Complain:
File complaints with data protection authorities
Right to Judicial Remedy:
Seek legal remedies for privacy violations
Exercising Your Rights
Email:
[privacy@arthomed.in]
Phone:
[Clinic Phone Number]
Mail:
Privacy Officer, Arthomed Clinic, [Complete Address]
We will respond to your request within:
30 days
for most requests
60 days
for complex requests (with notification of extension)
Immediately
for urgent medical situations
Types of Cookies We Use
Essential Cookies
Session Management:
Maintaining your login status
Security:
Protecting against unauthorized access
Load Balancing:
Ensuring website performance
Functionality Cookies
Language Preferences:
Language Preferences: Remembering your preferred language
Accessibility Settings:
Maintaining accessibility preferences
Form Data:
Temporarily storing appointment booking information
Analytics Cookies
Website Usage:
Understanding how visitors use our website
Performance Monitoring:
Identifying technical issues
Content Optimization:
Improving website content and structure
Marketing Cookies (with consent)
Advertising:
Showing relevant healthcare information
Social Media:
Sharing buttons for social platforms
Retargeting:
Displaying relevant content to previous visitors
Managing Cookies
You can control cookies through your browser settings:
Google Analytics:
For website traffic analysis
Social Media Platforms:
For sharing healthcare information
Payment Processors:
For secure online transactions
Our services are primarily designed for adult patients. However, we may treat pediatric patients for orthopedic conditions.
Parental Consent
Under 18:
We require parental or guardian consent for data processing
Medical Emergencies:
We may process data without consent in urgent situations
Educational Materials:
Age-appropriate health information with parental consent
Special Protections
Limited Data Collection:
We collect only necessary information for pediatric patients
Enhanced Security:
Additional safeguards for children's health information
Parent Access:
Parents can access and control their child's information
Payment Processors
We use secure payment processors for financial transactions:
PCI DSS Compliance:
All payment processors meet industry security standards
Encryption:
Credit card information is encrypted during transmission
Limited Storage:
We do not store complete credit card numbers
Insurance Partners
We work with various insurance companies for cashless treatments:
Data Sharing Agreements:
Formal contracts governing information sharing
Limited Purpose:
Information shared only for claim processing
Patient Consent:
Prior authorization for insurance-related data sharing
Medical Equipment Vendors
Some diagnostic equipment may involve data sharing:
Cloud Storage:
Secure storage of medical images
Remote Analysis:
Specialist consultations through telemedicine
Data Security:
Vendor compliance with healthcare data protection standards
Detection and Response
Monitoring Systems:
Continuous monitoring for potential security incidents
Incident Response Team:
Trained personnel to handle security breaches
Investigation Procedures:
Thorough assessment of any potential breaches
Notification Timeline
Internal Reporting:
Immediate notification to clinic management
Regulatory Authorities:
Within 72 hours of breach discovery
Affected Patients:
Without undue delay, typically within 7 days
Public Disclosure:
If required by law and if breach affects large numbers
Breach Information
We will provide affected individuals with:
Nature of the Breach:
What information was involved
Potential Consequences:
Possible impacts on patient privacy
Remedial Actions:
Steps taken to address the breach
Protective Measures:
Recommendations for affected individuals
Types of Communications
Appointment Reminders:
Essential treatment-related communications
Health Education:
Orthopedic health tips and information
Service Updates:
New treatment options and clinic services
Promotional Offers:
Special pricing for health services (with consent)
Consent Management
Opt-in:
Explicit consent required for marketing communications
Opt-out:
Easy unsubscribe options in all marketing messages
Preference Center:
Ability to choose specific types of communications
Consent Records:
Documentation of all marketing consent
Communication Channels
Email:
Healthcare newsletters and appointment reminders
SMS:
Appointment confirmations and urgent notifications
Phone:
Follow-up calls and treatment updates
Postal Mail:
Written communications when preferred
International Patients
We welcome patients from other countries and provide:
Privacy Protection:
Same privacy standards regardless of patient nationality
Language Support:
Translated privacy notices when possible
Cultural Sensitivity:
Respectful handling of cultural privacy preferences
Medical Tourism
For international patients seeking orthopedic treatment:
Coordination Services:
Assistance with travel and accommodation
Medical Records:
Secure transfer of health information
Follow-up Care:
Coordination with home country healthcare providers
Participation Opportunities
We may invite patients to participate in:
Clinical Research:
Studies on orthopedic treatment effectiveness
Quality Improvement:
Projects to enhance patient care
Medical Education:
Anonymous case studies for training purposes
Research Consent
For international patients seeking orthopedic treatment:
Separate Consent:
Distinct consent process for research participation
Voluntary Participation:
No impact on treatment quality for non-participants
Data De-identification:
Removal of identifying information when possible
Withdrawal Rights:
Ability to withdraw from research at any time
Virtual Consultations
We may offer telemedicine services including:
Video Consultations:
Secure video calls for follow-up appointments
Digital Imaging:
Secure transmission of X-rays and scans
Remote Monitoring:
Digital tracking of recovery progress
Technology Safeguards
Encrypted Platforms:
Secure telemedicine software
Access Controls:
Password-protected virtual consultations
Recording Policies:
Clear policies on session recording
Technical Support:
Assistance with digital health tools
Notification of Changes
Material Changes:
Email notification to registered patients
Minor Updates:
Website notification and updated effective date
Legal Requirements:
Immediate updates for regulatory compliance
Review Process
Annual Review:
Regular assessment of privacy practices
Regulatory Updates:
Monitoring changes in privacy laws
Technology Changes:
Updates based on new technologies
Patient Feedback:
Incorporation of patient privacy concerns
Version Control
Effective Dates:
Clear dating of all policy versions
Archive Access:
Previous versions available upon request
Change Documentation:
Record of all significant modifications
Privacy Officer
Name:
[Privacy Officer Name]
Title:
Privacy Officer, Arthomed Clinic
Email:
Phone:
[Direct Phone Number]
Address:
[Complete Clinic Address]
General Inquiries
Clinic Reception:
[Main Phone Number]
General Email:
Website:
Office Hours:
Monday-Sunday, 9:00 AM - 8:00 PM
Complaints and Concerns
If you have concerns about our privacy practices, you may contact:
Internal Complaints:
Privacy Officer (contact details above)
Clinic Director: Dr. Raghu Nagaraj
External Authorities:
India: Data Protection Board of India
EU Residents: Local Data Protection Authority
California Residents: California Privacy Protection Agency
Emergency Contact
For urgent privacy concerns related to active medical treatment:
Emergency Privacy Line:
Available:
24/7 for urgent privacy matters
Acknowledgment
By using our website or services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.
