Data Revocation and Retention Policy
MClinic is committed to upholding the privacy and security of patient data while ensuring compliance with applicable laws and regulations. This Data Revocation and Retention Policy outlines the guidelines for the revocation of data sharing permissions, as well as the retention and disposal of data.
1. Data Revocation
1.1. Right to Withdraw Consent: Patients have the right to withdraw their consent for data sharing or processing at any time. Upon receiving a data revocation request, MClinic will cease using and sharing the patient’s data for the purposes to which consent was previously given.
1.2. Procedure for Revocation: To revoke consent, patients must submit a written request to MClinic. Upon receipt, MClinic will acknowledge the request and begin the process of data revocation.
1.3. Data Revocation Scope: Once consent is revoked, MClinic will no longer process the patient’s data for the revoked purposes. However, certain data may still be retained for legal and compliance reasons as outlined in the retention policy.
2. Data Retention
2.1. Retention Period: MClinic will retain patient data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and operational requirements. Retention periods will vary based on the type of data and its purpose.
2.2. Types of Retained Data: Patient data subject to retention may include medical records, treatment histories, billing information, and other data necessary for providing healthcare services.
2.3. Data Archiving: When patient data is no longer actively needed for ongoing operations, it may be archived securely to protect patient privacy while preserving data integrity.
2.4. Data Disposal: MClinic will securely dispose of patient data once the retention period has expired and there is no longer a legal or operational requirement to retain it. Secure disposal methods may include data deletion, data anonymization, or physical destruction of storage media.
3. Compliance and Auditing
3.1. Compliance Monitoring: MClinic will regularly monitor its data retention and disposal practices to ensure compliance with applicable laws and regulations, including data protection and privacy laws.
3.2. Auditing and Review: MClinic will conduct regular audits of its data revocation and retention practices to verify compliance with this policy. Findings from audits will be used to make necessary improvements.
4. Data Subject Rights
4.1. Access and Correction: Patients have the right to request access to their data and request corrections to ensure data accuracy.
4.2. Data Portability: Patients have the right to request a copy of their data in a structured, commonly used, and machine-readable format.
4.3. Erasure: Patients have the right to request erasure of their data when it is no longer needed for the purposes for which it was collected, unless legal or regulatory obligations require its retention.
5. Employee Training and Awareness
5.1. Training: Employees involved in data handling will receive regular training on data revocation and retention policies, as well as applicable data protection and privacy laws.
5.2. Accountability: MClinic employees are responsible for adhering to this policy and may face disciplinary actions for non-compliance.
6. Contact Information
6.1. Questions or Concerns: If patients have any questions or concerns regarding this policy, they can contact MClinic at info@mclinic.co.ke.
By adhering to this Data Revocation and Retention Policy, MClinic aims to uphold the highest standards of data protection and privacy while supporting the delivery of high-quality healthcare services.