Legal & Compliance Statement

1. Introduction

SmartCarePlus is committed to ensuring the highest standards of data privacy, security, and regulatory compliance. This page outlines how we collect, process, and protect data in accordance with global healthcare and data protection laws.

2. Data Storage & Security

  • All patient and partner data is securely stored on Google Cloud Healthcare FHIR (us-central1 region).
  • Google Cloud provides industry-leading security certifications (ISO/IEC 27001, SOC 2, HITRUST CSF).
  • Data is encrypted in transit and at rest.
  • Role-based access controls and audit logs ensure accountability.

3. Compliance Framework

SmartCarePlus complies with:

  • WhatsApp Business Platform policies for secure communication.
  • General Data Protection Regulation (GDPR) for EU users.
  • HIPAA-aligned standards for U.S. healthcare providers (when used in accordance with our security guidelines).
  • Equivalent international privacy and healthcare regulations where applicable.

4. Data Usage

  • SmartCarePlus is the sole custodian of all stored data.
  • Partners (hospitals, clinics, providers) do not store or transfer patient data outside the platform.
  • Data is never sold or shared with third parties.
  • Patient data is used strictly for operational purposes: appointments, prescriptions, records, and communication.

5. Patient Privacy & Confidentiality

  • All WhatsApp-based communication is end-to-end encrypted.
  • Access to records requires authenticated login credentials.
  • Patients have the right to request account access details and data removal (subject to legal/regulatory retention requirements).

6. HIPAA & U.S. Market Alignment

  • SmartCarePlus is designed to align with HIPAA Privacy & Security Rules.
  • Data hosting on Google Cloud Healthcare (FHIR) ensures technical safeguards such as encryption, audit trails, and integrity controls.
  • Covered Entities and Business Associates remain responsible for implementing their own compliance policies in conjunction with SmartCarePlus.

7. GDPR & International Standards

  • SmartCarePlus ensures data minimization, purpose limitation, and storage limitation as required by GDPR.
  • Users can exercise their rights under GDPR (access, correction, deletion, portability).
  • Data processing agreements (DPAs) are maintained with infrastructure providers (Google Cloud).

8. Contact Information

If you have questions or concerns about this policy or your data, please contact:
📧 Email: smartcareplus@whatsdiscuss.in
📞 Phone: +91 93103 25556

9. Updates to This Policy

We may update this policy to reflect changes in our practices, technology, or legal requirements. All updates will be posted on this page with a revised “Last Updated” date.

Last updated: 14th August 2025

← Previous page
Patient Health Data Security & Storage Policy