Secure. Compliant. Built for Healthcare (HIPAA, DPDP Act 2023 & ABDM/ABHA Aligned)

EZEU HMS – Privacy, Terms & Data Processing Policy

This policy explains how EZEU HMS handles privacy, terms of service, and data processing for healthcare providers.

Effective Date: 1 April 2026
Last Updated: 1 April 2026

1. Introduction

EZEU Technologies (“EZEU”, “we”, “our”, “us”) provides a Hospital Management System (HMS) integrated with an Insurance Enablement Platform designed for healthcare providers.

We are committed to protecting personal, medical, and operational data in compliance with HIPAA where applicable, the Digital Personal Data Protection Act, 2023 (India), and ABDM / ABHA ecosystem guidelines.

By using EZEU HMS, you agree to this policy.

2. Roles & Legal Positioning

Hospitals / Clinics → Data Fiduciaries (DPDP) / Covered Entities (HIPAA)
EZEU → Data Processor (DPDP) / Business Associate (HIPAA)
EZEU processes data strictly on behalf of healthcare providers.

3. Data We Collect

3.1 Patient & Personal Data

Name, phone, email, address
Age, gender, identifiers

3.2 Health Data (PHI)

Medical records, diagnosis, prescriptions
Lab reports, vitals, imaging

3.3 Insurance Data

Policy details
Claims and billing

3.4 Hospital Operations Data

Appointments, admissions, discharge
Billing, workflows

3.5 Technical Data

IP address, device info
Logs, audit trails

4. Legal Basis (DPDP Compliance)

Processing is based on:

Patient consent
Medical necessity
Legal and regulatory obligations

5. Use of Data

Deliver patient care
Manage hospital workflows
Enable insurance processing
Ensure compliance
Improve system performance

6. HIPAA Compliance

EZEU ensures:

Business Associate Agreement (BAA)-based processing
Administrative, physical, and technical safeguards
Minimum necessary data access
Audit logs and breach notification compliance

7. ABDM / ABHA Compliance

EZEU HMS aligns with India’s digital health ecosystem:

7.1 Consent Management

Explicit patient consent required
Consent is logged and auditable
Revocation supported

7.2 ABHA Integration

ABHA ID creation and linking
Secure access to patient health records

7.3 Interoperability

ABDM-compliant APIs
Standardized health data exchange

7.4 Security & Privacy

Encryption and secure transmission
Role-based access and monitoring

9. Data Security

Encryption at rest & transit
RBAC + MFA
Monitoring & logging
Secure cloud infrastructure

10. Data Retention

Data is retained for medical/legal compliance, insurance and billing, then securely deleted or anonymized.

11. User Rights

Under DPDP

Access, correction, deletion
Withdraw consent
Grievance redressal

Under HIPAA

Access PHI
Amend records
Disclosure tracking

12. Cross-Border Transfers

Data may be processed globally with adequate safeguards and legal compliance.

13. Breach Notification

EZEU will notify hospitals without delay and comply with HIPAA & DPDP requirements.

14. Children’s Data

Processed only via hospitals or guardians.

15. Cookies

Used for security, sessions, and analytics.

16. TERMS OF SERVICE (ToS)

16.1 Acceptance

By using EZEU HMS, users agree to these terms.

16.2 Services Provided

EZEU provides HMS platform, insurance enablement, and integrations with labs, ABHA, and insurers.

16.3 User Responsibilities

Hospitals agree to use the system lawfully, maintain confidentiality of access, and obtain patient consent where required.

16.4 Restrictions

Users must not misuse patient data
Reverse engineer the platform
Violate laws or regulations

16.5 Availability

EZEU aims for high uptime but does not guarantee uninterrupted service.

16.6 Limitation of Liability

EZEU is not liable for clinical decisions, data entered incorrectly by hospitals, or external system failures.

16.7 Termination

EZEU may suspend access for violations, security risks, or legal requirements.

17. DATA PROCESSING AGREEMENT (DPA)

17.1 Scope

This DPA governs processing of personal and health data by EZEU on behalf of hospitals.

17.2 Processing Instructions

EZEU processes data only as instructed by hospitals and only for agreed purposes.

17.3 Confidentiality

All personnel are bound by strict confidentiality obligations.

17.4 Sub-processors

EZEU may use sub-processors, such as cloud providers, with equivalent data protection obligations.

17.5 Security Measures

Encryption
Access control
Monitoring

17.6 Data Breach

EZEU will notify without undue delay and assist in mitigation.

17.7 Data Return / Deletion

Upon termination, data will be returned or deleted as instructed.

17.8 Audit Rights

Hospitals may request security and compliance documentation.

18. Grievance Redressal

EZEU Technologies

Email: contact@ezeu.in

Phone: +91 8310465203

Response Time: Within 30 days

19. Contact Information