DPDP Act 2023 + ABDM/ABHA Aligned | Enterprise-Ready
EZEU HMS – Privacy, Terms & Data Protection Policy (India Ready)
India-ready privacy, terms, and data protection terms for EZEU HMS customers and healthcare providers.
- Effective Date
- 1 April 2026
- Last Updated
- 1 April 2026
1. Introduction
EZEU Technologies (“EZEU”, “we”, “our”, “us”) provides a Hospital Management System (HMS) integrated with an Insurance Enablement Platform.
We are committed to protecting personal and health data in compliance with the Digital Personal Data Protection Act, 2023 (India), and ABDM / ABHA ecosystem guidelines.
By using EZEU HMS, you agree to this policy.
2. Roles & Legal Positioning
- Hospitals / Clinics → Data Fiduciaries
- EZEU → Data Processor
- EZEU processes data strictly on behalf of healthcare providers and as per their instructions.
3. Notice at Collection (DPDP Requirement)
At the time of data collection, the following is disclosed:
- Type of data collected: personal, health, insurance
- Purpose of processing: treatment, operations, insurance
- Data sharing with hospitals, insurers, and ecosystem partners
- Contact details for grievance redressal
4. Data We Collect
4.1 Patient & Personal Data
- Name, phone, email, address
- Age, gender, identifiers
4.2 Health Data
- Medical records, prescriptions
- Lab reports, vitals
4.3 Insurance Data
- Policy and claims information
4.4 Operational Data
- Appointments, billing, workflows
4.5 Technical Data
- IP, device info, audit logs
5. Consent Management (DPDP + ABDM)
- Explicit patient consent is obtained before data processing
- Consent is logged, auditable, and revocable
- Withdrawal of consent is supported via hospitals or platform
- Processing continues only where legally required, such as medical records retention
6. Purpose Limitation
Data is processed only for:
- Patient care and treatment
- Hospital operations
- Insurance processing
- Legal and regulatory compliance
7. ABDM / ABHA Compliance
EZEU HMS aligns with India’s digital health ecosystem:
7.1 Consent-Based Data Sharing
- Explicit, informed consent required
- Consent artifacts stored and auditable
7.2 ABHA Integration
- ABHA ID creation, linking, authentication
- Access to longitudinal health records
7.3 HIE-CM Compatibility
- Secure API-based data exchange
- Interoperability with ecosystem participants
7.4 Patient Control
- Patients can manage, grant, and revoke access to their data
8. Data Sharing
EZEU does NOT sell data.
Data is shared only with:
- Hospitals and doctors
- Insurance providers
- Authorized partners
- Government authorities if required by law
9. Data Storage & Localization
- Data is stored in secure cloud infrastructure
- Storage may be within India or in compliant global regions
- All storage follows strict security and contractual safeguards
10. Data Security
- Encryption at rest and in transit
- Role-Based Access Control (RBAC)
- Multi-factor authentication (MFA)
- Continuous monitoring and audit logging
11. Data Retention
Data is retained for medical and legal requirements, insurance and financial compliance. After retention, data is deleted or anonymized securely.
12. User Rights (DPDP)
Patients have the right to:
- Access their data
- Request correction or deletion
- Withdraw consent
- Raise grievances
13. Data Portability & Exit
Upon termination, hospitals may request data export in standard formats. Data will be provided within 30–60 days. Post-delivery, EZEU may securely delete retained data unless legally required.
14. Breach Notification
In case of a data breach, EZEU will notify hospitals without undue delay and support necessary regulatory notifications.
15. Children’s Data
Handled only via hospitals or guardians for medical purposes.
17. TERMS OF SERVICE
17.1 Services
- HMS platform
- Insurance enablement
- Integration with labs, insurers, and ABHA
17.2 User Responsibilities
- Ensure data accuracy
- Obtain patient consent
- Maintain access control
17.3 Restrictions
- Misuse data
- Reverse engineer
- Violate laws
17.4 Fees
Subscription or usage-based pricing applies. Non-payment may lead to suspension.
17.5 Service Availability (SLA)
Target uptime: 99.5% or higher. Planned maintenance with prior notice. Support response: Critical within 4 hours, High within 8 hours, Normal within 24 hours.
17.6 Limitation of Liability
EZEU is not liable for clinical decisions, patient outcomes, insurance delays or rejections, or incorrect data entry. Maximum liability is limited to fees paid in last 3–6 months.
17.7 Indemnity
- Legal violations
- Data misuse
- Consent failures
17.8 Termination
- Violations
- Non-payment
- Security risks
18. DATA PROCESSING AGREEMENT (DPA)
18.1 Scope
Processing of personal and health data on behalf of hospitals.
18.2 Processing
Only as instructed by hospitals.
18.3 Confidentiality
Strict confidentiality obligations for all personnel.
18.4 Sub-processors
Allowed with equivalent safeguards.
18.5 Security
Encryption, access control, monitoring.
18.6 Breach Handling
Notification + mitigation support.
18.7 Data Deletion
On termination or request, subject to law.
18.8 Audit Rights
Hospitals may request compliance documentation.
19. Grievance Redressal (Mandatory – DPDP)
Grievance Officer
EZEU Technologies
Email: contact@ezeu.in
Phone: +91 8310465203
Response Timeline: Within 7–15 working days
20. Governing Law
Governed by laws of India. Jurisdiction: Bangalore, Karnataka courts.
21. Contact Information
EZEU Technologies
Email: contact@ezeu.in
Phone: +91 8310465203
22. Policy Updates
This policy may be updated periodically.