Clinical Data Privacy
1. Data Sovereignty & Ownership
At Puga Trinicare, we believe health data belongs to the patient. We serve as the custodian of your records, not the owner. Whether you are using DigiCare (Patient App) or your data is being managed in DigiCure (HIMS), you maintain full control over who accesses your medical history.
2. Information We Collect
We collect data necessary for clinical excellence and administrative efficiency. This includes Personal Identifiable Information (PII) such as names and IDs, and Protected Health Information (PHI) such as clinical notes, lab results, and pharmacy history. We also collect telemetry to optimize platform performance in low-bandwidth regions.
3. Security & Zero-Trust Protocols
Our infrastructure is built on a Zero-Trust architecture. All data at rest is encrypted using AES-256 standards, and data in transit is protected via TLS 1.3. Access to records is governed by multi-tier Role-Based Access Control (RBAC), ensuring that only authorized clinicians can view sensitive files.
4. Compliance & Legal Frameworks
We are fully aligned with the Nigeria Data Protection Regulation (NDPR) and architecturally consistent with international standards like HIPAA and ISO 27001. We cooperate with national health ministries to ensure that digital health transformation follows strict ethical guidelines.
5. Your Rights as a Data Subject
Under NDPR, you have the right to: (a) Access your data at any time; (b) Correct inaccuracies in your folder; (c) Request data portability via HL7/FHIR standards; and (d) Exercise the right to be forgotten (subject to clinical record-keeping regulations).
6. Third-Party Sharing
We do not sell personal health data to third parties. We share data only with authorized entities within the ecosystem (e.g., your insurance provider for claims processing or a laboratory for test fulfillment) and only with your explicit or clinical consent.
Data Retention
Clinical records are retained according to the statutory requirements of the jurisdiction in which the medical services were provided. Inactive accounts are archived after 24 months of dormancy, while clinical history remains available for continuity of care.
Privacy Officer
If you have questions regarding our data practices or wish to exercise your rights under the NDPR, please contact our Data Protection Officer directly.
Contact DPOInteroperability Standards
Our privacy protocols are built to support the HL7 / FHIR international standards, ensuring that while your data is private, it remains portable across the global healthcare ecosystem.