1. Introduction
eHealth Kerala recognizes the importance of protecting the privacy and security of personal data collected during the patient/ citizen registration process.
This Digital Personal Data Protection Policy is a set of guidelines and rules aiming to ensure the confidentiality, Integrity, and availability of personal data and prevent unauthorized access or disclosure and use in accordance with the rules and regulations.
2. Scope
This policy applies to all personal data collected, processed, and stored at eHealth Kerala/State Digital Health Mission during the UHID creation process and during consultation of diseases.
3. Data Collection
We are collecting the following types of personal data:
Personal Information: Name, date of birth, gender, address, parent/guardian's name (essential for children), photo and other relevant demographic information.
Health Information such as
Medical History: Records of past illnesses, surgeries, allergies, and family health history.
Clinical Data: Information from medical examinations, diagnoses, treatment plans, and progress notes.
Laboratory and Imaging Results: Data from blood tests, X-rays, MRIs, and other diagnostic procedures.
Medication Records: Information about prescribed drugs, dosages, and treatment regimens.
Identification Documents: Aadhaar No or any other Govt. authorized identity proof.
4. Purpose of Data Collection
We collect personal health data for the following purposes:
Creating a Unified Health Record: To establish a comprehensive health record for each citizen by linking it with their Aadhaar-based Unique Health Identification Number (UHID). This unified record allows for seamless access to medical information across government hospitals where eHealth system has enabled, facilitating continuous and coordinated care. Maintaining a Unified Health Record offers significant advantages in terms of patient care, treatment followups, safety, efficiency, and overall improvement in healthcare service delivery.
Online Appointment Booking: By collecting personal health data, eHealth Kerala streamlines the appointment process, reduces waiting times, and minimizes overcrowding in eHealth enabled health institutions.
Managing Health Records: To provide a Personal Health Record (PHR) system that empowers individuals to manage their healthcare information. This system allows users to view their health record ie, health data, lab reports, treatment details, and discharge summaries from eHealth enabled health institutions.
Enhancing Healthcare Operations: By collecting demographic and health data, eHealth Kerala automates hospital processes and centralizes health information management.
5. Legal Basis for Processing
We process personal data based on one or more of the following legal grounds:
- Consent provided by the individual.
- Contractual necessity for processing.
- Compliance with legal obligations such as Aadhaar Act, 2016, Digital Personal Data Protection Act, 2023, Gazette Notification G.O.(P)No.12/2025/H&FWD dtd: 04.02.2025
- Performance of tasks carried out in the public interest or in the exercise of official authority vested in Dept of Health & Family Welfare, Govt. of Kerala and Ministry of Health and Family Welfare, Govt. of India.
6. Data Sharing and Disclosure
We may share personal data with Regulatory authorities or law enforcement agencies when required by law.
7. Data Storage and Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. Access to personal data is restricted to authorized personnel only. We do not sell any personally identifiable information to any third party (public/private). eHealth Kerala also gather other information about the User, such as Internet protocol (IP) addresses, domain name, browser type, operating system, the date and time of the visit and the pages visited. We make no attempt to link these addresses with the identity of individuals visiting our site unless enforcement agencies require by law.
8. Data Retention
We retain personal data for as long as necessary to fulfil the purposes outlined in this policy or as required by applicable laws and regulations.
9. Individual Rights
Citizen of India has the following rights regarding their personal data:
Right to access: Request access to their personal data held by eHealth Kerala.
Right to rectification: Request correction of inaccurate or incomplete personal demographic data.
10. Contact Information
For inquiries regarding this Data Privacy Policy or to exercise your rights, please contact:
Email: ehealth@kerala.gov.in
Office No: 9048022252
11. Changes to the Policy
We may update this Data Privacy Policy from time to time. Any changes will be published on our website with an updated effective date. These terms and conditions shall be governed by and construed in accordance with the Indian Laws. Any dispute arising under these terms and conditions shall be subject to the exclusive jurisdiction of the Courts of India.