Public legal page
Privacy Policy
This public copy mirrors the current HMS privacy policy content for compliance and public visibility.
Introduction
This Privacy Policy explains how VJ-Sync HMS, a multi-tenant Hospital Management System, collects, uses, stores, and protects information when clinics, hospitals, and authorized staff use the platform.
This platform is designed for healthcare providers and is not intended for direct patient self-registration unless enabled by the tenant organization.
Scope
This policy applies to healthcare organizations using VJ-Sync HMS and their authorized users including doctors, nurses, administrative staff, and support personnel.
Each tenant is responsible for managing its own patient records and ensuring compliance with applicable healthcare and data protection regulations.
Multi-tenant Data Separation
VJ-Sync HMS uses logical tenant isolation to ensure that:
- Data belonging to one hospital or clinic is not accessible to another.
- Users can only access data permitted by their assigned role.
- Administrative users control onboarding, permissions, and offboarding.
Tenant identifiers and role-based authorization mechanisms enforce strict data separation.
Information We Collect and Store
Account Information
- Name
- Phone number or email address
- User role and permissions
- Tenant or organization association
Healthcare and Operational Data
- Patient demographics and registration details
- OPD and IPD notes, clinical observations, and prescriptions
- Appointment records and scheduling data
- Billing and financial transaction records
- Laboratory reports and diagnostic records
Documents and Attachments
- Consent forms
- Uploaded reports and images
- Discharge summaries and clinical documents
Technical and Usage Data
- Device information and session logs
- Error logs and performance diagnostics
- Security and audit logs when enabled
Purpose of Data Usage
Information is used solely for:
- Delivering healthcare workflow features
- Appointment, billing, and reporting operations
- User authentication and authorization
- Maintaining audit trails and system integrity
- Troubleshooting and improving platform reliability
VJ-Sync does not sell personal or medical data.
Data Sharing
Data is not shared with third parties for marketing purposes. Limited sharing may occur only when necessary for cloud hosting and infrastructure providers, security monitoring and system reliability, or legal and regulatory compliance requirements.
All such processing follows strict confidentiality and security controls.
Data Retention and Deletion
Retention periods are determined by tenant policies, medical record regulations, and legal compliance requirements. Healthcare organizations control how long patient records are retained within the system.
Users may request deletion of personal information through their hospital administrator or by contacting support directly. Deletion requests are generally processed within 7 to 15 working days, subject to medical record retention laws, legal obligations, and tenant administrative approval.
Some healthcare records may be retained where legally required.
Security Measures
- Role-based access control
- Secure authentication mechanisms
- Encrypted data transmission over HTTPS
- Cloud infrastructure security controls
- Activity logging and audit tracking
Tenants are responsible for enforcing password policies and managing inactive users.
Children's Data
The platform may store pediatric patient records as part of healthcare delivery. However, accounts are created and managed only by authorized healthcare staff.
User Responsibilities
- Maintaining confidentiality of login credentials
- Granting appropriate user permissions
- Complying with healthcare privacy regulations
- Reporting suspected security incidents
Changes to This Policy
This Privacy Policy may be updated periodically to reflect system improvements, regulatory requirements, or operational changes. Continued use of the platform constitutes acceptance of the updated policy.