Privacy Policy

SmartHosi (“we,” “us,” or “our”) operates a cloud-based Hospital Management Information System (HMIS) designed to help healthcare facilities manage patient information, clinical workflows, and administrative operations.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform. We are committed to protecting the privacy and security of all data entrusted to us, including Protected Health Information (PHI).

Healthcare Facility Data:

• Facility registration information (name, address, contact details)
• Staff credentials and access permissions
• Operational data and system usage logs

Patient Health Information:

• Personal identification (name, date of birth, contact information)
• Medical records, diagnoses, and treatment history
• Laboratory and imaging results
• Prescription and medication records
• Billing and insurance information

Technical Data:

• Device information and browser type
• IP addresses and access timestamps
• Usage patterns and feature interactions

We use collected information to:

• Provide and maintain our hospital management services
• Enable clinical workflows and patient care coordination
• Generate reports and analytics for healthcare facilities
• Process billing and insurance claims
• Improve system performance and user experience
• Ensure security and prevent unauthorized access
• Comply with legal and regulatory requirements
• Communicate important updates and support information

We implement robust security measures to protect your data:

We do not sell or rent your personal information. We may share data only in these circumstances:

• With Healthcare Facilities: Data is accessible to authorized staff at the subscribing facility
• Service Providers: Trusted partners who assist in operating our platform (cloud hosting, support services)
• Legal Requirements: When required by law, court order, or regulatory authority
• Emergency Situations: To protect the vital interests of patients or others

All third-party service providers are contractually bound to maintain confidentiality and implement appropriate security measures.

We retain data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Medical records are retained in accordance with healthcare regulations and the policies of each healthcare facility.

Upon termination of service, healthcare facilities may request data export or secure deletion in accordance with applicable regulations.

Depending on your jurisdiction, you may have the right to:

• Access your personal data held by us
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Object to or restrict certain processing activities
• Data portability in a structured, machine-readable format
• Withdraw consent where processing is based on consent

Patients should contact their healthcare provider to exercise rights regarding their medical records. Healthcare facilities should contact us directly for data-related requests.

If you have questions about this Privacy Policy or our data practices, please contact us: