• info@flexiehealth.co.zw
  • No 7, San Fernando, 132 Five Ave, Cnr 5th Street, Harare
  • +263 718 332 655 | +263 242 254 115
Facebook Instagram Linkedin X-twitter
Book A Demo

Privacy Policy

Flexi E-Health Systems Privacy Policy

Introduction

Flexi-e Health System is committed to protecting the privacy and confidentiality of personal data processed through our healthcare management software solutions. This Privacy Policy outlines how we collect, use, store, share, and protect your personal data in accordance with Zimbabwe’s Cyber and Data Protection Act (CDPA).

Scope of the Policy

This Policy applies to all personal data processed by Flexi-e Health System as a data processor on behalf of healthcare centres and providers (data controllers) using our system for patient registration, treatment documentation, consultations, billing, bookings, and claims management.

Categories of Personal Data Processed
  1. Identifying information: Name, national ID, phone number, email address, and other contact details.
  2. Demographic information: Gender, age, address.
  3. Medical and health records: Treatment history, test results, diagnoses, medications, and any other health-related data.
  4. Billing and claims data: Insurance, invoices, payment history.
  5. Appointment and consultation data
Purpose of Processing
  1. Facilitating patient registration and health record management
  2. Supporting healthcare service delivery and documentation
  3. Scheduling appointments and diagnostic tests
  4. Managing billing, invoicing, and medical aid claims
  5. Enhancing system performance and data accuracy
  6. Complying with applicable legal and regulatory obligations
Legal Basis for Processing

Personal data is processed on behalf of healthcare providers based on one or more of the following legal bases:

  1. Consent of the data subject (especially for sensitive data)
  2.  Contractual necessity for healthcare provision
  3.  Legal obligation of the healthcare provider
  4. Public interest in healthcare and disease prevention
Processing of Sensitive Personal Data

Health data, as a special category of personal data, is processed under strict safeguards and only:

  1. With the express written consent of the data subject
  2. Where necessary for medical diagnosis, treatment, or management
  3.  When required for public health interests or legal claims
Data Subject Rights

Data subjects have the following rights under the CDPA:

  1. Right to access their personal data
  2. Right to rectify incorrect or incomplete data
  3. Right to erase data (where legally applicable)
  4. Right to object to processing
  5. Right to withdraw consent at any time

 

Requests may be submitted through the respective healthcare provider. As a data processor, we will support data controllers in fulfilling these rights.

 Data Sharing and Disclosure

We do not share personal data with third parties except:

  1. As instructed by the healthcare provider
  2. With authorized medical aid societies and laboratories
  3. When required by law or court order
Cross-Border Data Transfers

Where data is transferred outside Zimbabwe, we ensure:

  1. Adequate protection is provided in the recipient country
  2. Compliance with notification requirements to POTRAZ
10. Data Security Measures

We implement appropriate technical and organisational measures including:

  1. Access controls: limiting access to authorized personnel.
  2. Data encryption: Protecting data in transit and at rest.
  3. Regular audits: Monitoring and updating our security practices
  4. Audit trails and activity logging.
 Data Retention

We retain personal data only as long as instructed by the data controller and in compliance with applicable regulations.

 Data Breach Notification

In the event of a personal data breach, we will:

  1. Notify the controller immediately
  2. Support the controller in notifying POTRAZ within 24 hours
  3. Assist in communicating with affected individuals where required
 Accountability and Record-Keeping

We maintain up-to-date records of all data processing activities and cooperate with audits and inspections by the data controller or regulator.

 Contact Information

For inquiries related to this policy, please contact:

 

Data Protection Officer

Flexi-e Health System

No 7, San Fernando, 132 Five Ave, Cnr 5th Street, Harare

Email: msithole@flexiehealthsystems.com

Phone: +263778791092, +2638688002612

 Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in legal, regulatory, or operational requirements. Updates will be communicated to our clients and published appropriately.

Review and Approval

This Privacy Policy shall be reviewed annually or upon significant changes in applicable laws or in the way Flexi-e Health System processes personal data. Approval of this policy is the responsibility of the senior management team and the appointed Data Protection Officer.

 

 

 

This policy is aligned with Zimbabwe’s Cyber and Data Protection Act (CDPA) and Cloud Data Protection Regulations (CDPR). For further information or guidance, contact the Data Protection Officer.

Flexie Health System is providing cloud-based services for electronic health records, revenue management & medical billing, patient engagement, reports management and more.

Sitemap

Support

Location

  • No 7, San Fernando, 132 Five Ave, Cnr 5th Street, Harare
  • info@flexiehealth.co.zw
  • +263 718 332 655 | +263 242 254 115

Copyright © 2024 Flexi eHealth Systems, All rights reserved.