1. Introduction
Welcome to RxVault ("we," "our," or "us"). RxVault is a secure, cloud-enabled Medical Record and Prescription Management System designed for licensed clinics, healthcare practitioners, and pharmacy operators.
RxVault provides clinical tracking features to record patient prescriptions (Rx), diagnostic observations, and biometric vitals. We are committed to maintaining the highest security and compliance standards for all clinical, administrative, and employee data.
By deploying, logging into, or operating the RxVault web application dashboard or companion mobile applications, you agree to the practices outlined in this Privacy Policy.
2. PHI & HIPAA Compliance Statement
Because RxVault processes Protected Health Information (PHI), we have structured our platform to fully comply with the **Health Insurance Portability and Accountability Act (HIPAA)**, GDPR, and regional medical record laws.
Strict Multi-Tenant Separation
Associated Features: Multi-tenant isolation at the database level.
Security Parameters: Authorized operators can only query or display medical data assigned strictly to their individual clinical tenant. Clinicians and staff of Clinic A are mathematically barred from accessing or seeing records belonging to Clinic B.
Compliance EnforcedRole-Based Access Controls (RBAC)
Associated Features: Staff roles (Practitioner, Receptionist, Lab Technician, Pharmacy Dispenser, Clinic Owner).
Processed Data: User role attributes govern API query parameters securely. For example, a lab technician is restricted from reviewing billing invoices, and a receptionist cannot alter diagnostic clinical notes.
Access Enforced3. Information We Collect
RxVault collects only the minimum parameters necessary to operate a fully functioning clinical workspace and maintain secure tenancy configurations:
A. Patient Demographic Profiles
Collected during patient registration to create an active clinical profile:
- Patient Identifiers: Name, age, gender, and contact phone number.
- Medical Baseline: Blood group (used during diagnostic and clinical cross-referencing).
B. Protected Health Information (PHI) & Clinical Logs
Generated by clinicians during active patient visits and recorded inside secure forms:
- Prescription Parameters: Medication names, dosages, durations, routes, and diagnostic observations.
- Biometric Vitals: Recorded physical indicators (blood pressure, temperature, heart rate).
- Diagnostic Orders: Clinical lab orders, observations, and follow-up alerts.
C. Tenancy & User Accounts
Required to secure doctor portals, pharmacy dispensing queues, and receptionist shifts:
- Professional Profiles: Doctor registration license numbers, staff emails, shift roster entries, and cryptographically hashed passwords.
- Operational Logs: Timestamps of clinical actions (who added/edited an Rx) to satisfy local medical record audit requirements.
4. Device Permissions (Companion Mobile App)
For users utilizing the companion mobile application (RxVaultPharmacy) to coordinate pharmacy queues, the app requires consent for specific system hardware access:
- Camera Permission (Strictly local QR scanning): Used exclusively to initialize the optical scanner to read prescription QR codes at pharmacy counters for dispense verification. **No video streams or photographs are ever uploaded or saved.**
- Local Storage Cache: Securely caches localized session tokens and offline logs to prevent patient queue delays during network dropouts.
- Push Notifications: Required to notify pharmacy operators when a new prescription is queued by an OPD doctor in real-time.
5. How We Use Your Information
All collected details are utilized strictly to execute the operational logics of your clinic's tenant workspace:
- To render clinical dashboards and print patient Rx cards.
- To coordinate patient appointments, waiting tokens, and arrival statuses.
- To manage the real-time pharmacy dispensing queue and inventory levels.
- To calculate shifts, generate invoices, and log system access trails.
6. Data Storage & Security
RxVault utilizes a highly hardened technical framework to secure health information against external exfiltration threats:
A. PostgreSQL Row-Level Security (RLS)
All database tables (prescriptions, patient registries, vital logs, and billing invoices) are governed by strict RLS policies executed natively by our Supabase cluster. This mathematically blocks any cross-tenant data requests.
B. End-to-End Cryptography
All trans-network communications are strictly encrypted using TLS 1.3/HTTPS channels. Sensitive database backups are encrypted at rest using AES-256 standards.
8. Third-Parties
We leverage a single trusted core database and hosting provider:
- Supabase Cloud: Serves as our secure, HIPAA-compliant database cluster. You can review the Supabase Privacy Policy.
- Google Charts APIs: Rendered client-side solely to generate dynamic barcode/QR codes on printed prescriptions for pharmacy terminal verification. No patient details are uploaded or stored.
9. Your Rights & Control
Clinic administrators have absolute control over their tenant data and operations. Via the administrative panel, you can:
- Data Portability: Instantly export all clinical metrics, records, and invoices in secure JSON or Microsoft Excel structures for audit logs.
- Right to Rectification: Authorized practitioners can correct patient demographic cards or update vital signs.
- Right to Deletion: Clinic owners can request tenant database purging, subject to local statutory medical records retention timelines (typically 3 to 7 years depending on regional law).
10. Contact Us
For any privacy-related inquiries, log auditing requests, or Data Protection Officer support, please contact our clinical compliance team:
Compliance Email: dpo@rxvault.in
Headquarters: RxVault Health Privacy Division, Bengaluru, India