Legal Document
Healthcare Data Processing Agreement (DPA)
Masihai Healthcare Platform · Last Updated:
This Data Processing Agreement ("Agreement" or "DPA") forms part of the Terms of Service between:
Processor / Service Provider
Syphernity Studios
Operator of the Masihai Healthcare Platform
("Masihai", "Processor", "Service Provider")
Controller / Client
Healthcare Provider
The healthcare provider, clinic, hospital, or consultant using the Masihai platform ("Healthcare Provider", "Controller", or "Client")
This Agreement governs the processing of patient personal and medical data within the Masihai platform.
1 Definitions
For the purpose of this Agreement:
| Controller | The healthcare provider or clinic that determines the purpose and use of patient data. |
| Processor | Masihai (Syphernity Studios) that processes data on behalf of the Controller. |
| Personal Data | Any information related to an identifiable patient including name, contact details, or identifiers. |
| Health Data / Medical Data | Sensitive patient information including: medical history, prescriptions, diagnoses, treatment plans, laboratory reports, chronic diseases, allergies, and consultation records. |
| Processing | Any operation performed on data including: storage, recording, transmission, retrieval, and deletion. |
2 Nature and Purpose of Data Processing
Masihai processes patient data solely to provide healthcare technology services including:
- Electronic Medical Records (EMR)
- Appointment management
- Digital prescriptions
- Telemedicine services
- Voice-based documentation
- Patient record management
- Secure medical data storage
Masihai does not process patient data for independent medical purposes.
3 Categories of Data Subjects
Data subjects may include:
- Patients
- Clinic staff
- Healthcare providers
- Platform users
4 Categories of Personal Data Processed
The platform may process the following types of patient information:
Identity Information
- Name
- Phone number
- Email
- Age or date of birth
- Gender
- Address
Medical Information
- Blood group
- Allergy profile
- Chronic diseases
- Medical history
- Symptoms
- Diagnoses
- Consultation notes
- Prescriptions
- Lab reports
- Treatment plans
Technical Data
- Device information
- App usage data
- Log data
5 Obligations of the Healthcare Provider (Controller)
The Healthcare Provider agrees that they:
- Are responsible for collecting patient consent where required.
- Ensure patient data entered into the system is accurate and lawful.
- Maintain compliance with local healthcare regulations.
- Determine how patient data is used in medical practice.
Masihai does not control how doctors use patient information in their clinical decisions.
6 Obligations of Masihai (Processor)
Masihai agrees to:
- Process data only according to instructions from the Healthcare Provider
- Maintain appropriate security measures
- Protect patient data from unauthorized access
- Not disclose patient data without authorization unless legally required
Masihai personnel with access to patient data are bound by confidentiality obligations.
7 Data Security Measures
Masihai implements appropriate technical and organizational measures including:
- Secure cloud infrastructure
- Encrypted data transmission
- Access control systems
- Authentication mechanisms
- System monitoring and logging
These measures aim to protect patient data from:
- Unauthorized access
- Accidental loss
- Data breaches
- Misuse
8 Data Storage and Hosting
Patient data may be stored on:
- Secure cloud servers
- Authorized infrastructure operated by Masihai
- Systems necessary for platform functionality
Masihai may use trusted infrastructure providers to host the platform.
9 Telemedicine and Communication Data
The platform may process information exchanged during:
- Video consultations
- Audio consultations
- Chat communications
- Voice documentation
Such data is processed only to facilitate healthcare services between patients and doctors.
10 Sub-Processors
Masihai may use trusted third-party service providers ("Sub-Processors") for services such as:
- Cloud hosting
- Infrastructure
- Analytics
- System monitoring
Masihai ensures that such providers maintain adequate security and confidentiality standards.
11 Data Retention
Patient data will be retained for as long as necessary to:
- Provide platform services
- Comply with legal obligations
- Support healthcare providers
Healthcare providers may request deletion of their data when terminating the service, subject to legal retention requirements.
12 Data Breach Notification
In the event of a data breach affecting patient information, Masihai will:
- Investigate the incident
- Take reasonable corrective action
- Notify the affected healthcare provider where required
Healthcare providers remain responsible for patient notifications if required by law.
13 Data Subject Rights
Patients may have rights regarding their personal data, including:
- Access to their data
- Correction of inaccurate information
- Deletion where applicable
Requests regarding medical records should normally be directed to the Healthcare Provider responsible for the patient record.
14 Confidentiality
Masihai will ensure that all employees, contractors, and partners involved in processing patient data are bound by confidentiality obligations.
Patient data will not be disclosed except:
- As required to operate the platform
- As instructed by the healthcare provider
- Where required by law
15 International Data Transfers
Where infrastructure providers operate across multiple jurisdictions, data may be processed on servers located outside the user's region.
Masihai will ensure that appropriate safeguards are implemented.
16 Liability
Masihai acts only as a technology service provider and data processor.
Healthcare providers remain responsible for:
- Patient care decisions
- Legal compliance related to medical practice
- Lawful collection of patient data
Masihai is not responsible for medical outcomes resulting from clinical decisions.
17 Termination of Data Processing
Upon termination of services:
- Healthcare providers may request deletion of stored data where feasible.
- Masihai may retain data where required for legal, regulatory, or security purposes.
18 Amendments
Masihai may update this Agreement periodically to reflect:
- Legal requirements
- Platform updates
- Changes in data protection practices
Updated agreements will be published on the Masihai platform.
19 Contact Information
For questions regarding this Agreement, please contact: