MediMureOS Privacy Policy

Effective Date: May 3, 2026Last Updated: May 13, 2026

1. Introduction

Welcome to MediMureOS (“MMOS”), a healthcare operations and hospital management platform owned, operated, and maintained by ETI Systems (“Company”, “we”, “our”, or “us”).

This Privacy Policy explains how ETI Systems collects, uses, processes, stores, secures, discloses, transfers, and protects information when healthcare organizations, hospitals, clinics, diagnostic centers, pharmacies, laboratories, administrators, doctors, nurses, patients, and other authorized users access or use MediMureOS.

MediMureOS is designed to support healthcare institutions with:

  • Hospital Information Management
  • Electronic Health Records (EHR/EMR)
  • Patient Registration
  • OPD/IPD Management
  • Appointment Scheduling
  • Billing and Revenue Cycle Management
  • Laboratory & Radiology Workflows
  • Pharmacy Management
  • Inventory & Procurement
  • Human Resource Management
  • Analytics & Reporting
  • Communication & Notifications
  • Telemedicine & Digital Healthcare Workflows
  • Mobile Healthcare Applications
  • Enterprise Healthcare Operations

Because MediMureOS may process sensitive healthcare and patient information, ETI Systems is committed to maintaining the highest standards of privacy, confidentiality, transparency, integrity, and security.

By accessing, implementing, integrating, subscribing to, or using MediMureOS or any associated applications, websites, APIs, portals, dashboards, or services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

  • MediMureOS web applications
  • Mobile applications
  • Administrative dashboards
  • Doctor applications
  • Patient applications
  • Nurse applications
  • APIs and integrations
  • Websites and portals operated by ETI Systems
  • Cloud-hosted and on-premise deployments
  • Third-party integrations connected to MediMureOS
  • Communication systems and notification services
  • Analytics and reporting infrastructure

This Policy applies to:

  • Healthcare institutions
  • Clinics
  • Hospitals
  • Medical colleges
  • Diagnostic centers
  • Laboratories
  • Pharmacies
  • Healthcare staff
  • Administrative users
  • Patients
  • Caregivers
  • Vendors and implementation partners
  • Authorized third-party service providers

3. Definitions

For purposes of this Privacy Policy:

3.1 “MediMureOS” or “MMOS”

Refers to the complete healthcare management ecosystem developed and operated by ETI Systems.

3.2 “Personal Data”

Any information that identifies or can reasonably identify an individual directly or indirectly.

3.3 “Sensitive Personal Data”

Information related to health, medical conditions, diagnosis, prescriptions, laboratory reports, biometric information, financial information, insurance data, government identification numbers, or other regulated categories of data.

3.4 “Protected Health Information (PHI)”

Health-related information linked to an identifiable individual, including clinical, diagnostic, treatment, billing, or care coordination information.

3.5 “Data Controller”

The organization determining the purpose and means of processing personal data.

3.6 “Data Processor”

An entity processing data on behalf of a data controller.

3.7 “User”

Any person or organization accessing or using MediMureOS.

3.8 “Healthcare Organization”

Any hospital, clinic, institution, or medical entity utilizing MediMureOS.

4. Information We Collect

ETI Systems may collect, receive, store, process, and manage various categories of information depending on the services used.

4.1 Patient Information

This may include:

  • Full name
  • Gender
  • Date of birth
  • Age
  • Phone number
  • Email address
  • Residential address
  • Emergency contacts
  • Blood group
  • National identification numbers
  • Passport information
  • Insurance details
  • Guardian information
  • Medical history
  • Allergies
  • Diagnoses
  • Clinical notes
  • Treatment plans
  • Prescription data
  • Laboratory reports
  • Radiology reports
  • Imaging references
  • Admission history
  • Surgical history
  • Vaccination records
  • Vital signs
  • Follow-up schedules
  • Billing information
  • Payment history
  • Consent records
  • Digital signatures
  • Device identifiers

4.2 Healthcare Staff Information

Including:

  • Employee names
  • Designations
  • Departments
  • Qualifications
  • Medical registration details
  • Employee IDs
  • Shift schedules
  • Payroll-related information
  • Attendance records
  • Contact information
  • Role-based access details
  • Login history
  • Audit activity

4.3 Organizational Information

Including:

  • Hospital or clinic details
  • Branch information
  • Department structures
  • Operational workflows
  • Billing structures
  • Inventory details
  • Vendor information
  • Procurement records
  • Tax information
  • Financial reporting data

4.4 Technical & Device Information

We may automatically collect:

  • IP addresses
  • Browser type
  • Device identifiers
  • Device model
  • Operating system
  • Access timestamps
  • Login activity
  • Usage analytics
  • Error logs
  • Crash reports
  • Session information
  • Network information
  • API activity
  • Geolocation metadata (where enabled)

4.5 Communication Information

Including:

  • Email communications
  • SMS logs
  • Notification history
  • Support tickets
  • Customer service interactions
  • Telemedicine communication records
  • Feedback submissions

4.6 Payment & Financial Information

Depending on integrations and deployments:

  • Billing records
  • Transaction references
  • Invoice history
  • Payment status
  • Subscription details
  • Tax records
  • Insurance claims
  • Refund information

ETI Systems does not intentionally store full payment card data unless explicitly required under compliant payment infrastructure.

5. How Information Is Collected

We may collect information through:

  • Direct user input
  • Patient registration workflows
  • Appointment booking systems
  • Electronic medical records
  • Laboratory integrations
  • Radiology systems
  • Mobile applications
  • APIs
  • Device synchronization
  • Wearables integrations
  • Cookies and tracking technologies
  • Automated logs
  • Third-party integrations
  • Imported healthcare records
  • Communication systems
  • Telemedicine interactions
  • Customer support channels

6. Purpose of Data Processing

ETI Systems processes information for legitimate healthcare, operational, contractual, legal, and security purposes.

6.1 Healthcare Delivery

Including:

  • Patient identification
  • Appointment scheduling
  • Clinical documentation
  • Treatment management
  • Prescription management
  • Diagnostics management
  • Care coordination
  • Follow-up tracking
  • Emergency medical workflows
  • Telemedicine services
  • Continuity of care

6.2 Operational Management

Including:

  • Hospital administration
  • Staff management
  • Inventory management
  • Billing and invoicing
  • Insurance processing
  • Financial reporting
  • Workflow automation
  • Scheduling and task assignment

6.3 Security & Compliance

Including:

  • Fraud prevention
  • Threat detection
  • Audit logging
  • Regulatory compliance
  • Access monitoring
  • Identity verification
  • Risk management
  • Incident response

6.4 Product Improvement

Including:

  • Analytics
  • Performance monitoring
  • System optimization
  • User experience enhancement
  • Feature development
  • AI-assisted workflow improvement
  • Error diagnosis
  • Infrastructure scaling

6.5 Communication Purposes

Including:

  • Appointment reminders
  • Clinical notifications
  • Service updates
  • Security alerts
  • Billing communication
  • Support responses
  • Operational announcements

6.6 Legal & Regulatory Obligations

Including:

  • Healthcare regulations
  • Government reporting
  • Tax compliance
  • Legal investigations
  • Court orders
  • Compliance audits
  • Medical record retention requirements

7. Legal Basis for Processing

Depending on the jurisdiction and applicable laws, ETI Systems may process data based on:

  • User consent
  • Contractual obligations
  • Legal compliance requirements
  • Healthcare and medical treatment necessity
  • Legitimate business interests
  • Public health obligations
  • Protection of vital interests

Healthcare organizations using MediMureOS may independently act as Data Controllers and are responsible for obtaining required patient consents where applicable.

8. Data Sharing & Disclosure

ETI Systems does not sell personal healthcare data.

We may share information only under lawful and necessary circumstances.

8.1 With Healthcare Organizations

Patient information may be accessible to authorized healthcare providers, hospitals, clinics, laboratories, pharmacies, and staff involved in treatment or healthcare operations.

8.2 With Service Providers

We may engage trusted third-party vendors for:

  • Cloud hosting
  • Infrastructure management
  • Email delivery
  • SMS delivery
  • Payment processing
  • Analytics
  • Security monitoring
  • Customer support
  • Backup systems
  • Data storage

Such providers are contractually obligated to maintain confidentiality and appropriate security safeguards.

8.3 With Regulatory Authorities

We may disclose information when required by:

  • Law enforcement
  • Government authorities
  • Healthcare regulators
  • Court orders
  • Legal investigations
  • Compliance obligations

8.4 Business Transfers

In connection with mergers, acquisitions, restructuring, financing, or sale of assets, information may be transferred subject to confidentiality obligations and legal safeguards.

8.5 Emergency Situations

We may disclose data when necessary to:

  • Protect life or safety
  • Prevent medical emergencies
  • Address public health concerns
  • Respond to disaster situations

9. International Data Transfers

MediMureOS may operate across multiple jurisdictions.

Information may be stored, processed, or transferred to servers and infrastructure located in different countries.

ETI Systems implements reasonable safeguards for cross-border transfers, including:

  • Data processing agreements
  • Standard contractual protections
  • Security controls
  • Encryption standards
  • Regulatory compliance mechanisms

Healthcare organizations are responsible for ensuring lawful international data transfers where required by local regulations.

10. Data Retention

We retain information only for as long as necessary for:

  • Healthcare operations
  • Legal compliance
  • Medical record retention obligations
  • Contractual requirements
  • Audit purposes
  • Security investigations
  • Backup and disaster recovery
  • Dispute resolution

Retention periods may vary depending on:

  • Applicable laws
  • Healthcare regulations
  • Institutional policies
  • Jurisdictional requirements
  • Contractual obligations

Upon expiration of retention periods, data may be deleted, anonymized, archived, or securely destroyed.

11. Data Security

ETI Systems implements industry-standard administrative, technical, and organizational security measures.

11.1 Security Measures May Include

  • End-to-end encryption
  • TLS/SSL encryption
  • Database encryption
  • Role-based access control (RBAC)
  • Multi-factor authentication
  • Audit logging
  • Session monitoring
  • Intrusion detection systems
  • Security patch management
  • Network segmentation
  • Backup encryption
  • Secure API gateways
  • Device access controls
  • Data minimization practices
  • Security incident monitoring
  • Disaster recovery systems
  • High availability infrastructure
  • Access review mechanisms
  • Password hashing
  • Secure software development lifecycle practices

11.2 Security Limitations

Although ETI Systems implements strong security measures, no method of electronic transmission, storage, or processing can be guaranteed to be completely secure.

Users and healthcare organizations are responsible for:

  • Maintaining secure passwords
  • Protecting account credentials
  • Implementing institutional access controls
  • Restricting unauthorized device access
  • Reporting suspicious activity promptly

12. User Rights & Privacy Choices

Depending on applicable laws and jurisdiction, users may have rights regarding their personal data.

These may include:

12.1 Right to Access

Request access to personal data processed by MediMureOS.

12.2 Right to Correction

Request correction of inaccurate or incomplete information.

12.3 Right to Deletion

Request deletion of personal information where legally permissible.

12.4 Right to Restrict Processing

Request limitation of certain processing activities.

12.5 Right to Data Portability

Request transfer of data in structured formats where technically feasible.

12.6 Right to Withdraw Consent

Withdraw previously granted consent where processing relies on consent.

12.7 Right to Object

Object to specific processing activities under applicable law.

12.8 Right to Complaint

File complaints with applicable data protection or healthcare regulatory authorities.

Requests may be subject to:

  • Identity verification
  • Legal retention obligations
  • Medical record regulations
  • Institutional responsibilities
  • Technical feasibility

Healthcare organizations using MediMureOS may independently manage certain requests as Data Controllers.

13. Cookies & Tracking Technologies

MediMureOS and related websites may use:

  • Cookies
  • Session tokens
  • Device identifiers
  • Analytics tools
  • Log monitoring technologies
  • Usage tracking systems

These technologies help:

  • Maintain sessions
  • Improve performance
  • Enhance security
  • Personalize experiences
  • Monitor system reliability
  • Analyze product usage

Users may manage cookie settings through browser controls, though disabling certain technologies may affect system functionality.

14. Mobile Applications

MediMureOS mobile applications may request access to:

  • Camera
  • Microphone
  • File storage
  • Notifications
  • Device identifiers
  • Biometric authentication
  • Internet connectivity
  • Geolocation (if enabled)

Permissions are used solely for operational healthcare workflows and authorized functionality.

Users may control permissions through device settings.

15. Telemedicine & Communication Services

MediMureOS may support telemedicine, virtual consultations, messaging, and remote healthcare workflows.

Users acknowledge that:

  • Electronic communications may involve inherent risks
  • Internet-based communications cannot be guaranteed completely secure
  • Users should access services through trusted devices and secure networks

Where supported, MediMureOS may maintain logs, recordings, metadata, or communication history for operational, legal, training, audit, or compliance purposes, subject to applicable laws.

16. AI, Analytics & Automation

MediMureOS may utilize analytics, automation, machine learning, or AI-assisted systems to:

  • Improve workflows
  • Enhance operational efficiency
  • Support analytics
  • Generate recommendations
  • Detect anomalies
  • Improve scheduling
  • Assist healthcare operations

AI-assisted outputs are intended to support healthcare professionals and operational teams and should not replace independent medical judgment, diagnosis, or clinical decision-making.

ETI Systems may use anonymized or aggregated information for:

  • Product analytics
  • System optimization
  • Research
  • Performance improvements
  • Operational intelligence

Where required by law, explicit consent mechanisms may be implemented.

17. Third-Party Integrations

MediMureOS may integrate with:

  • Laboratory systems
  • Radiology systems
  • Insurance providers
  • Government health systems
  • Payment gateways
  • SMS providers
  • Email providers
  • Telemedicine platforms
  • ERP systems
  • APIs and middleware
  • Cloud platforms
  • External authentication providers

ETI Systems is not responsible for the independent privacy practices of third-party services.

Users and organizations should review third-party privacy policies before enabling integrations.

18. Children’s Privacy

MediMureOS may process information relating to minors in connection with lawful healthcare services.

Healthcare organizations and guardians are responsible for obtaining legally required consents for pediatric healthcare services where applicable.

ETI Systems does not knowingly collect information from children outside legitimate healthcare operations.

19. Healthcare Compliance

MediMureOS is designed with healthcare privacy and security principles in mind and may support compliance efforts related to:

  • HIPAA
  • GDPR
  • DPDP Act (India)
  • Regional healthcare privacy regulations
  • Medical record retention obligations
  • Information security frameworks

However, compliance obligations may vary depending on:

  • Deployment model
  • Organizational practices
  • User configurations
  • Local regulations
  • Operational implementation

Healthcare organizations remain responsible for ensuring their own legal and regulatory compliance.

20. Audit Logs & Monitoring

For security, compliance, and operational integrity, MediMureOS may maintain detailed audit records including:

  • Login activity
  • User access history
  • Data modifications
  • Prescription changes
  • Billing actions
  • Administrative changes
  • Export activity
  • API requests
  • Security events
  • Device activity

Audit records may be retained according to compliance and security requirements.

21. Data Backups & Disaster Recovery

ETI Systems may maintain encrypted backups and disaster recovery infrastructure to ensure:

  • Business continuity
  • Data resilience
  • Service restoration
  • Operational reliability

Backups may be stored across geographically distributed infrastructure subject to security controls.

22. Account Responsibilities

Users and healthcare organizations are responsible for:

  • Maintaining confidentiality of credentials
  • Managing user access permissions
  • Immediately reporting unauthorized access
  • Using secure devices and networks
  • Ensuring lawful use of the platform
  • Maintaining institutional privacy practices
  • Training staff appropriately

Organizations are responsible for activities occurring under their accounts.

23. Incident Response & Breach Notification

ETI Systems maintains internal processes for:

  • Security incident management
  • Threat investigation
  • Vulnerability remediation
  • System recovery
  • Risk mitigation

Where legally required, ETI Systems may notify affected organizations or authorities regarding reportable security incidents or data breaches.

Notification timelines may depend on:

  • Applicable laws
  • Severity of impact
  • Investigation requirements
  • Regulatory obligations

24. De-Identified & Aggregated Data

ETI Systems may create anonymized, de-identified, or aggregated datasets that do not reasonably identify individuals.

Such information may be used for:

  • Product analytics
  • Benchmarking
  • System optimization
  • Research
  • Reporting
  • Machine learning improvements
  • Operational intelligence

De-identified data may be retained beyond standard retention periods where legally permitted.

25. Service Availability & Infrastructure

MediMureOS infrastructure may involve:

  • Cloud environments
  • Distributed systems
  • Content delivery systems
  • Disaster recovery systems
  • Third-party infrastructure providers

ETI Systems does not guarantee uninterrupted availability and may conduct:

  • Maintenance
  • Upgrades
  • Security patches
  • Infrastructure migrations
  • Emergency downtime operations

Reasonable efforts will be made to minimize disruptions.

26. Data Ownership

Unless otherwise specified in contractual agreements:

  • Healthcare organizations retain ownership of their institutional and patient data.
  • Patients retain rights applicable under relevant privacy laws.
  • ETI Systems retains ownership of:
  • Software
  • Infrastructure
  • System architecture
  • Intellectual property
  • Analytics systems
  • Platform technology

Use of MediMureOS does not transfer ownership of platform intellectual property.

27. Account Termination & Data Handling

Upon account termination or expiration:

  • Access may be disabled
  • Data export options may be provided subject to agreements
  • Retention obligations may continue
  • Backups may persist temporarily
  • Certain audit records may remain retained

Deletion timelines may vary depending on:

  • Legal requirements
  • Healthcare regulations
  • Active disputes
  • Security obligations
  • Contractual agreements

28. Jurisdiction & Governing Law

This Privacy Policy shall be governed in accordance with applicable laws and contractual agreements relevant to the operating jurisdiction of ETI Systems and applicable healthcare regulations.

Cross-border deployments may additionally be subject to regional privacy laws.

29. Changes to This Privacy Policy

ETI Systems reserves the right to modify, update, revise, or replace this Privacy Policy at any time.

Changes may occur due to:

  • Legal requirements
  • Regulatory updates
  • Product enhancements
  • Security improvements
  • Operational changes
  • New services or integrations

Updated versions may be published through official MediMureOS platforms.

Continued use of the platform after updates constitutes acceptance of the revised Privacy Policy.

30. Contact Information

For privacy-related inquiries, compliance concerns, data requests, or security matters, users may contact:

ETI Systems

Owner & Operator of MediMureOS

Email: privacy@medimureos.com Support Email: support@medimureos.com Website: www.medimureos.com

Healthcare organizations using MediMureOS may also contact their designated implementation or account representatives.

31. Consent & Acknowledgement

By accessing or using MediMureOS, users acknowledge and agree that:

  • They have read this Privacy Policy
  • They understand how information is processed
  • They consent to applicable data processing activities
  • They will comply with applicable laws and institutional policies
  • They understand the responsibilities associated with healthcare data handling

If users do not agree with this Privacy Policy, they should discontinue use of MediMureOS and associated services.

32. Enterprise Healthcare Privacy Commitment

ETI Systems recognizes the critical importance of healthcare privacy, patient dignity, institutional trust, and operational security.

MediMureOS is developed with a strong commitment toward:

  • Confidentiality
  • Security
  • Transparency
  • Compliance
  • Reliability
  • Ethical healthcare technology practices
  • Enterprise-grade healthcare infrastructure
  • Responsible innovation

We continuously strive to strengthen privacy protections and safeguard healthcare ecosystems entrusted to our platform.

End of Privacy Policy