ePesakit HCTM – Privacy Policy

Introduction

This Privacy Policy explains how Hospital Canselor Tuanku Muhriz (HCTM) ("we", "our") collects, uses, discloses, and protects your information when you use the ePesakit HCTM mobile application ("App").

By using the App, you consent to this Policy. If you do not agree, please do not use the App.
PDPA (Malaysia)
HIPAA-inspired safeguards

What data we collect

  • Identity: MRN, IC/passport, name, DOB, contact details.
  • Clinical: visit history, diagnoses, lab results, prescriptions.
  • Device & usage: device model, OS, app version, crash logs.
  • Authentication: tokens/session IDs for secure sign‑in.
  • Notifications: FCM/APNs tokens for push messages.
  • Support: messages you send via help or feedback.
Optional analytics

If enabled by HCTM, basic usage analytics may be collected to improve reliability (e.g., screen views, feature adoption). No advertising profiling.

How we use your data

  • Provide and maintain patient services (appointments, records, results).
  • Secure authentication and fraud prevention.
  • Service communications and important hospital notices.
  • Troubleshooting, error monitoring, and service improvement.
  • Compliance with legal and regulatory obligations.

Legal bases / Consent

Performance of a task in the public interest / healthcare

Processing necessary for patient care by HCTM as a healthcare provider.

Consent (e.g., push notifications, optional analytics)

You may enable/disable these in the App settings at any time.

Legal obligation

We may process or retain data where laws and medical regulations require.

When we share data

  • Within HCTM and authorized clinicians involved in your care.
  • Service providers (e.g., secure hosting, SMS/push delivery) under strict contracts.
  • When required by law, court order, or to protect vital interests.
International transfers

Where data leaves Malaysia, we use safeguards (e.g., SCCs or equivalent) to protect it.

How we protect your data

  • Encryption in transit and at rest where applicable.
  • Access controls, role‑based permissions, and audit trails.
  • Secure software practices, vulnerability management, backups.
No security method is perfect, but we work to continuously improve our safeguards.

Retention

We keep medical and account data only as long as necessary for care, legal, and operational requirements. Push tokens and analytics data are retained for shorter periods or until you revoke consent.

Your choices & rights

  • Access or update certain info in the App.
  • Request copies, corrections, or deletion where applicable.
  • Opt in/out of notifications and optional analytics.
  • Withdraw consent at any time (does not affect past lawful processing).
Submit a request

Email privacy@hctm.edu.my with your name, MRN, and request. We may verify your identity.

Children’s privacy

Where a patient is a minor, access may be provided to a parent/guardian in accordance with hospital policy and applicable laws.

Cookies & local storage

The App uses secure device storage and tokens for login sessions. We do not use third‑party advertising cookies.

Changes to this policy

We may update this Policy from time to time. We will post the new date above and, where appropriate, notify you in‑app.

Contact us

Data Controller:

Bahagian Teknologi Maklumat, Kampus Kuala Lumpur,
Tingkat 2, Blok Bangunan Tambahan,
Kompleks Pendidikan Perubatan Canselor Tuanku Ja’afar,
Hospital Canselor Tuanku Muhriz,
56000 Cheras, Kuala Lumpur, Malaysia

+603-9145 5303/5305/9276

Email: mobileappkkl@ppukm.ukm.edu.my.