Rabito Clinic Limited (“RCL”, “us” or “we”) understands that confidentiality and protection of your privacy are important constituents of your business relationship with RCL. You expect that RCL will responsibly maintain any information RCL may collect from you.
PLEASE NOTE: Africa Health Holdings Notice of Privacy Practices (NPP) is a separate document that governs how medical information about you may be used and disclosed by Africa Health Holdings, Ltd. You may access a copy of our Notice of Privacy Practices electronically at the link below, or upon request, you may obtain a paper copy by contacting our Privacy Officer at email@example.com.
Who We Are
You are visiting the website of RCL. This Notice describes the privacy practices of RCL (its clinics, hospitals, other medical facilities, and affiliates) and the physicians, nurses, technicians and other individuals who work at or in conjunction with RCL.
Availability Of Your Information
RCL may collect and maintain personal information about you and non-personal information about your access to this website. The information RCL collects includes information that you voluntarily submit when you contact us through this website. Your submissions may contain personal information that can identify you and your business, individually, including your name(s), address(es), telephone number(s), electronic mail address(es), business or other contact information which, when used by itself or in combination with other available data, might make your identity or the identity of another individual known to RCL.
Additionally, you understand and agree that certain information that may become available to RCL includes other information that cannot identify your person when you visit this website. However, this information includes your Internet Protocol (“IP”) address and the domain name of your Internet Service Provider (“ISP”). As you may be aware, an IP address is a number that is automatically and specifically assigned to your computer by the ISP computer, through which you access the World Wide Web. In addition, a domain name is the name of the ISP computer, itself, through which you are accessing the World Wide Web.
Types of Information Collected
We may collect two types of information from you: Personal Information and Browsing Information.
Personal Information: The types of Personal Information collected by RCL may include, among other things, the following categories of information (collectively, “Personal Information”):
Contact information (e.g., your name, mailing address, telephone number, email address, password);
Demographic information (e.g., date of birth, marital status);
Resume information (e.g., education, work and military history, legal work eligibility status);
Personal financial information, or other personal information that you choose to disclose to us.
NOTE: In general, we do not collect Personal Information unless you choose to provide it to us. You are generally not required to submit any Personal Information to use our Site; however, you may be asked to provide Personal Information to gain access to some of our content. For example, you may choose to provide your contact information in order to receive information from us regarding employment opportunities, our medical services or to register for an event.
Browsing Information. RCL may collect browsing and other technical information about you when you visit our Site. This may include, among other things, the following categories of information (collectively, “Browsing Information”):
Domain name system requirements;
Browsing histories, such as time spent at a domain, time and date of your visit, and number of clicks;
HTTP headers, application client and server banners;
Similar behavioral and usage information.
Use of Your Information
RCL uses information provided through this website to fulfill your requests and any issues arising out of, and relating to, RCL’s relationship with you. RCL will not rent, sell, or share your personal information with third-parties without your consent, except in accordance with these principles or pursuant to a legal request such as a search warrant, court order, subpoena, national security letter or other requests from law enforcement or regulatory authorities. Furthermore, you understand and agree that RCL may also use or disclose your information to prevent fraudulent transactions, to protect the rights or property of RCL, our shareholders/investors or clients, this website or its users, or when we otherwise believe, in good faith, that the law requires such use/disclosure. RCL may also share your personal information with a successor in interest in connection with a proposed or actual sale, merger or transfer of all or a portion of a business or an operating unit.
You understand and agree that in order to best serve you and your requests, RCL may share your personal information with affiliates, business partners or others, who work for/with us, for the specific purpose of enabling them to perform certain business services for us. We may also choose to combine personal information you have voluntarily submitted with other information about you for our internal business purposes.
Finally, although it is not currently our policy, RCL reserves the right to sell or share non-personal information collected with third-parties. The non-personal information RCL may collect regarding visits to this website is used to help RCL better understand its audience and improve the website. Through logging visitors’ IP addresses and domain names, RCL places itself in a better position to monitor the use of its website, including the number of visits to this website, the average time spent by visitors on this website, the number of pages viewed by visitors to this website, and various other website statistics that RCL and its website administrator considers relevant and helpful. It is important to know that RCL does not link IP addresses or domain names with any personally identifiable information. Consequently, any visitor to this website will remain anonymous.
We may employ third party companies and individuals to facilitate our Site ("Service Providers"), to operate the Site on our behalf, to perform Site-related services or to assist us in analyzing how our Site is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Our service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18 without consent from a parent or legal guardian. If you are a parent or guardian and you are aware that your children provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
An Act of the Parliament of the Republic of Ghana, entitled Data Protection Act, established on May 10, 2012:
An act to establish a Data Protection Commission, to protect the privacy of the individual and personal data by regulating the processing of personal information, to provide the process to obtain, hold, use or disclose personal information and for related matters.
RCL is in full compliance with the Data Protection Act of 2012. All Covered Entities that operate in Ghana follow the guiding principles of this act in their handling of patient and employee data. By extension, any business associates and subcontractors that are exposed to identifiable client data must also pledge to comply with all applicable guidelines of the Data Protection Act.
Our Commitment to Patient (Health Care) Privacy
We are dedicated to maintaining the privacy of your medical information. As a part of our continued mission to provide quality healthcare services, we comprehensively create records regarding you and the treatment and services we provide to you (including records relating to psychiatric treatment, drug and alcohol treatment or abuse or HIV status, if any). These records are legally our property; however, we are also required by law and our code of ethics to maintain the privacy of medical and health information about you (“Protected Health Information” or “PHI”) and to provide you with this Notice of our legal duties and privacy practices with respect to PHI. When we use or disclose PHI, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure).
Authorized Use and Disclosures
i.Authorization – We may use or disclose PHI only when (1) you provide us with verbal/written permission on a form (“Your Authorization”) depending on the National legal requirement for said use and/or disclosure, including for certain marketing activities, sale of health information, and (with some exceptions) the disclosure of psychotherapy notes about you, or (2) there is an exception described in Section 4. Further, except to the extent that we have taken action in reliance upon it, you may revoke Your Authorization by delivering a written revocation statement to the Privacy Officer identified in Section 7.
ii Genetic Information – Except in certain cases (such as a paternity test for a court proceeding, anonymous research, newborn screening requirements or pursuant to a court order), we will obtain Your Authorization prior to obtaining or retaining your genetic information (for example, your DNA sample). We may use or disclose your genetic information for any reason only when Your Authorization expressly refers to your genetic information or when disclosure is permitted under National law (including, for example, when disclosure is necessary for the purposes of a criminal investigation, to determine paternity, newborn screening, identifying your body or as otherwise authorized by a court order).
iii. AIDS/HIV/Venereal Diseases – If PHI contains AIDS or HIV related information, that information is confidential and generally will not be disclosed without Your Authorization expressly releasing AIDS or HIV related information except. However, such information may be released without Your Authorization to medical personnel directly involved in your medical treatment. If you are deemed to lack decision-making capacity, we may release such information (only if necessary and unless you request otherwise) to the person responsible for making health care decisions on your behalf (spouse, primary caretaking partner, an appropriate family member, etc.). Under certain circumstances, such information may also be released without Your Authorization for scientific research, certain audit and management functions, and as may otherwise be allowed or required by law or court order.
iv. Alcohol/Drug Abuse Programs – If PHI contains information related to treatment provided in one of our alcohol or drug abuse programs, that information is confidential and shall not be disclosed without Your Authorization expressly releasing alcohol or drug abuse related information except in accordance with applicable law including federal regulations regarding the confidentiality of alcohol and drug patient records.
Non-Authorized Use and Disclosures
Use and/or Disclosure for Treatment, Payment and Health Care
I. Operations – Except as noted in Sections 3 I, II, and III, we may use and/or disclose PHI without Your Authorization for treatment provided to you, obtaining payment for services provided to you and for health care operations (e.g., internal administration, quality improvement, customer service, etc.) as detailed below:
a. Treatment. We use and disclose your PHI to provide quality care and other services to you - for example, a doctor treating your injury or illness may ask another doctor about your overall health condition. RCL Healthcare Providers with permitted access to our Open-Source Electronic Medical Record System, OpenMRS HealthAdm, can also electronically view and use your PHI for the sole purpose of providing treatment to you.
b. Payment. We may use and disclose your PHI to obtain payment for services that we provide to you - for example, disclosures to claim and obtain payment from your health insurer, HMO, or other company that arranges or pays the cost of some or all of your health care (“Your Payor”) to verify that Your Payor will pay for your health care. We may also disclose your PHI to another health care provider for the payment activities of that health care provider.
c. Health Care Operations. We may use and disclose your PHI for our health care operations, which include internal administration and planning and various activities that improve the quality and cost effectiveness of the care that we deliver to you (including operating and troubleshooting our health information technology). For example, we may use your PHI to evaluate the quality and competence of our physicians, nurses and other health care workers. In addition, we may disclose your PHI to external licensing or accrediting bodies for purposes of hospital licensure and review. We may disclose your PHI to our patient representatives in order to resolve any complaints you may have and ensure that you have a comfortable visit with us. Under certain circumstances, we may disclose your PHI to another health care provider for the health care operations of that health care provider if they either have treated or examined you and your PHI pertains to that treatment or examination.
II. Relatives and Close Friends – We may disclose your PHI to a family member, other relative, a close personal friend or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if we: (1) obtain your agreement; (2) provide you with the opportunity to object to the disclosure and you do not object; or (3) reasonably infer that you do not object to the disclosure. If you are not present, or the opportunity to agree or object to a use or disclosure cannot practicably be provided because of your incapacity or an emergency circumstance, we may exercise our professional judgment to determine whether a disclosure is in your best interest. If we disclose information to a family member, other relative, a close personal friend or other person identified by you, we would disclose only information that is directly relevant to the person’s involvement with your health care, payment related to your health care or needed for notification purposes.
III. Public Health – We may disclose PHI for public health activities and purposes, including, without limitation: (1) to report health information to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report child abuse and neglect to public health authorities or other government authorities authorized by law to receive such reports; (3) to report information about banned products under National jurisdiction; (4) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition; (5) to report information to your employer as required under laws addressing work-related illnesses and injuries or workplace medical surveillance; and (6) to report your immunization status to your school if your school is required to have proof of your immunization and you or your parent or guardian agrees to the disclosure.
IV. Health Oversight – We may disclose your PHI to a health oversight agency that oversees RCL care provision facilities and ensures compliance with the rules of any applicable government health programs.
V. Judicial and Administrative Proceedings – We may disclose your PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.
VI. Law Enforcement Officials – We may disclose your PHI to the police or other law enforcement officials, including as required by law; in compliance with a court order; in response to a request for information about a victim of a crime, suspect, fugitive, witness, or missing person; or to report a death, crime, or emergency situation.
VII. Decadents, Organ and Tissue Transplants – We may disclose your PHI to a coroner or medical examiner as authorized by law. We may also release medical information about patients at Atlantic to a funeral director as necessary to carry out his or her duties. Additionally, we may disclose your PHI to organizations that facilitate organ, eye or tissue procurement, banking or transplantation.
VIII Abuse, Neglect or Domestic Violence – If we reasonably believe that you are a victim of abuse, neglect or domestic violence, we may disclose your PHI to a government authority, including social service or protective services agencies, authorized by law to receive reports of such abuse, neglect or domestic violence.
Your Individual Rights
I Additional Information and/or Complaints – If you desire further information about your privacy rights, are concerned that we have violated your privacy rights, or disagree with a decision that we made about access to your PHI, you may contact our Privacy Officer.
II. Request for Additional Restrictions – You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care. If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information. If you wish to request additional restrictions, please email our privacy officer at firstname.lastname@example.org. Please include a contact phone number and we will respond to you by telephone or email.
III. Inspection and Copies of Your Health Records – You may request access to your medical record file and billing records maintained by us in order to inspect and request copies of the records. Under limited circumstances, we may deny you access to a portion of your records. If you desire access to your records, please email our privacy officer at email@example.com. Please include a contact phone number and we will respond to you by telephone or email. You should take note that, if you are a parent or legal guardian of a minor, certain portions of the minor’s medical record may not be accessible to you in accordance with applicable law (for example, records relating to pregnancy, abortion, sexually transmitted disease, substance use and abuse, contraception and/or family planning services).
IV. Amendment of Your Health Records – You have the right to request that we amend PHI maintained in your medical record file or billing records. If you desire to amend your records, please email our privacy officer at firstname.lastname@example.org. Please include a contact phone number and we will respond to you by telephone or email. We have the right to deny your request for amendment. If we deny your request for an amendment, we will provide you with a written explanation of why we denied the request and to explain your rights.
United States of America’s Health Insurance Portability and Accountability Act (HIPPA) (August 21, 1996)
An act created in the United States that sets the standard for protecting sensitive patient data – “Protected Health Information” (PHI). PHI is defined as any identifiable information that can be linked to a specific individual (such as name, social security number, birthdate, physical address, picture, etc.).
Any company in the United States that deals with protected health information must ensure that all of the required physical, network, and process security measures are in place and followed.
Covered Entities (CE): Anyone who provides treatment, payment and operations in healthcare.
Business Associates (BA): Anyone with access to patient info and provides support in treatment, payment or operations.
Subcontractors (i.e. business associates of business associates) must also be in compliance.
The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines US national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI).
HIPAA-Compliant hosting providers must have certain administrative, physical and technical safeguards in place, according to the United States Department of Health and Human Services. The goal is to ensure the confidentiality, integrity and security of ePHI.
RCL does not currently treat patients in the United States and therefore does not fall under the jurisdiction of the United States. However, as an International organization and African leader in healthcare, RCL regards the example set by HIPAA very highly. Therefore, the HIPAA guidelines have been carefully reviewed and RCL has ensured alignment with all relevant principles and requirements.
1. Administrative Safeguards: Incorporates the implementation of security measures that reduce the risks and vulnerabilities to PHI. RCL provides workforce training and management for all employees of covered entities (CEs) with access to PHI. Our organization has pledged to apply appropriate sanctions against those members who violate its policies and procedures.
2. Physical Safeguards: Include limited facility access and control, with authorized access in place. RCL has created policies about use and access to workstations and electronic media for all CEs. This includes transferring, removing, disposing and re-using electronic media and ePHI.
3. Technical Safeguards: Require access control to allow only authorized personnel to access ePHI. Access control includes using unique user IDs, an emergency access procedure, automatically timed log-off and encryption/decryption. Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. The RCL technical policy also covers integrity controls i.e. measures put in place to ensure that ePHI is not wrongfully altered or destroyed.
Network security is the last technical safeguard required to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, internet, or even a private network, such as a private cloud.
A supplemental act was passed in 2009 called the Health Information Technology for Economic and Clinical Health (HITECH) which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules.
The Final HIPAA Omnibus Rule was passed in 2013 which strengthened privacy and security protections for PHI by adding more accountability for vendors & business associates who access ePHI. Additionally, this supports the United States government’s ability to enforce the law.
These two fortifications of the original HIPAA guidelines represent confidence in the initial decision and a commitment to the important issue of patient data privacy and security. Furthermore, RCL views this diligent and determined approach to addressing these safety concerns as a clear indication of these governing bodies’ understanding of the severe negative impacts that the mishandling of patient data could present. Therefore, RCL has embraced the moral responsibility to accordingly protect all personal data that our patient population has entrusted us with.
Administrative, Physical and Technical Guidelines
Only staff members and care providers who have received the aforementioned training are authorized to use installed computers onsite which contain/provide access to electronic PHI.
Each computer is accessed by different staff members and care providers as they rotate between their respective shifts. Every employee at our clinics and hospitals has a unique username and password for computer home screen access. They are required to enter their unique logins and passwords at the start of each computer session, and are trained and required to log off each time they walk away from a computer and/or at the end of their computer session/shift.
Additionally, each staff member and care provider has unique login and password information for our OpenMRS EMR system, “HealthAdm”. They are required to enter their unique logins and passwords at the start of each EMR session, and are trained and required to log off each time they walk away from a computer and/or at the end of their EMR session/shift.
As a safeguard, each computer session times out after being left idle for 5 minutes. The lack of activity automatically logs the user out, and they are required to re-enter their username and password to resume their session.
As a safeguard, each EMR session times out after being left idle for 30 minutes. The lack of activity automatically logs the user out, and they are required to re-enter their username and password to resume their session.
Security of Your Information
AHH takes reasonable precautions to protect all personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction. Furthermore, RCL employees are required to safeguard the confidentiality of your information, and we understand the importance of maintaining client confidentiality and privacy. However, you understand and agree that RCL does not warrant or represent that our level of security meets or exceeds any particular standard. Finally, due to the fact that most of the
information you provide to us will be collected over the internet, we cannot provide a 100% guarantee regarding security of this information.
Connections to Other Websites
This website may contain links or references to other websites, as a convenience to visitors who access this website. You understand and agree that this Privacy Principles only applies to this website and its contents. RCL is not responsible for the privacy practices or the content of any other websites. We encourage all visitors to this website to read the privacy principles of every website you visit.
RABITO CLINIC LIMITED (“RCL”) MAY SPONSOR AND PUBLISH POSTS ON OR THROUGH PAGES, PROFILES, ACCOUNTS, FEEDS, CHANNELS OR OTHER PORTIONS OF VARIOUS SOCIAL MEDIA PLATFORMS, INCLUDING BUT NOT LIMITED TO LINKEDIN, FACEBOOK, AND TWITTER.
About RCL’s Posts
No RCL post published on any social media platform shall be an offer to sell or a solicitation of an offer to buy shares of RCL or an investment in, or through, RCL, to any person, in any jurisdiction. Additionally, all RCL posts published on any social media platform are for informational purposes only and should not be considered as investment advice or a recommendation to invest in any particular security, strategy or investment product.
RCL posts on social media may include statements concerning market trends and are based on current market conditions, which will fluctuate and may be superseded by subsequent market events or for other reasons. Historic market trends are not reliable indicators of actual future market behavior or future performance of any particular investment which may differ materially, and should not be relied upon, as such. The investment strategy and broad themes discussed, herein, may be unsuitable for investors depending on their specific investment objectives and financial situation. The information contained in posts has been obtained from sources believed to be reliable, but not guaranteed. You should note that the materials on the social media platforms are provided “as is,” without any express or implied warranties. Past performance is not a guarantee of future results. All investments involve a degree of risk, including the risk of loss. No part of RCL’s posts may be reproduced in any form, or referred to in any other publication, without express written permission from RCL.
RCL posts may provide links to third-party websites only as a convenience and the inclusion of such links does not imply any endorsement, approval, investigation, verification or monitoring by RCL of any content or information contained within or accessible from the linked sites. While we make every attempt to provide links only to those websites we think are trustworthy and accurate, we cannot be responsible for the content or accuracy of the information presented on those websites and we specifically disclaim any liability for any loss or damages which you may incur, directly or indirectly, as a result of your use of them. We reserve the right to terminate a link to a third-party website at any time.
General User Guidelines
Due to the highly regulated nature of our industry and as a matter of policy, in some instances, RCL may not reply to user comments. Please ensure that your contributions in
relation to any RCL posts are relevant and topical. Do not publish your own advertisements of any kind on any RCL social media page or with respect to any RCL posts. We ask you to be respectful and courteous and refrain from publishing, including through hyperlinks, inappropriate or offensive material on any RCL social media page. Do not attempt to promote investments (this includes posting testimonials, giving investment advice, or making recommendations about specific securities, securities strategies, products or services) on any RCL social media page. Do not attempt to submit to RCL any personal, confidential or account information through any RCL social media page. RCL is not subject to any obligations of confidentiality regarding information submitted to them through any RCL social media page or otherwise through any social media platform.
Third-Party Posts on Any RCL Social Media Page
While RCL may monitor third-party posts published on any RCL social media page, such posts are not reviewed before being displayed. Third-party posts on any RCL social media page are the view and responsibility of the third-party, not RCL. RCL cannot guarantee the appropriateness, accuracy or usefulness of any third-party posts or of any third-party hyperlink, nor are we responsible for any unauthorized or copyrighted materials contributed by a third-party in any RCL social media page. RCL reserves the right to remove or edit any third-party posts or comments on any RCL social media page that are inappropriate or that violates (or may violate) applicable regulations.
RCL does not publish or otherwise disseminate statements relating to current or former clients’ positive experiences with or endorsements of RCL and expect you to refrain from publishing such posts on any RCL social media page. You should limit your posts on any RCL social media page to investment themes rather than commenting, positively or negatively, on RCL, its shareholders, investors, clients, services or personnel. Although our clients may follow this account, this should not be interpreted as a testimonial regarding any client’s experience with our company.
Any descriptions of, references to, or links to other products, publications or services do not constitute an endorsement, authorization, sponsorship by, or affiliation with RCL, with respect to any hyperlinked site or its sponsor, unless expressly stated by RCL. RCL expressly disclaims any responsibility for the posts, the accuracy of the information, and/or quality of products or services provided by or advertised on these third-party sites, as posted by third parties on any RCL Social media page.
Use Social Media Platforms at Your Own Risk
RCL is in no way affiliated with any social media site and has no responsibility for any social media site’s operations and services. RCL and its respective affiliates, directors, officers, or employees are not liable for any direct, indirect, incidental, consequential, punitive or special damages arising out of or in any way connected with your access or use of, or inability to access or use, a social media platform, any RCL social media page, thereon, or reliance on any RCL post or any failure of performance, interruption, defect, delay in transmission, computer viruses or other harmful components, or line or system failure associated with a social media platform or any RCL social media page, thereon. Use of a social media platform or any RCL social media page, thereon, is at your own risk.
If you have any inquiries about your privacy with RCL, please do not hesitate to contact us through our contact page on this website.
We look forward to being of service to you.