PHOTON DIAGNOSTICS AND IMAGING SERVICES LIMITED DATA PROTECTION & PRIVACY POLICY

Effective Date: 20th March 2026

1. Introduction

Photon Diagnostics and Imaging Services Limited is committed to protecting personal and sensitive medical data in accordance with the Kenya Data Protection Act, 2019 and aligned with international best practices including HIPAA principles.

2. Scope

This policy applies to all patients, employees, contractors, referring clinicians, partners, and users of our services and systems.

3. Definitions

1 Personal Data: Information identifying an individual
2 Sensitive Personal Data: Health records, biometric data, imaging
3 Processing: Collection, storage, use, or deletion of data
4 Data Subject: Individual whose data is processed

4. Data Collected

1 Patient demographics and identification details
2 Medical history and imaging records
3 Billing and insurance information
4 Employee and HR records
5 System usage and digital data

5. Purpose of Processing

1 Provision of diagnostic imaging services
2 Clinical reporting and communication
3 Billing and insurance processing
4 Legal and regulatory compliance
5 Training and quality assurance (anonymized)

6. Legal Basis

Processing is based on patient consent, provision of healthcare services, legal obligations, and legitimate interests.

7. Data Sharing

Data may be shared with referring clinicians, insurers, regulators, and authorized IT providers under confidentiality agreements. No sale of personal data occurs.

8. Data Security

1 Secure PACS/RIS systems
2 Role-based access controls
3 Encryption of sensitive data
4 Confidentiality agreements
5 Regular audits and monitoring

9. Data Retention

Data is retained according to Kenyan healthcare regulations and securely disposed when no longer required.

10. Data Subject Rights

1 Access to personal data
2 Correction of inaccurate data
3 Deletion where applicable
4 Withdrawal of consent
5 Complaint to Data Commissioner

11. HIPAA Alignment

Although not directly regulated by HIPAA, the organization adopts similar safeguards for protecting health information including administrative, technical, and physical controls.

12. Data Breach Management

All breaches will be assessed, contained, and reported in line with legal requirements.

13. Contact

Photon Diagnostics and Imaging Services Limited
Nairobi, Kenya
Email: info@photon.co.ke
Phone: +254719249113