Privacy Policy

1. Introduction

Welcome to St. Crispin Afya Hospital ("we," "our," "us"). We are committed to protecting your privacy and ensuring the confidentiality of your medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

St. Crispin Afya Hospital is registered under KMPDB as a Level 3B nursing home and operates in compliance with Kenyan health information privacy laws, including the Data Protection Act, 2019, and the Health Act, 2017.

Legal Basis: We process your personal data based on your consent, contractual necessity, legal obligations, and legitimate interests in providing healthcare services.

2. Information We Collect

We collect various types of information to provide you with quality healthcare services:

Personal Identification Information

Full name, date of birth, gender, and national ID/passport number
Contact information (address, phone number, email address)
Emergency contact details
Insurance information (policy number, insurer details)

Medical Information (Protected Health Information - PHI)

Medical history, diagnoses, and treatment records
Laboratory and diagnostic test results
Medication lists and allergies
Vital signs and clinical observations
Immunization records
Surgical and procedure records

Website Usage Information

IP address, browser type, and device information
Pages visited, time spent on our website
Referral sources and clickstream data
Form submissions and appointment requests

Payment Information

Billing details and payment history
Insurance claims and coverage information
Financial assistance documentation (when applicable)

3. How We Use Your Information

We use the information we collect for the following purposes:

Healthcare Provision

To provide medical treatment, diagnosis, and coordinate your care

Billing & Insurance

To process payments, submit insurance claims, and manage accounts

Appointment Management

To schedule, confirm, and remind you of appointments

Quality Improvement

To improve our services, patient outcomes, and hospital operations

Legal Compliance

To comply with regulatory requirements and legal obligations

Communication

To respond to inquiries, send health information, and updates

4. Information Sharing

We respect your privacy and only share your information when necessary:

Important: We will never sell your personal or medical information to third parties.

5. Data Security

We implement robust security measures to protect your information:

Encryption of electronic health records

Role-based access controls

Regular security audits and risk assessments

Staff training on data protection

Secure backup and disaster recovery systems

24/7 surveillance and access logging

6. Your Rights

Under Kenyan data protection law, you have the following rights:

Right to Access

Request a copy of your medical records

Right to Rectification

Correct inaccurate or incomplete information

Right to Erasure

Request deletion of your data (with limitations)

Right to Restrict Processing

Limit how we use your information

Right to Data Portability

Receive your data in a portable format

Right to Object

Object to certain data processing activities

Right to Withdraw Consent

Withdraw previously given consent

Right to Lodge Complaint

Complain to the Office of the Data Protection Commissioner (ODPC)

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the information in the "Contact Us" section below. We will respond within 30 days as required by law.

Submit a Privacy Request

7. Cookies & Tracking Technologies

Our website uses cookies to enhance your browsing experience:

You can manage cookie preferences through your browser settings. However, disabling cookies may affect website functionality.

8. Third-Party Links

Our website may contain links to third-party websites (e.g., insurance partners, government health portals). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

9. Children's Privacy

Our services are primarily for adults. For pediatric patients, we collect medical information only with parental or legal guardian consent. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

Posting the updated policy on our website
Updating the "Last Updated" date at the top of this page
Providing prominent notice for material changes

We encourage you to review this policy regularly to stay informed about how we protect your information.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Data Protection Officer (DPO)

St. Crispin Afya Hospital

Address

Kajiado Town, Kajiado County, Kenya

Coordinates: 1°50'48.3"S 36°47'04.9"E

Phone

General Inquiries: 0745 404646

Privacy Office: 0742 056597

Email

Privacy Matters: privacy@stcrispinhos.org

General: info@stcrispinhos.org

Regulatory Authority

If you are not satisfied with our response, you have the right to lodge a complaint with:

Office of the Data Protection Commissioner (ODPC)
P.O. Box 3097-00100, Nairobi, Kenya
Email: info@odpc.go.ke
Website: www.odpc.go.ke

Table of Contents