Duly Mychart Privacy Policy

Effective Date: 20/12/25

1. Introduction

Duly Health and Care (“Duly,” “we,” “us,” or “our”) is committed to protecting the privacy, security, and confidentiality of our patients’ personal and health information.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you receive care, use our services, visit our websites, or access our patient portals and digital tools.

2. Information We Collect

We may collect the following categories of information:

a. Personal Information

  • Name, date of birth, gender
  • Address, email address, phone number
  • Emergency contact information
  • Insurance and billing information

b. Health Information (Protected Health Information – PHI)

  • Medical history, diagnoses, treatment plans
  • Test results, imaging, prescriptions
  • Physician and clinical notes
  • Appointment and care coordination details

c. Technical and Usage Information

  • IP address and device information
  • Browser type and operating system
  • Portal login activity and usage data
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

  • Provide, coordinate, and manage healthcare services
  • Diagnose and treat medical conditions
  • Process payments and insurance claims
  • Communicate with you about appointments, care, and services
  • Improve the quality, safety, and efficiency of care
  • Comply with legal, regulatory, and accreditation requirements
  • Support healthcare operations such as quality assessment and training

4. How We Share Your Information

We may share your information in the following circumstances:

a. Treatment, Payment, and Healthcare Operations

  • With physicians, nurses, specialists, and other healthcare providers
  • With insurance companies and payers for billing and reimbursement
  • For internal administrative and operational purposes

b. Business Associates

We may share information with trusted third parties (e.g., IT vendors, billing services) who perform services on our behalf and are contractually required to protect your information.

c. Legal and Regulatory Requirements

We may disclose information when required by law, including:

  • Public health reporting
  • Law enforcement requests
  • Court orders and subpoenas
  • Health oversight activities

d. With Your Authorisation

We may share information for purposes not described in this policy only with your written permission, which you may revoke at any time.

5. Your Privacy Rights

You have rights regarding your health information, including:

  • Right to Access: Request a copy of your medical records
  • Right to Amend: Request corrections to inaccurate or incomplete information
  • Right to Restrict: Request limits on certain uses or disclosures
  • Right to Confidential Communications: Request communication in a specific way or location
  • Right to an Accounting of Disclosures: Request a list of certain disclosures made
  • Right to a Copy of This Notice: Request a paper or electronic copy

Requests must be submitted in writing and may be subject to applicable fees or legal limitations.

6. Patient Portals and Online Services

When you use Duly Mychart patient portal or digital tools, you may:

  • View test results and visit summaries
  • Schedule or manage appointments
  • Communicate securely with providers
  • Update personal and insurance information

You are responsible for safeguarding your login credentials and promptly notifying us of any unauthorised access.

7. Cookies and Tracking Technologies

Our websites may use cookies and similar technologies to:

  • Enhance website functionality
  • Improve user experience
  • Analyse website traffic and performance

You can adjust your browser settings to manage or block cookies, although some features may be limited.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption and secure networks
  • Access controls and authentication measures
  • Regular security monitoring and training

Despite our efforts, no system can be guaranteed 100% secure.

9. Data Retention

We retain personal and health information for as long as necessary to:

  • Provide care and services
  • Comply with legal and regulatory obligations
  • Resolve disputes and enforce policies

Retention periods vary based on record type and applicable law.

10. Children’s Privacy

Our services are intended for patients of all ages. Information about minors is handled in compliance with applicable federal and state laws, including parental and guardian access rights.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will apply to both existing and new information. Updated versions will be made available through our facilities or online platforms