HIPAA COMPLIANT

Privacy & Data Protection

Your privacy and the security of health information are our highest priorities. We maintain the highest standards of data protection and HIPAA compliance.

Last updated: November 17, 2025
Quick Navigation
Important: This privacy policy outlines how we handle and protect Protected Health Information (PHI) in compliance with HIPAA regulations.

1. Overview & Commitment

AfyaLink TeleHealth ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our telemedicine platform.

HIPAA Compliant
Full regulatory compliance
End-to-End Encryption
Bank-level security
Data Protection
Your privacy protected
Legal Compliance
Healthcare regulations

2. Information We Collect

We collect several types of information to provide and improve our telemedicine services:

Personal Information
  • Name, contact details, and demographic information
  • Date of birth and government-issued identification
  • Insurance information and payment details
  • Emergency contact information
Protected Health Information (PHI)
  • Medical history, conditions, and treatment records
  • Medication lists and prescription information
  • Laboratory and test results
  • Clinical notes and progress reports
  • Vital signs and health monitoring data
Technical Information
  • IP address, browser type, and device information
  • Usage data and platform interaction metrics
  • Cookies and similar tracking technologies
  • Video consultation quality metrics

3. How We Use Your Information

We use collected information for the following purposes:

Healthcare Delivery
Providing medical consultations, treatment plans, and prescriptions
Communication
Appointment reminders, test results, and follow-up care
Service Improvement
Enhancing platform features and user experience
Security & Compliance
Monitoring for fraudulent activity and ensuring regulatory compliance

4. Data Sharing & Disclosure

We may share your information in the following circumstances:

Healthcare Operations: We share PHI with your healthcare providers for treatment, payment, and healthcare operations as permitted by HIPAA.
  • With Your Consent: When you explicitly authorize sharing with specific parties
  • Healthcare Providers: Other medical professionals involved in your care
  • Insurance Companies: For billing and payment processing
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • Service Providers: With vendors who help us operate our platform (under strict data protection agreements)

5. Your Rights (HIPAA Rights)

Under HIPAA, you have the following rights regarding your Protected Health Information:

Right to Access
View and obtain copies of your health records
Right to Amend
Request corrections to inaccurate information
Right to Restrict
Limit certain uses and disclosures of your PHI
Right to Portability
Receive your health information in electronic format
Right to Complain
File complaints about privacy violations
Right to Accounting
Receive a list of disclosures of your PHI

6. Data Security Measures

We implement comprehensive security measures to protect your information:

Encryption
  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • End-to-end encryption for video consultations
Access Controls
  • Multi-factor authentication
  • Role-based access permissions
  • Regular access reviews and audits
Infrastructure
  • SOC 2 Type II certified data centers
  • Regular security penetration testing
  • 24/7 monitoring and threat detection
Compliance
  • HIPAA Security Rule compliance
  • Regular risk assessments
  • Employee training and awareness

7. Compliance Standards

Our platform adheres to the following healthcare compliance standards:

HIPAA
Health Insurance Portability and Accountability Act
HITECH Act
Health Information Technology for Economic and Clinical Health
GDPR
General Data Protection Regulation (EU)

8. Data Retention

We retain personal information only as long as necessary for legitimate business purposes and as required by law:

  • Medical Records: Retained for a minimum of 6 years from last activity, or as required by state law
  • Financial Records: 7 years for tax and accounting purposes
  • User Accounts: Until account deletion request or 2 years of inactivity
  • Backup Data: Securely encrypted backups maintained for 30 days

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide notice through our platform or via email at least 30 days before the changes take effect.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

Email

privacy@afyalink.com

Phone

+254 720 445005

Address

AfyaLink TeleHealth
2-19261 Katani Rd.
Off Msa. Rd.
Nairobi, Kenya

Response Time

We aim to respond to all privacy inquiries within 24 hours.

For HIPAA Complaints: If you believe your privacy rights have been violated, you may file a complaint with the Secretary of the Department of Health and Human Services.