Table of Contents
Patient Data & Consent Policy – Lumos Polyclinic L.L.C.
Effective Date: October 18, 2025
By receiving medical, dental, aesthetic, or dermatological services at Lumos Polyclinic L.L.C., you grant explicit consent for the collection, processing, and secure storage of your personal and health data. This policy explains how your information is handled in compliance with UAE Federal Data Protection Law No. 45 of 2021, Dubai Health Authority (DHA), and Ministry of Health and Prevention (MOHAP) regulations.
1. Purpose of Data Collection
- To provide safe, high-quality clinical care and document medical history.
- To process billing, insurance, and regulatory submissions.
- To communicate appointment reminders, test results, or treatment follow-ups.
- To meet legal obligations under DHA, MOHAP, and NABIDH frameworks.
2. Data Processing and Security
Your health information is securely stored in the iHealthConnect Electronic Medical Record (EMR) system, hosted within the UAE and compliant with NABIDH cybersecurity standards. Access is strictly role-based and audited. Physical and digital safeguards prevent unauthorized access, loss, or misuse.
3. Legal Basis and Consent
Processing of personal and health data is lawful when it is:
- Necessary for the provision of healthcare and diagnosis.
- Required for billing or insurance processing.
- Mandated by DHA/MOHAP for reporting or public-health obligations.
- Carried out with your explicit written consent for non-clinical uses (e.g., marketing, research, photos).
4. Marketing and Communications
We may send health tips, appointment reminders, and promotional messages through SMS, WhatsApp, or email only after obtaining your explicit consent. You may withdraw consent anytime without affecting your right to medical treatment.
5. Photography, Video & Testimonial Consent
Clinical photos or videos taken for diagnostic or marketing purposes require your separate signed consent. Identifiable images will never be used publicly without your written approval. Educational or anonymized materials may be used for staff training or audits under DHA guidelines.
6. Data Sharing and Disclosure
Your data may be shared with:
- Licensed clinicians involved in your care.
- Insurance companies or TPAs for claim processing.
- Authorized laboratories, pharmacies, or referral centers.
- DHA, MOHAP, and NABIDH for mandated health reporting.
7. Data Retention
Medical records are retained for a minimum of 25 years from the last treatment date, as required by DHA regulations. Non-clinical data (marketing or administrative) is retained only as long as necessary to fulfill its purpose.
8. Data Breach Notification
In the unlikely event of a data breach, Lumos Polyclinic will notify affected individuals and the relevant authorities (DHA/MOHAP) within the legally required timeframe and take corrective actions immediately.
9. Withdrawal of Consent
You may withdraw consent for marketing, photography, or other non-treatment data processing at any time by contacting info@lumosclinics.com. Withdrawal does not affect lawful processing already performed or required for clinical care.
10. Patient Rights
- Access and review your medical record.
- Request correction of inaccurate information.
- Request a summary or transfer of your record to another licensed facility.
- Submit privacy-related complaints to DHA or MOHAP if unresolved.
11. Contact Information
For data-protection or consent-related inquiries, please contact our Data Protection Officer:
Lumos Polyclinic L.L.C.
📧 info@lumosclinics.com
📍 Sheikh Zayed Road, Dubai, UAE
☎ +971 4 352 4140
مجمع لوموس الطبي ذ.م.م
📧 info@lumosclinics.com
📍 شارع الشيخ زايد، دبي، الإمارات العربية المتحدة
☎ +971 4 352 4140