We collect and use personal information to provide hospital online services such as encounter check-in and payment, ward discharge payment, appointment change requests, and clinical chatbot guidance (subject to access control).

We apply safeguards to protect your data. Access is limited based on authentication and permission rules.

Depending on the service, we may collect:

• Identity information (e.g., MyKad/Passport, MRN, appointment reference)
• Contact information (e.g., phone number, email)
• Appointment and encounter details (e.g., clinic, date/time, status)
• Payment-related details (e.g., amount, payer type, transaction reference)
• System and usage logs (e.g., IP address, device/browser info, timestamps)
• Clinical chatbot interactions (messages you type and relevant permitted context)

We use your information to:

• Verify your identity and link you to your appointment/record
• Process encounter check-in and generate reference numbers
• Process online payments and generate receipts
• Handle ward discharge billing and payment confirmation
• Receive and track appointment change requests
• Provide clinical chatbot guidance (informational; not a replacement for medical advice)
• Improve portal performance, reliability, safety, and audit compliance

The clinical chatbot is designed to provide informational guidance only. It does not replace a doctor’s assessment.

When you are authenticated, the chatbot may be supplied with permitted medical record context (e.g., recent notes, labs, radiology summaries) to improve relevance. This context is limited by access control rules and hospital policy.

For safety and quality, chatbot interactions may be logged and reviewed under authorised processes.

We may share information only when necessary, such as:

• With authorised hospital staff for care and administrative processing
• With payment gateway providers to process transactions
• With service providers supporting the portal (under confidentiality and security controls)
• When required by law, regulation, or official directive

We do not sell your personal information.

We use technical and organisational measures to protect data, which may include:

• Authentication and role-based access controls
• Encrypted communication (TLS/HTTPS)
• Audit logs for sensitive actions (payments, access, requests)
• Security monitoring, rate limiting, and abuse prevention

No system is 100% secure, but we continuously improve protections based on risk and compliance needs.

We retain information only as long as necessary for the purposes stated, and as required by applicable laws, regulations, and hospital record retention policies.

Payment records and audit logs may be retained longer for accountability and compliance.

You are responsible for:

• Keeping your account credentials secure
• Ensuring the information you provide is accurate
• Not attempting to access another person’s records

The portal may use cookies or similar technologies to maintain sessions, improve experience, and enhance security. Basic analytics may be used to understand usage and improve service quality.

Disabling cookies may affect portal functionality (e.g., sign-in sessions).

We may update this policy from time to time. The latest version will be published on this page.

Continued use of the portal after updates indicates acceptance of the revised policy.