top of page

Privacy Policy

PsychChart | Effective Date: 26 April 2026 | Version 1.0

1. Introduction

This Privacy Policy describes how Dr. Aana Shah ("the Clinician", "we", "us") collects, uses, stores, and protects personal and health data through the PsychChart practice management system ("the App").

By using the App, you acknowledge that you have read and understood this policy. This policy applies to clinicians using PsychChart and patients whose data is processed through it.

 

2. Who We Are

Data Fiduciary: Dr. Aana Shah, Consultant Psychiatrist

Contact: +91 91577 71389 | www.draanashah.com

Clinics: Apoorva Hospital, Mehdipatnam, Hyderabad | ASHA Neuromodulation Clinic, Kokapet, Hyderabad

 

3. What Data We Collect

3.1 Patient Data

  • Name, date of birth, age, gender, occupation, location

  • Clinical notes, session records, mental state examination findings

  • Diagnosis (ICD-11 coded)

  • Phone number (for appointment reminders)

3.2 Clinician Data

  • Username and encrypted password (stored locally)

  • Session activity logs (audit trail)

3.3 What We Do Not Collect

  • Payment or financial information

  • Biometric data

  • Social media profiles or third-party account data

  • Data from minors without appropriate guardian consent

 

4. How We Use Your Data

  • To provide and maintain clinical records

  • To generate prescriptions, medical certificates, and clinical letters

  • To send appointment reminders and Care Log check-in prompts via WhatsApp

  • To display mood, sleep, and adherence trends to the treating clinician

  • To maintain an audit trail of all record access and modifications

We do not use patient data for marketing, advertising, or any purpose other than direct clinical care.

 

5. Legal Basis for Processing

We process personal data on the following legal bases under the Digital Personal Data Protection Act 2023 (DPDP Act):

  • Consent: Obtained from patients before Care Log activation and digital record keeping

  • Legitimate interest: Maintenance of clinical records as required by applicable medical regulations

  • Legal obligation: Compliance with the Clinical Establishments Act 2010, MoHFW EHR Standards 2016, and applicable state regulations

 

6. Data Storage and Security

PsychChart operates on a self-hosted, locally controlled server. Patient data is stored in an encrypted SQLite database on infrastructure controlled exclusively by the clinician.

Key security measures:

  • Patient data is never stored on third-party cloud servers

  • No patient data is processed by any artificial intelligence system

  • PDF documents are encrypted and edit-locked

  • Session authentication uses HMAC-SHA256 signed tokens

  • All data access is logged in a tamper-evident audit trail

  • Passwords are stored using PBKDF2-SHA256 with 310,000 iterations

Data is stored in India (Mumbai region VPS) in compliance with applicable data localisation requirements.

 

7. Data Retention

Medical records are retained for a minimum of 7 years from the date of last consultation, in accordance with the Clinical Establishments Act 2010 and applicable state regulations. After this period, records are deleted unless retention is required for ongoing care or legal proceedings.

 

8. Patient Rights

Under the DPDP Act 2023, patients have the following rights:

  • Right to access: Request a copy of your personal data held by us

  • Right to correction: Request correction of inaccurate or incomplete data

  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements

  • Right to withdraw consent: Withdraw consent for Care Log data collection at any time

  • Right to grievance redressal: Raise concerns about data processing

To exercise any of these rights, contact us at +91 91577 71389 or through www.draanashah.com. We will respond within 30 days.

 

9. WhatsApp Communications

With your consent, we may send appointment reminders and Care Log prompts via WhatsApp. These messages are sent from a dedicated WhatsApp Business number. You may opt out at any time by informing the clinic. We do not share your phone number with any third party for marketing purposes.

 

10. Third Parties

We do not sell, rent, or share patient data with third parties. Limited data may be shared only in the following circumstances:

  • With other treating clinicians, only with your explicit consent

  • Where required by law (court order, regulatory authority)

  • In a medical emergency where your life is at risk

 

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to active patients. Continued use of the Care Log after notification constitutes acceptance of the updated policy.

 

12. Grievance Officer

In accordance with the DPDP Act 2023:

Grievance Officer: Dr. Aana Shah

Contact: +91 91577 71389 | www.draanashah.com

Response time: Within 30 days of receipt of grievance

 

Last updated: 26 April 2026

Email: draanashah@protonmail.com
Whatsapp: +91-91577 71389

Mon/Tue/Wed/Thu/Fri/Sat: 2 PM - 6 PM (Asha Neuromodulation Clinic, Kokapet):
+91 70755 65262
Wed/Thu/Sat: 9 AM - 12 PM (Apoorva Hospital, Mehdipatnam):
+91 7207903232

10 AM-12 PM and 7-9 PM on selected days (Online consultations)

​Sunday: Closed

  • Instagram
  • LinkedIn
  • Whatsapp

© 2025 Aana Shah. Powered and secured by Wix

bottom of page