Privacy Policy for Medical Device Software
Effective Date: April, 2025
Medibyt (“we,” “our,” or “us”) values your privacy.
This Privacy Policy explains how we collect, use, and protect your information when you visit our website: www.medibyt.com (“Site”).
1. Purpose
This Privacy Policy explains how Medibyt Ltd. collects, uses, stores, shares, and protects personal information and health data processed through our medical device platform (“the platform”).
The policy ensures compliance with applicable U.S. regulations, including:
-U.S. Food and Drug Administration (FDA) regulations for medical devices
-Health Insurance Portability and Accountability Act (HIPAA), where applicable
-21 CFR Part 11 requirements for electronic records and signatures
-Applicable state and federal privacy laws
2. Information We Collect
The Software may collect the following categories of information:
Personal Information: Name, contact details, patient identifiers.
Health Information: Clinical data, physiological measurements, device outputs, treatment data.
Device and Technical Data: Device ID, operating system, usage logs, error reports.
User Account Information: Login credentials, role-based access details.
We collect this information to support safe and effective use of the Platform, meet regulatory requirements, and enable secure communications between users and healthcare providers.
3. How We Use Information
The Software and associated services use collected data for:
-Delivering medical functions and device performance.
-Ensuring accuracy, safety, and effectiveness of the Platform.
-Regulatory compliance, quality management, and adverse event reporting.
-Technical support, troubleshooting, and software updates.Improving device functionality and cybersecurity.
-We do not use or disclose personal health information for marketing purposes without explicit authorization.
4. Data Storage and Retention
-Data is stored securely in compliance with FDA cybersecurity expectations and HIPAA safeguards.
-Electronic records comply with 21 CFR Part 11 (audit trails, secure access, tamper resistance).
-Retention periods follow applicable regulations and company policies (e.g., complaint files and device records retained for the device’s lifetime + 2 years).
5. Data Sharing and Disclosure
We may share data only in the following circumstances:
-With authorized healthcare providers or caregivers, as directed by the user.
-With regulators (e.g., FDA) when required for safety reporting, recalls, or compliance.
-With service providers (cloud hosting, analytics, cybersecurity monitoring) under strict confidentiality and security obligations.
-As required by law, court order, or government regulation.
-We do not sell or lease user data.
6. User Rights
Depending on applicable law, users may:
-Access their personal information.
-Request correction of inaccurate or incomplete data.
-Request deletion of personal data (unless retention is required by law or FDA recordkeeping).
-Obtain a copy of their health data in a portable format.
-Requests can be submitted to: [Insert Privacy Contact Email/Address].
7. Security and Cybersecurity
We implement technical and organizational safeguards consistent with FDA guidance on medical device cybersecurity, including:
-Encryption of data in transit and at rest.
-Role-based access control and authentication.
-Continuous monitoring for unauthorized access or breaches.
-Regular software updates and patches.
8. Children’s Privacy
Our Software is not intended for children under 18 unless prescribed by a healthcare provider.
We do not knowingly collect information from children without parental or guardian consent.
9. Changes to This Policy
We may update this Privacy Policy to reflect changes in regulations, technology, or business practices. Updates will be posted in the Software and/or on our website, effective a new date.
10. Contact Information
For questions, concerns, or to exercise your privacy rights, please contact:
Privacy Officer
Medibyt Ltd.
GreenWork, Yakum, 6097200, Israel.
contact@medibyt.com
