Privacy Policy

How Doko Medical Inc. Protects Personal and Health Information

Effective Date: April 11, 2026

Doko Medical Inc. ("Doko," "we," "us," or "our") operates at www.doko.md. This Privacy Policy explains how we collect, use, disclose, and safeguard your information, including Protected Health Information (PHI) under HIPAA and its implementing regulations.

Contact Privacy Officer
Illustration representing privacy, compliance, and healthcare data protection

1. Information We Collect

We collect two main categories of information.

  • Personally Identifiable Information and Protected Health Information
    • Contact information, including name, email, phone number, and address.
    • Demographic details such as age and gender.
    • Medical and health information, including symptoms, medical history, diagnoses, treatment records, lab results, and imaging such as CT scans used for AI-PDAC analysis.
    • Insurance and payment information, including Medicare details.
    • Telehealth visit data, such as video or audio recordings when applicable, chat logs, and visit notes.
    • Account credentials and usage data.
  • Non-Personal Information
    • Usage data, cookies, IP address, browser type, and device information used for analytics and site improvement.

2. How We Use Your Information

We use and disclose PHI only as permitted or required by HIPAA and other applicable laws. We may use your information to:

  • Provide telehealth services, care coordination, and treatment.
  • Support billing and payment, including submission to Medicare, insurance carriers, or third-party payers.
  • Conduct healthcare operations such as quality improvement, care management, and AI model training, with de-identification used where possible.
  • Send appointment reminders, care updates, and service communications, including SMS with your consent.
  • Comply with legal obligations, public health requirements, or court orders.

We do not sell your PHI or personal information.

3. How We Share Your Information

We may share PHI only where needed to support care, operations, or legal compliance.

  • With our healthcare providers, staff, and contractors who require access to provide care, subject to the minimum necessary rule.
  • With Business Associates such as telehealth platforms, billing services, AI service providers, and electronic health record vendors that have signed HIPAA Business Associate Agreements.
  • With your other healthcare providers or insurers when authorized by you or otherwise permitted for treatment, payment, or healthcare operations.
  • When required by law, including public health reporting, abuse reporting, or valid law enforcement process.

We do not share PHI with third parties for marketing purposes.

4. Your Rights Under HIPAA

You have the following rights regarding your PHI:

  • Access: Request a copy of your medical records.
  • Amendment: Request corrections to inaccurate or incomplete information.
  • Accounting of Disclosures: Receive a list of certain disclosures of your PHI.
  • Restriction: Request restrictions on certain uses or disclosures, though we are not required to agree to every request.
  • Confidential Communications: Request communications through alternative means or locations.
  • Breach Notification: Be notified if your unsecured PHI is breached.
  • Revoke Authorization: Withdraw any authorization you previously gave, except where action has already been taken in reliance on it.

To exercise these rights, contact us using the information below. We will respond within the timeframes required by HIPAA, typically within 30 days.

5. Security Safeguards

We use administrative, physical, and technical safeguards designed to protect your PHI.

  • Encryption of data in transit using HTTPS/TLS and encryption at rest where applicable.
  • Access controls and role-based permissions so only authorized personnel can access sensitive information.
  • Secure telehealth platforms with end-to-end encryption where applicable.
  • Regular security risk assessments and HIPAA workforce training.
  • Business Associate Agreements with vendors that may handle PHI.
  • Incident response and breach notification procedures.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience. You can manage cookie preferences through your browser settings. We do not use tracking technologies for cross-site advertising involving PHI.

7. SMS Communications

By providing your phone number and opting in, you consent to receive SMS notifications related to appointments, care, and services. You may opt out at any time by replying STOP.

8. Links to Third-Party Sites

Our website may contain links to external websites. We are not responsible for the privacy practices or content of third-party sites.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any revised version will be posted on this page with an updated effective date. Continued use of our services after changes become effective constitutes acceptance of the revised policy.

10. Contact Us / Privacy Officer

If you have questions, concerns, or want to exercise your rights under this policy, contact:

Privacy Officer

Doko Medical Inc.

Email: support@doko.md

Phone: 1-888-910-DOKO (3656)

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated.