Data Privacy & Security at Practo

Healthcare is highly personal. More so than many other industries. The information is sensitive, confidential and more personal than perhaps even financial information.

At Practo we take data security and privacy extremely seriously and use some of the world’s best and most advanced security systems and processes to ensure the data is safe, secure and private for both our consumers as well as for providers who are using our software systems. In fact, Practo is a member of the Digital Security Council of India to help establish best practices, standards and initiatives in cyber security and privacy.

For Practo Ray, our software for clinics, these are few of our many security features that ensure security and privacy of the clinic data such that only the doctor or someone authorized by the doctor can access the data and no one else, not even Practo, can access this information.

  1. HIPAA Compliance: All your Ray data is stored in HIPAA compliant servers ensuring industry standard consent architecture and privacy policies.
  1. Encryption: All your Ray data is encrypted with 256bit encryption. Data is encrypted during transit and rest ensuring that only the sender and the authorised receiver can access it.
  1. Two Factor: We have implemented 2-factor authentication to ensure we can doubly verify the identity of the person accessing the information and only give access to the doctor.
  1. Access Zones: We have implemented access zones that prohibit access to information from locations not specified by the user. This ensures that even if the authentication information leaks, access can only happen from the physical locations specified by the user.
  1. Role Based Profiles: A doctor/clinic owner can set up different profiles for their staff with different levels of information access. This ensures that only the doctor has access to the patient files while the staff access is restricted to the clinic operations rather than the patient information.

These and many more features ensure that only the doctor and their authorised staff can access data generated by the clinic and no one else, not even Practo has access to this information.

We hope this helps you better understand the security features available to you via Practo Ray. If you need help to understand more, please do reach out to us.

  1. Can Practo access my patient information?
    • All data created by you or your staff is encrypted and accessible only by you and your authorised staff. No one has access to this data as it is completely encrypted and only accessible via your login details. Not even Practo can access this information.
  2. What all data is encrypted and protected by Practo.
    • All medical information, including reports, prescriptions as well as personally identifiable information of the Patient is encrypted and securely stored by Practo.
  1. Will Practo use my patient data to market to my patients?
    • Practo systems are designed to only allow the doctor and his authorised staff to have access to the data. Practo cannot access this information at any point as it is encrypted while stored as well as during transmission
  1. How do you segregate between a Practo consumer and my patient?
    • Practo Consumer: Any consumer who downloads our app or visits to book an appointment or use any of our other services is a Practo consumer. Practo terms of service allow Practo to contact and market to this consumer if he gives us permission to do so. Additionally the consumer has to give us his contact information only then can we contact him in any way.
    • Ray Patient of the clinic: Any consumer who books an appointment directly by calling the clinic or the doctor (even if the doctor then puts the appointment in his/her Ray calendar) is considered a Ray patient of the clinic. Practo does not have access to any information about this patient and therefore cannot and does not market to these patients using this information.
  1. Then why do some of my patients get SMS and marketing messages from Practo?
    • The only way this can happen is if your patient also, independently, visits and books an appointment through the app or uses any of the other consumer services offered on our website or app and gives us his permission to contact him – only then can Practo reach out to him/her. 
  1. Can you exclude my patients from receiving messages even if they come and use the services?
    • No, unfortunately, we cannot. Since we do not have access to your patient data stored inside Ray, we cannot identify which patients on are your Ray patients and which ones are not.
  2. What about your new medicine delivery business? Are you using my patient prescription to sell them medicines?
    • Not at all. Practo does not have access to the prescription created in Ray. Practo also does not have access to this prescription even if you share it with the patient. Only the doctor, his/her authorised staff or the patient has access to the prescription.
    • However, patients can log-in to the Practo app themselves and order medicines if they want. Do note that this service is currently available in Bangalore only.

We hope this provides more clarity around the steps taken by us and the features we have built into our systems to ensure security and privacy of your and your patient’s data. If you would like to know more about these, please reach out to us.

Team Practo


Practo is on a mission to make quality healthcare affordable and accessible for over a billion+ Indians. India’s leading integrated healthcare company it connects the entire healthcare ecosystem together – including patients, doctors, surgeons, clinics, hospitals, pharmacies, and diagnostics – to generate exceptional value and service for all, especially the end consumers.

As technology becomes an integral part of healthcare, Practo has also become an essential enabler in helping doctors understand the nuances of managing and securely storing all health data. Practo encrypts all data with 256-bit encryption, uses HIPAA-compliant data centers, and is one of the few healthcare companies to be ISO 27001 certified. Practo is present in 20+ countries, helping over 30 crore patients, by connecting them with 1 lakh+ verified doctor partners.

Recommended Articles

Leave a Reply

Your email address will not be published. Required fields are marked *