Privacy overview¶
MedInsight processes personal and health-related data on behalf of clinical tenants.
Roles¶
| Role | MedInsight | Customer clinic |
|---|---|---|
| Controller | — | Tenant organization |
| Processor | MedInsight platform | — |
Lawful bases (GDPR Art. 6–9)¶
- Contract — providing the SaaS platform to the tenant
- Legitimate interest — security monitoring, fraud prevention
- Legal obligation — audit retention where required
- Special category data (Art. 9) — health data processed under tenant instruction with appropriate safeguards
152-FZ (Russia)¶
Personal data of Russian citizens is processed according to tenant configuration. Operators must register with Roskomnadzor where applicable. Cross-border transfers require legal assessment.
Data subjects¶
Patients, clinicians, and administrators. Rights: access, rectification, erasure, restriction, portability — see DSAR runbook.
Contact¶
Security and privacy inquiries: security@medinsight.local (configure for production).