Get Started with Your Recovery!

Privacy Policy

1.1.  PURPOSE

Fine Motion Physiotherapy Center LTD. (“Fine Motion”) is committed to protecting privacy, confidentiality, integrity, and security of patient information. This Privacy Policy explains how personal and health information is collected, used, stored, disclosed, and protected in accordance with:

  • The Constitution of Kenya (2010)
  • The Data Protection Act, 2019 (Kenya)
  • The Health Act, 2017
  • Social Health Authority (SHA) requirements
  • Professional healthcare confidentiality standards
  • Applicable insurance and regulatory requirements

Fine Motion recognizes that patient health information is sensitive personal data and shall be treated with the highest level of confidentiality.

2.       SCOPE

This policy applies to:

  • All employees
  • Physiotherapists
  • Assistants
  • Reception staff
  • Contractors
  • Interns
  • Volunteers
  • Third-party service providers

This policy applies to all patient information maintained in:

  • Electronic records
  • Paper records
  • Photographs
  • Videos
  • Emails
  • Billing systems
  • Cliniko practice management software
  • Insurance claim systems

3.       DEFINITIONS

Personal Data: Information that identifies an individual, including:

  • Name
  • National ID Number
  • Passport Number
  • Phone Number
  • Email Address
  • Physical Address

Sensitive Personal Data: Includes:

  • Medical history
  • Diagnosis
  • Treatment records
  • Insurance information
  • Biometric information
  • Disability information

Data Subject: The patient whose information is being collected.

4.       INFORMATION WE COLLECT

Fine Motion may collect:

Patient Identification Information

  • Full name Date of birth
  • Gender
  • National ID/Passport Number
  • Contact details
  • Emergency contact information

Medical Information

  • Medical history
  • Current diagnosis
  • ICD-11 diagnosis codes
  • Treatment plans
  • Assessment findings
  • Progress notes
  • Rehabilitation records
  • Referral information

Insurance Information

  • SHA Number
  • Insurance Membership Number
  • Authorization Number
  • Claims Information

Financial Information

  • Invoices
  • Payment records
  • Outstanding balances

5.       PURPOSE OF DATA COLLECTION

Patient information is collected for:

Clinical Care

  • Assessing conditions
  • Developing treatment plans
  • Monitoring patient progress
  • Coordinating care

Administrative Operations

  • Appointment scheduling
  • Billing
  • Record management
  • Communication

Insurance Claims

  • SHA submissions
  • Insurance pre-authorizations
  • Claims processing
  • Reimbursement activities

Legal and Regulatory Compliance

  • Licensing requirements
  • Regulatory reporting
  • Audit requirements

6.       CONSENT

Fine Motion shall obtain patient consent before:

  • Collecting personal information
  • Providing treatment
  • Sharing information with insurers
  • Using photographs or videos
  • Marketing communications

Patients may withdraw consent at any time, subject to legal and clinical requirements.

7.       USE OF PATIENT INFORMATION

Patient information shall only be used for:

  • Treatment purposes
  • Healthcare operations
  • Billing and claims
  • Legal compliance
  • Quality improvement activities

Information shall not be sold or disclosed for commercial purposes.

8.       DISCLOSURE OF INFORMATION

Patient information may be disclosed only to:

Authorized Healthcare Providers for continuity of care.

Insurance Companies for claims processing and payment, Including:

  • SHA
  • AAR Insurance
  •  Jubilee Insurance
  • Britam
  • CIC
  • APA
  • Other authorized insurers

Regulatory Authorities, when legally required.

Legal Authorities, pursuant to lawful court orders or legal obligations.

9.       DATA SECURITY

Fine Motion shall implement appropriate safeguards including:

Physical Security

  • Locked filing cabinets
  • Controlled facility access
  • Visitor management procedures

Electronic Security

  • Password-protected systems
  • User access controls
  • Encrypted communications where feasible
  • Secure cloud-based systems

Cliniko Security

Patient information stored within Cliniko shall be protected through:

  • Role-based permissions
  • Secure user authentication
  • Audit logs
  • Vendor-provided security controls

10.  RECORD RETENTION

Patient records shall be retained in accordance with Kenyan legal and professional requirements.

Minimum retention periods:

Record Type                                  Retention Period              

Adult Medical Records            Minimum 7 Years                

Pediatric Records                      Until Age of Majority + 7 Years

Billing Records                            7 Years                        

Insurance Claims                      7 Years                        

Incident Reports                        7 Years                         |

Records may be retained longer where required by law.

11.  PATIENT RIGHTS

Patients have the right to:

Access: Request access to their records.

Correction: Request correction of inaccurate information.

Restriction: Request restrictions on processing where legally permissible.

Data Portability: Request copies of records in a usable format.

Complaint: File complaints regarding misuse of personal information.

12.  PHOTOGRAPHY AND VIDEO RECORDING

Photographs or videos shall only be taken:

  • For clinical documentation
  • Treatment monitoring
  • Educational purposes

Written patient consent must be obtained before use. Photographs shall not be used in marketing materials without explicit written authorization.

13.  WEBSITE PRIVACY

Fine Motion may collect website information including:

  • Website usage statistics
  • Contact form submissions
  • Appointment requests

Website information shall only be used for operational and communication purposes.

14.  DATA BREACH MANAGEMENT

Any suspected data breach shall be:

  • Reported immediately to management.
  • Investigated promptly.
  • Contained and mitigated.
  • Reported to appropriate authorities where required.
  • Communicated to affected individuals when legally required.

15.  STAFF CONFIDENTIALITY

All personnel shall:

  • Sign confidentiality agreements.
  • Complete privacy training.
  • Protect patient information.
  • Report suspected breaches.

Unauthorized disclosure of patient information may result in disciplinary action, termination, legal action, or regulatory penalties.

16.  CONTACT INFORMATION

Fine Motion Physiotherapy Center LTD.

Corner Square Plaza, 2nd Floor

Kajiado Kaputiei North 6633

Kitengela, Kenya

Phone: 0141385188

Email: info@fm4physio.com

Website: fm4physio.com

For privacy-related questions, requests, or complaints, please contact the Clinic Manager or Data Protection Officer.

17.  POLICY REVIEW

This Privacy Policy shall be reviewed annually or whenever there are significant changes in:

  • Applicable laws
  • Regulatory requirements
  • Clinic operations
  • Information systems
  • Data processing activities

Approved By: ___________________________

Signature: ___________________________     Date: ___________________________

This policy is suitable for a Kenyan physiotherapy clinic and aligns with the Kenya Data Protection Act, 2019, SHA claim processing requirements, and standard healthcare confidentiality practices.