Privacy Policy

HealthPay, operated by the Ministry of Health, Federal Democratic Republic of Ethiopia, is committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you use our national healthcare payment system.

We collect the following types of information to provide and improve our services:

• Personal Information: Name, email address, phone number, and facility affiliation
• Healthcare Information: Patient details for payment processing, service records, and CBHI membership data
• Financial Information: Transaction history, payment records, and PRN details
• Technical Information: IP address, device type, browser information, and session data
• Usage Data: Login times, features accessed, and system interaction patterns

We use your personal information for the following purposes:

• Processing healthcare payments and generating Payment Reference Numbers (PRNs)
• Managing CBHI enrollments and premium collections
• Providing customer support and resolving transaction disputes
• Sending verification codes and security notifications
• Generating reports for healthcare facilities and government agencies
• Improving system performance and user experience
• Complying with legal and regulatory requirements

We may share your information with:

• Healthcare Facilities: To facilitate payment processing and service delivery
• Government Agencies: Ministry of Health and related regulatory bodies
• Financial Partners: Banks and payment processors for transaction completion
• Service Providers: Third parties who assist in system operation and maintenance
• Legal Authorities: When required by law or to protect rights and safety

We implement robust security measures to protect your information:

• Encryption: All data transmitted using 256-bit SSL encryption
• Two-Factor Authentication: Required for all user logins
• Access Controls: Role-based access limiting data visibility
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Staff education on data privacy and security
• Secure Infrastructure: Protected servers and backup systems

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your data where legally permissible
• Objection: Object to certain processing activities
• Portability: Request transfer of your data in a standard format

To exercise these rights, contact your facility administrator or our support team.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Healthcare and financial records are retained according to Ethiopian regulatory requirements.

For questions about this Privacy Policy or our data practices, please contact:

• Ministry of Health - Ethiopia
• Email: privacy@healthpay.gov.et
• Phone: +251 11 551 7011
• Address: Addis Ababa, Ethiopia