Privacy Policy
Last updated · January 2026
Gratirad, a Graticare service, is committed to protecting the privacy and security of the information entrusted to us by healthcare providers and the patients they serve.
1 · Scope
This policy applies to our teleradiology, PACS and speech-to-text reporting services, our website, and any related applications. By using our services you agree to the practices described here.
2 · Information We Collect
- Account information — names, roles, facility details and contact information of the staff who administer or use the platform.
- Usage data — log records, device and browser information, and interactions used to operate and secure the service.
- Clinical data — DICOM images, study metadata and report content processed on behalf of our healthcare partners.
3 · Protected Health Information
We process Protected Health Information (PHI) only as a service provider to our healthcare partners and in accordance with HIPAA and applicable data-protection laws. PHI is handled strictly to deliver, support and secure the radiology workflow — never sold or used for advertising.
4 · How We Use Information
- To transmit, store, interpret and deliver radiology studies and reports.
- To authenticate users, maintain audit trails and prevent misuse.
- To improve diagnostic tooling, turnaround and reliability of the platform.
- To communicate about service, support and account matters.
5 · Data Security
Our information-security management system is certified to ISO/IEC 27001:2022. Data is encrypted in transit and at rest, access is role-based and logged, and our entire workflow — from image transfer to final report delivery — follows HIPAA guidelines. We operate on Microsoft Azure infrastructure with continuous monitoring.
6 · Retention
Imaging and report data are retained according to the storage terms of your plan and the instructions of the originating healthcare partner. Standard plans include 10 days of image storage, with extended retention available. We delete or de-identify data when it is no longer required for the contracted purpose or by law.
7 · Your Rights
Patients should direct requests regarding their health records to the healthcare provider that ordered the study, who is the controller of that information. Where we act as controller of account data, you may request access, correction or deletion subject to legal and contractual obligations.
8 · Contact
Questions about this policy can be sent to sales@graticare.com or by post to 4th Floor, Rukmini Tower, Harmu Road, Near Ratu Road Chowk, Ranchi, Jharkhand 834001, India.