Patient records
Patient records are retained for clinical, legal, regulatory and audit needs.
Legal & Compliance
Operational retention principles for DemyHealth records.
Last updated: June 19, 2026 Β· Policy version 2026-06-19
Patient records are retained for clinical, legal, regulatory and audit needs.
Lab request, sample and result data may be retained to support traceability and quality management.
DNA records require heightened confidentiality and retention periods should be configured after legal review.
Payment records are retained for accounting, tax, audit and dispute purposes.
Website enquiries are retained only as long as needed for response, CRM follow-up and compliance.
CRM leads should be reviewed and deleted or anonymised when no longer required.
Partner records are retained according to contract, consent, patient safety and regulatory needs.
Backups may retain data for a limited technical period before rotation or secure deletion.
DemyHealth should delete, anonymise or restrict data where applicable and lawful.
Deletion may be delayed where retention is required for legal claims, regulatory duties, audits, patient safety or fraud prevention. Exact periods are configurable placeholders requiring counsel confirmation.