Information Security & Confidentiality Policy

CureSureMedico is committed to safeguarding the confidentiality, integrity, and availability of information entrusted to us by patients, hospitals, healthcare providers, business partners, employees, and website users.

This Information Security & Confidentiality Policy establishes our commitment to protecting information assets and maintaining appropriate security controls across our operations, systems, and services.

This Policy applies to:

• CureSureMedico employees and consultants
• Contractors and service providers
• Technology partners
• Hospital and healthcare collaboration activities
• Patient-related information processed through our systems
• Company-owned digital and physical information assets

The Policy covers both electronic and physical information handled by CureSureMedico.

CureSureMedico follows the following core security principles:

Confidentiality

Information shall be accessible only to authorized individuals who require access for legitimate business or healthcare-related purposes.

Integrity

Information shall be protected against unauthorized modification, alteration, or destruction.

Availability

Information and services shall remain available to authorized users when required for legitimate operational purposes.

CureSureMedico recognizes that patient information and healthcare-related records require enhanced protection.

We implement reasonable safeguards to protect:

• Medical records
• Diagnostic reports
• Treatment-related information
• Patient identification information
• Hospital and partner information
• Business-sensitive information
• Contractual and commercial records

Access to such information is limited to authorized personnel and approved business partners on a need-to-know basis.

Access to information systems and data is granted based on business requirements and job responsibilities.

CureSureMedico may implement:

• User authentication controls
• Password protection measures
• Role-based access controls
• Access reviews and monitoring
• Account management procedures

Access rights may be modified, suspended, or revoked whenever necessary to maintain security.

Employees, consultants, contractors, and authorized partners who have access to confidential information are expected to:

• Maintain strict confidentiality
• Use information only for authorized purposes
• Prevent unauthorized disclosure
• Protect patient privacy
• Comply with applicable contractual and legal obligations

Confidential information shall not be disclosed unless:

• Authorized by the information owner
• Required for legitimate service delivery
• Required by law, regulation, or governmental authority

Information shall be handled responsibly throughout its lifecycle.

Reasonable measures may include:

• Secure storage of records
• Controlled access to information
• Secure transmission of sensitive information
• Data backup procedures
• Secure disposal of obsolete records

Where appropriate, sensitive information may be encrypted or protected through additional security mechanisms.

CureSureMedico may engage hospitals, healthcare providers, technology vendors, consultants, and other third parties as part of service delivery.

Where personal, medical, or confidential information is shared, reasonable efforts are made to ensure that third parties:

• Maintain confidentiality obligations
• Implement appropriate security controls
• Use information only for authorized purposes
• Comply with applicable contractual commitments

Any suspected or actual security incident, unauthorized access, data loss, confidentiality breach, or misuse of information should be reported promptly to the appropriate internal authority.

CureSureMedico may take appropriate measures to:

• Investigate incidents
• Mitigate potential impact
• Restore affected services
• Improve security controls
• Fulfill applicable legal or contractual obligations

CureSureMedico strives to maintain operational resilience through reasonable business continuity practices.

These may include:

• Data backup procedures
• System recovery mechanisms
• Alternative communication arrangements
• Operational contingency planning

The objective is to minimize disruption and support continuity of essential services.

Information security is a shared responsibility.

Personnel are expected to:

• Follow company security procedures
• Protect credentials and passwords
• Report security concerns promptly
• Avoid unauthorized disclosure of information
• Use company systems responsibly

Failure to comply with applicable security requirements may result in disciplinary or contractual action where appropriate.

CureSureMedico seeks to maintain information security practices consistent with applicable legal, regulatory, contractual, and industry requirements.

Security controls, procedures, and practices may be periodically reviewed and enhanced to address evolving operational, technological, and regulatory requirements.

While CureSureMedico implements reasonable safeguards to protect information, no method of electronic storage, communication, or transmission can be guaranteed to be completely secure.

Users acknowledge and accept the inherent risks associated with digital communications and information exchange.