ConsultorioWeb Privacy Policy

How we handle data in our electronic medical records system.

Last Updated: January 26, 2026

Contents

Overview

ConsultorioWeb is an electronic medical records (EMR) system developed by Virtual Businesses Rodriguez Balma S.A. This privacy policy describes how we collect, use, and protect information when you use ConsultorioWeb.

We understand that medical data is highly sensitive. We are committed to protecting the privacy and confidentiality of all information stored in ConsultorioWeb with the highest security standards.

Data Controller

Virtual Businesses Rodriguez Balma S.A.

De la Embajada Americana 2 cuadras al Oeste, 4 al Norte y 1 al Este, San José, Costa Rica

Email: soporte@consultorioweb.com

Data We Collect

Healthcare Provider Account Information

When you create a ConsultorioWeb account, we collect:

  • Name and professional credentials
  • Email address and phone number
  • Practice name and address
  • Medical specialty
  • Account credentials (password stored encrypted)
Patient Data (Entered by Healthcare Providers)

Healthcare providers may enter patient information including:

  • Patient identification (name, date of birth, ID numbers)
  • Contact information
  • Medical history and diagnoses
  • Treatment plans and prescriptions
  • Lab results and diagnostic images
  • Appointment records
  • Growth charts and measurements (pediatric)
  • Clinical notes
Important: Healthcare providers using ConsultorioWeb are responsible for obtaining appropriate consent from their patients for the collection and storage of medical information, in accordance with applicable laws and professional standards.
Technical Data

We automatically collect:

  • Login timestamps and IP addresses
  • Browser and device information
  • Usage patterns (for service improvement)

How We Use Data

We use the data collected to:

  • Provide the Service: Enable healthcare providers to manage patient records, schedule appointments, and store medical information
  • Maintain Security: Protect accounts and detect unauthorized access
  • Provide Support: Respond to technical issues and support requests
  • Improve the Service: Analyze usage patterns to enhance features and performance
  • Send Communications: Deliver important service updates and security alerts

We do not:

  • Sell any user or patient data
  • Use patient data for advertising
  • Share data with third parties for marketing purposes
  • Access patient records except for technical support with explicit authorization

Data Storage and Location

All ConsultorioWeb data is stored on secure cloud infrastructure:

  • Cloud Provider: Microsoft Azure
  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Backups: Regular automated backups with redundancy
  • Access Controls: Strict role-based access controls

Data Sharing

We do not sell or share patient data with third parties.

We may share data only in the following limited circumstances:

  • Service Providers: With infrastructure providers (Microsoft Azure) under strict data processing agreements
  • Legal Requirements: When required by law or valid legal process
  • Protection: To protect the rights and safety of users or the public

Security Measures

We implement comprehensive security measures to protect medical data:

  • Industry-standard encryption algorithms (AES-256, TLS 1.2+)
  • Secure authentication and session management
  • Regular security audits and vulnerability assessments
  • Access logging and monitoring
  • Employee security training and background checks
  • Incident response procedures

For more details, see our Security page.

Your Rights

Healthcare Provider Rights

As a ConsultorioWeb user, you have the right to:

  • Access your account information
  • Update or correct your information
  • Export your data
  • Delete your account and all associated data
Patient Rights

Patients should contact their healthcare provider directly to:

  • Request access to their medical records
  • Request correction of their information
  • Request deletion of their records

Healthcare providers are responsible for responding to patient data requests in accordance with applicable laws and professional standards.

Data Retention

We retain data according to the following guidelines:

  • Active Accounts: Data is retained while the account is active
  • After Account Deletion: Data is permanently deleted within 30 days
  • Backups: Backup data is purged according to our backup rotation schedule (maximum 90 days)

Healthcare providers should maintain their own compliance with medical record retention requirements in their jurisdiction.

Account Deletion

You can request deletion of your ConsultorioWeb account and all associated data:

  1. Email soporte@consultorioweb.com
  2. Include "Account Deletion Request" in the subject line
  3. Provide the email address associated with your account
  4. We will verify your identity and process the request
Warning: Account deletion is permanent. All patient records, appointments, and data will be permanently deleted and cannot be recovered. Please ensure you have exported any necessary data before requesting deletion.

Deletion requests are processed within 30 days.

Contact Us

For privacy-related questions about ConsultorioWeb:

ConsultorioWeb Support

Email: soporte@consultorioweb.com

Phone: (+506) 7011-9100

Website: consultorioweb.com

For general privacy inquiries: info@vbrbsa.com