1. Purpose
This policy explains the intended handling of information submitted through the Phoenix Hospital website. It must be reviewed and approved before public launch.
2. Information requested
Appointment and contact forms request only basic identity, contact and scheduling information. Patients should not upload or include medical records, government identification or unnecessary sensitive details.
3. How information is used
Submitted information should be used only to respond to enquiries, coordinate appointment requests and provide requested hospital information.
4. Form delivery
The static website package requires a secure, hospital-approved form endpoint to be configured. Until that endpoint is connected, users are directed to call the hospital and form data is not represented as delivered.
5. Sharing and retention
Phoenix Hospital must define approved processors, lawful retention periods, access controls and deletion procedures before enabling online submissions. Patient information must never be exposed publicly.
6. Security
The production site should use HTTPS, input validation, spam controls, least-privilege access, secure secrets and monitored form delivery.
7. Your choices
Users may choose to call 7439006890 instead of submitting an online form. Requests regarding submitted information should be directed to the hospital using its verified contact channel.
8. Updates
This draft should show an effective date and change history after legal approval.
Hospital and qualified legal review required before launch.