Dawa EMR holds people's medical records. That demands a higher standard of conduct than ordinary software. These rules apply to every user of the system — administrators, clinicians, and support staff alike.
1. Who may use Dawa EMR
- Only licensed healthcare facilities with a service agreement, and the staff accounts their administrator creates.
- Every account belongs to one named person. Sharing logins, borrowing a colleague's session, or letting anyone work under your name is prohibited — it destroys the audit trail that protects both patients and staff.
2. Patient data — access only what your work requires
- Open a patient's record only when your current duties require it — treating them, processing their bill, dispensing their prescription. Browsing records out of curiosity, or looking up friends, family, or public figures without a care reason, is a serious violation.
- Never copy patient data out of the system except through its official functions (printing, exports, reports) and only for legitimate facility purposes.
- Never disclose patient information to anyone not involved in that patient's care or the facility's lawful operations.
3. Prohibited conduct
You must not:
- attempt to access another facility's data, another user's account, or any part of the system your role does not permit;
- probe, scan, or test the system for vulnerabilities without our written permission (see section 5 for the right way);
- upload malware or any content designed to disrupt the service;
- scrape, harvest, or bulk-extract data outside the system's export functions;
- resell, sublicense, or provide access to Dawa EMR to any third party;
- use the system to commit or conceal any unlawful act, or to discriminate against or harass any person;
- enter false records or alter records to misrepresent care that was or was not given.
4. Account hygiene
- Keep your password secret; change it immediately if you suspect it is known to anyone else.
- Log out on shared devices. Administrators must deactivate accounts of staff who leave on their last working day.
- Report lost or stolen devices that were logged into Dawa EMR to your administrator immediately.
5. Found a security problem? Tell us — safely
If you discover a vulnerability, report it to dawaemr@med-yx.com with enough detail for us to reproduce it. Do not access more data than needed to demonstrate the issue, and do not disclose it publicly before we have had a reasonable chance to fix it. We are grateful for responsible reports and will not pursue good-faith reporters.
6. Enforcement
- Violations may lead to suspension of the account — or, for serious or facility-wide violations, suspension of the facility — with notice to the facility's administrator.
- Unlawful access to medical records may also carry personal legal consequences under applicable law, independent of anything we do.
- Because every action in Dawa EMR is audited, investigations rely on the system's own tamper-proof log.
7. Questions
Unsure whether something is allowed? Ask first: dawaemr@med-yx.com.