● Legal

Usage Policy

Last updated: 6 July 2026 · Part of the Terms of Service

Dawa EMR holds people's medical records. That demands a higher standard of conduct than ordinary software. These rules apply to every user of the system — administrators, clinicians, and support staff alike.

1. Who may use Dawa EMR

  • Only licensed healthcare facilities with a service agreement, and the staff accounts their administrator creates.
  • Every account belongs to one named person. Sharing logins, borrowing a colleague's session, or letting anyone work under your name is prohibited — it destroys the audit trail that protects both patients and staff.

2. Patient data — access only what your work requires

  • Open a patient's record only when your current duties require it — treating them, processing their bill, dispensing their prescription. Browsing records out of curiosity, or looking up friends, family, or public figures without a care reason, is a serious violation.
  • Never copy patient data out of the system except through its official functions (printing, exports, reports) and only for legitimate facility purposes.
  • Never disclose patient information to anyone not involved in that patient's care or the facility's lawful operations.

3. Prohibited conduct

You must not:

  • attempt to access another facility's data, another user's account, or any part of the system your role does not permit;
  • probe, scan, or test the system for vulnerabilities without our written permission (see section 5 for the right way);
  • upload malware or any content designed to disrupt the service;
  • scrape, harvest, or bulk-extract data outside the system's export functions;
  • resell, sublicense, or provide access to Dawa EMR to any third party;
  • use the system to commit or conceal any unlawful act, or to discriminate against or harass any person;
  • enter false records or alter records to misrepresent care that was or was not given.

4. Account hygiene

  • Keep your password secret; change it immediately if you suspect it is known to anyone else.
  • Log out on shared devices. Administrators must deactivate accounts of staff who leave on their last working day.
  • Report lost or stolen devices that were logged into Dawa EMR to your administrator immediately.

5. Found a security problem? Tell us — safely

If you discover a vulnerability, report it to dawaemr@med-yx.com with enough detail for us to reproduce it. Do not access more data than needed to demonstrate the issue, and do not disclose it publicly before we have had a reasonable chance to fix it. We are grateful for responsible reports and will not pursue good-faith reporters.

6. Enforcement

  • Violations may lead to suspension of the account — or, for serious or facility-wide violations, suspension of the facility — with notice to the facility's administrator.
  • Unlawful access to medical records may also carry personal legal consequences under applicable law, independent of anything we do.
  • Because every action in Dawa EMR is audited, investigations rely on the system's own tamper-proof log.

7. Questions

Unsure whether something is allowed? Ask first: dawaemr@med-yx.com.