How MOVO-X handles patient data, what laws we comply with, who our subprocessors are, and how Malaysian patients can exercise their rights under PDPA 2010.
Compliance Status
✅
PDPA 2010 (Personal Data Protection Act)
Data User registration filed. Consent management, data subject access, breach notification < 72h to PDPC Malaysia.
Compliant
✅
PHFSA 1998 (Private Healthcare Facilities and Services Act)
Clinical data handling follows KKM requirements for MOH-licensed private hospitals.
Compliant
✅
MOH Healthcare IT Guidelines
Architecture follows KKM Digital Health Framework for healthcare IT systems.
Compliant
⏳
ISO 27001:2022
Gap assessment completed May 2026. Target certification Q4 2026 on enterprise tier.
MOVO-X Malaysia has a named Data Protection Officer on file per PDPA 2010 requirements. The DPO oversees all data processing activities, PDPA 2010 compliance programme, and regulatory engagement with PDPC Malaysia.
In the event of a confirmed personal data breach: PDPC Malaysia notified within 72 hours. Affected patients notified within 7 days. Full incident report provided to enterprise customers within 14 days. Audit logs preserved for investigation.