{"id":3075,"date":"2026-03-24T08:39:42","date_gmt":"2026-03-24T08:39:42","guid":{"rendered":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/?p=3075"},"modified":"2026-04-13T11:56:51","modified_gmt":"2026-04-13T11:56:51","slug":"kivicare-gdpr-integration","status":"publish","type":"post","link":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/kivicare-pro\/documentation\/advanced-feature-pro\/kivicare-gdpr-integration\/","title":{"rendered":"KiviCare GDPR Integration"},"content":{"rendered":"
\n

1. Overview<\/strong><\/h2>\n\n\n\n

KiviCare’s GDPR (General Data Protection Regulation) functionality is designed to help clinics and healthcare providers comply with data protection laws. It offers comprehensive tools for managing patient consent, maintaining a detailed audit trail of data-related activities, and supporting data subject rights requests.<\/p>\n\n\n\n

The GDPR module is integrated into the KiviCare ecosystem to ensure accountability, transparency, and regulatory compliance when handling sensitive patient health data.<\/p>\n\n\n\n

2. Core Features<\/strong><\/h2>\n\n\n\n
    \n
  • Consent Management<\/strong>: Enables clinics to obtain, record, and manage patient consent for various data processing activities.<\/li>\n\n\n\n
  • Audit Trail<\/strong>: Provides a secure and comprehensive log of all GDPR-relevant actions, including data access, creation, modification, and deletion.<\/li>\n\n\n\n
  • Data Subject Rights Support<\/strong>: Assists clinics in responding efficiently to patient requests such as the right to access their data and the right to be forgotten (data erasure).<\/li>\n<\/ul>\n\n\n\n

    3. Consent Management<\/strong><\/h2>\n\n\n\n

    3.1. Consent Configuration<\/strong><\/h4>\n\n\n\n

    Clinics can configure GDPR consent settings directly from the KiviCare dashboard. Key configuration options include:<\/p>\n\n\n\n

      \n
    • Enabling or disabling the GDPR module.<\/li>\n\n\n\n
    • Setting and updating the consent version number.<\/li>\n\n\n\n
    • Providing links to the clinic\u2019s Privacy Policy and Terms of Service.<\/li>\n\n\n\n
    • Defining which types of consent are mandatory for patients.<\/li>\n<\/ul>\n\n\n\n

      3.2. Patient Consent Process<\/strong><\/h4>\n\n\n\n

      During new patient registration, the system prompts patients to review and provide consent according to the clinic\u2019s configured settings. All consents are recorded securely.<\/p>\n\n\n\n

      3.3. Re-consent Mechanism<\/strong><\/h4>\n\n\n\n

      When a clinic updates its privacy policy, terms of service, or other consent-related documents, the consent version can be incremented. This automatically triggers a re-consent request for existing patients, ensuring they review and agree to the latest terms before continuing to use the system.<\/p>\n\n\n\n

      \"\"<\/figure>\n\n\n\n

      4. Audit Trail<\/strong><\/h2>\n\n\n\n

      KiviCare employs a high-security logging service that records activities based on user-defined sensitivity levels.<\/p>\n\n\n\n

      The GDPR audit trail is a chronological record of all activities involving personal data. It plays a critical role in demonstrating compliance, investigating incidents, and maintaining accountability.<\/p>\n\n\n\n

      4.1.  Activity Log Modes<\/strong><\/h4>\n\n\n\n
        \n
      • Disabled<\/strong>: No logging (Not recommended for compliance).<\/li>\n\n\n\n
      • Preview<\/strong>: Logs basic CRUD actions and Authentication.<\/li>\n\n\n\n
      • Significant Events<\/strong>: (Recommended) Records mutations (Create\/Update\/Delete) and Security Incidents<\/strong>, but skips passive “Viewing” to save server space.<\/li>\n\n\n\n
      • All Events<\/strong>: Forensic-level logging of every single interaction, including every time a record is opened.<\/li>\n<\/ul>\n\n\n\n

        4.2. Logged Activities<\/strong><\/h4>\n\n\n\n

        The following categories of events are automatically recorded:<\/p>\n\n\n\n

        Patient Data Activities<\/strong><\/p>\n\n\n\n

          \n
        • Creation of a new patient record<\/li>\n\n\n\n
        • Viewing\/accessing a patient\u2019s record<\/li>\n\n\n\n
        • Updating patient information<\/li>\n\n\n\n
        • Deleting a patient record<\/li>\n<\/ul>\n\n\n\n

          Authentication Events<\/strong><\/p>\n\n\n\n

            \n
          • Successful user login<\/li>\n\n\n\n
          • User logout<\/li>\n\n\n\n
          • Failed login attempts<\/li>\n<\/ul>\n\n\n\n

            Appointment Activities<\/strong><\/p>\n\n\n\n

              \n
            • Creation of a new appointment<\/li>\n\n\n\n
            • Viewing an appointment<\/li>\n\n\n\n
            • Updating an appointment<\/li>\n\n\n\n
            • Deleting an appointment<\/li>\n<\/ul>\n\n\n\n

              4.3. Viewing the Audit Trail<\/strong><\/h4>\n\n\n\n

              Clinic administrators can access the audit trail through the KiviCare dashboard. The interface supports filtering, searching, and exporting logs for easy review and reporting.<\/p>\n\n\n\n

              \"\"<\/figure>\n\n\n\n

              5.Managing Data Subject Rights<\/strong><\/h2>\n\n\n\n

              GDPR grants patients the right to access their data and the right to have it completely erased. KiviCare manages these requests through a secure, multi-step verification process.<\/p>\n\n\n\n

              Processing Data Export Requests (Right to Access)<\/strong><\/h4>\n\n\n\n
                \n
              1. Patient Request:<\/strong> The patient logs into their KiviCare profile and clicks Export Personal Data<\/strong>. The system sends them a verification email.<\/li>\n\n\n\n
              2. Patient Verification:<\/strong> The patient opens the email and clicks the secure link to confirm they are the account owner. The request is now marked as “Confirmed.”<\/li>\n\n\n\n
              3. Admin Generation:<\/strong> The Clinic Administrator goes to Tools<\/strong> > Export Personal Data<\/strong> in the WordPress backend, locates the confirmed request, and clicks Send Export Link<\/strong>.<\/li>\n\n\n\n
              4. Data Delivery:<\/strong> The system compiles the patient’s profile, appointment, and billing data into a secure ZIP file and automatically emails the patient a temporary download link.<\/li>\n<\/ol>\n\n\n\n
                \"\"<\/figure>\n\n\n\n
                \"\"<\/figure>\n\n\n\n
                \"\"<\/figure>\n\n\n\n

                Processing Data Erasure Requests (Right to Be Forgotten)<\/strong><\/h4>\n\n\n\n
                  \n
                1. Patient Request:<\/strong> The patient logs into their KiviCare profile and clicks the Request Account Deletion<\/strong> button.<\/li>\n\n\n\n
                2. Immediate Data Scrubbing:<\/strong> The system instantly and permanently deletes the user account and scrubs all personal identifiers from associated appointments and medical records. This action happens immediately upon the patient’s request, requiring no email verification or administrator approval.<\/li>\n<\/ol>\n\n\n\n
                  \"\"<\/figure>\n\n\n\n

                  6. Setup and Configuration<\/strong><\/h2>\n\n\n\n

                  Follow these steps to enable and configure the GDPR functionality in KiviCare:<\/p>\n\n\n\n

                    \n
                  1. Access KiviCare Settings<\/strong>
                    Log in to your WordPress dashboard and navigate to the KiviCare settings area.<\/li>\n\n\n\n
                  2. Enable the GDPR Module<\/strong>
                    In the Modules or Add-ons section, activate the GDPR feature.<\/li>\n\n\n\n
                  3. Configure Consent Settings<\/strong>
                    Go to the GDPR Consent settings page and configure the following:\n
                      \n
                    • Enable GDPR compliance<\/li>\n\n\n\n
                    • Set the current consent version (e.g., 1.0, 1.1)<\/li>\n\n\n\n
                    • Enter the Privacy Policy URL<\/li>\n\n\n\n
                    • Enter the Terms of Service URL<\/li>\n\n\n\n
                    • Select mandatory consent types<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                    • Configure Activity Log Settings<\/strong>
                      Navigate to the GDPR & Activity Log settings page to define log retention periods and select specific events to track.<\/li>\n\n\n\n
                    • Save All Changes<\/strong>
                      Ensure all settings are saved to activate the configured GDPR features.<\/li>\n<\/ol>\n\n\n\n
                      \"\"<\/figure>\n\n\n\n

                      7. Best Practices for GDPR Compliance with KiviCare<\/strong><\/h2>\n\n\n\n
                        \n
                      • Regularly review and update consent versions when policies change.<\/li>\n\n\n\n
                      • Monitor the audit trail periodically for unusual activity.<\/li>\n\n\n\n
                      • Document all data subject requests and how they were handled.<\/li>\n\n\n\n
                      • Ensure privacy policy and terms of service links are always up-to-date.<\/li>\n\n\n\n
                      • Train staff on using the GDPR tools within the KiviCare dashboard.<\/li>\n<\/ul>\n<\/div>","protected":false},"excerpt":{"rendered":"

                        1. Overview KiviCare’s GDPR (General Data Protection Regulation) functionality is designed to help clinics and healthcare providers comply with data protection laws. It offers comprehensive tools for managing patient consent, maintaining a detailed audit trail of data-related activities, and supporting data subject rights requests. The GDPR module is integrated into the KiviCare ecosystem to ensure […]<\/p>\n","protected":false},"author":12,"featured_media":0,"parent":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,51],"tags":[],"class_list":["post-3075","post","type-post","status-publish","format-standard","hentry","category-kivicare-pro","category-advanced-feature-pro"],"featured_image_src":null,"author_info":{"display_name":"wordpressadminiq","author_link":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/author\/wordpressadminiq\/"},"_links":{"self":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts\/3075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/comments?post=3075"}],"version-history":[{"count":13,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts\/3075\/revisions"}],"predecessor-version":[{"id":3178,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/posts\/3075\/revisions\/3178"}],"wp:attachment":[{"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/media?parent=3075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/categories?post=3075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/documentation.iqonic.design\/kivicare-wordpress\/wp-json\/wp\/v2\/tags?post=3075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}