Compliance
Compliance is in-band, not paperwork on the side.
Every regulatory obligation maps to a product surface that enforces it. Audit trail, controlled-meds register, NDPA consent — all live in the schema.
Regulatory posture
- CAC — Incorporation, share capital, beneficial ownership
- MDCN — Doctor licensing; telemedicine same-standard-of-care
- PCN — E-Pharmacy Regulations 2026, Superintendent Pharmacist, PCN logo, NG-only fulfillment
- NAFDAC — Controlled Meds Regulations 2021; NAFDAC-registered SKUs; serialized stock
- NDPC — NDPA 2023 + GAID 2025; DPO, audit returns, breach plan
- NHIA — Partner with NHIA-accredited HMOs for B2B2C
- HEFAMAA — Lagos State facility accreditation (where applicable)
Data Protection (NDPA 2023)
MedPlus is registered as a data controller. We've appointed a Data Protection Officer reachable at [email protected]. Health data is treated as sensitive personal data. We file annual NDPC audit returns and run a 72-hour breach notification workflow.
What patients can do
- Request a full export of your medical timeline and account data.
- Request deletion of data we are not legally required to retain.
- Withdraw consent to specific processing (e.g. telemed recording).
- Raise a complaint with the NDPC if you believe your rights have been violated.
Audit log
Every action that touches health data — bookings, consultations, prescriptions, dispenses, deliveries — is logged with the actor, role, action, purpose (lawful basis), and timestamp. The log is queryable by our compliance team and available to regulators on request.