Frequently Asked Questions

DRMS is a health management system used by pharmacists and healthcare providers to manage patient records, health screenings, medications, appointment bookings, and clinical workflows. It is the core system your pharmacy uses to record and manage your health data.

This customer portal is the patient-facing extension of DRMS. When your pharmacist links your records to the portal, you can sign in to view your health screening results, appointment history, medications, and linked family members. All data displayed here is extracted from your pharmacy's DRMS system — the portal itself does not independently collect or store your health data.

You cannot create an account on your own. Contact your registered pharmacy directly and request portal access. Your pharmacist will create your account, verify your identity, and link your health records. Once your account is created, you will receive sign-in instructions.

Your pharmacist links your health records to your portal account from within their DRMS system. Only records the pharmacist chooses to link will be visible to you. You can ask your pharmacist to link additional records at any time, and you can review what is linked from your portal dashboard.

Screening link reports (also called DRMS Link) are time-limited, shareable reports that your pharmacist can generate for individual health screenings. These links let you view a specific report without signing in. A DRMS Link is valid for 3 days only, and the report data is deleted after this period. Do not share your screening link publicly.

We collect information you provide directly: your name, IC number, date of birth, contact details, and login credentials. Health screening results, medication records, and appointment data are extracted from your pharmacy's DRMS system when your pharmacist links your records. We also collect session data (login time, device type) to manage your account securely.

Your health data is used solely to provide you with access to your health records, enable appointment booking, and allow your healthcare provider to deliver personalised care. We do not sell or share your data with third parties for commercial purposes.

Yes. All data is encrypted in transit (HTTPS/TLS) and at rest. Access is restricted to authorised personnel only. Health data is stored within your pharmacy's DRMS system and displayed via secure API access. Our systems comply with applicable healthcare data protection standards.

Your IC number is classified as sensitive personal data under PDPA 2010. It is encrypted in transit and at rest, and access is strictly limited to authorised pharmacy staff for identity verification. When displayed on screen (e.g. linked patient lists), your IC number is partially masked to prevent unauthorised viewing. You should never share your IC number publicly.

Portal account data is retained for as long as your account is active, or up to 2 years after your last login if your account becomes inactive. Health records in your pharmacy's DRMS system are retained for a minimum of 7 years in accordance with the Private Healthcare Facilities and Services Act 1998 (PHFSA) and Malaysian healthcare regulations. DRMS Link (screening reports shared via link) data is deleted 3 days after the link is generated.

Your health data is processed by: (1) your registered pharmacy, who manages your records in DRMS; (2) Wistify Sdn. Bhd., who operates the DRMS platform and this customer portal; and (3) infrastructure providers who host and deliver the service (including content delivery networks for images and secure API endpoints). All data processors are contractually bound to protect your data in accordance with PDPA 2010. Your data is never sold or shared for marketing purposes.

Your data is primarily stored and processed within Malaysia. Where cloud infrastructure or technical services outside Malaysia are used, we ensure appropriate contractual safeguards and data protection measures are in place to protect your data in accordance with PDPA 2010.

Yes. Once your pharmacist has linked your records to your portal account, you can sign in and view all linked health screening results, medications, and appointments. If a record you expect to see is missing, ask your pharmacist to link it. If you believe any information is incorrect, you may request a correction (see below).

Under PDPA 2010, you have the right to make a Data Subject Access Request (DSAR) to obtain a copy of all personal data held about you. To make a DSAR, contact your pharmacy directly or email [email protected] with your full name, IC number, and a description of the data you need. The data controller (your pharmacy) is required to respond within a reasonable timeframe, typically 21 to 30 days.

No. All data access requests are provided free of charge. There are no fees for requesting your personal data, making corrections, or asking for deletion — regardless of how many times you request it.

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right under PDPA 2010 to request a correction. Contact your pharmacist or healthcare provider with details of the inaccuracy and any supporting documentation. They will review your records in DRMS and process your correction request within a reasonable timeframe.

You have the right to request deletion of your portal account and personal data. Note that certain health records in your pharmacy's DRMS system may be retained as required by law even after portal account deletion. Contact your pharmacist, healthcare provider, or email [email protected] to submit a deletion request.

Yes. You may withdraw consent for data processing at any time by contacting your pharmacist or healthcare provider. Withdrawal does not affect the lawfulness of processing carried out before your withdrawal. Please note that withdrawing consent may limit your ability to use certain features of this portal and may require your pharmacist to unlink your records.

For any data-related requests — access, correction, deletion, or complaints — please contact your registered pharmacy or email [email protected]. You may also lodge a complaint with the Personal Data Protection Department (JPDP) of Malaysia at www.pdp.gov.my.

By registering and using this portal, you consent to the collection and processing of your personal and health data as described in our Terms & Conditions and Privacy Policy. This includes your pharmacist linking your DRMS health records to your portal account so you can view them. Health data is classified as sensitive personal data under PDPA 2010 and receives heightened protection.

When you add a family member or dependent to your account, you confirm that you have the legal authority to consent on their behalf (e.g. as a parent or legal guardian). For children under 18, only a parent or legal guardian may provide consent and link their records. Your pharmacist must also link the dependent's records from DRMS before their data appears in your portal. Children's health records are subject to extended retention periods under PHFSA 1998 — until the child turns 25, or a minimum of 7 years, whichever is later. You are responsible for managing your dependents' data access appropriately.

Yes. Consent to our data processing practices is required to use this portal. Your pharmacist also provides consent on behalf of the pharmacy to link your records. You may review the full Terms & Conditions before agreeing. If you do not agree, you will not be able to create an account.

Use the 'Forgot password?' link on the login page. A reset link will be sent to your registered email or phone number. If you no longer have access to those, contact your pharmacy to verify your identity.

Only you and authorised staff at your registered pharmacy can access your data. Your pharmacist accesses your records through their DRMS system, not through your portal account. We recommend never sharing your login credentials. You can view and revoke active sessions from your account settings.

Change your password immediately and contact your pharmacy. You should also review your active sessions in account settings and revoke any unrecognised devices. Your pharmacist can audit access to your records through their DRMS system.

This portal uses essential session cookies to keep you signed in securely and to protect against unauthorised access. We do not use advertising cookies, behavioural tracking, or third-party analytics on the customer portal. Your session cookie is protected (HttpOnly, encrypted) and cannot be read by other websites. If analytics are enabled in the future, you will be asked for your explicit consent as required under PDPA 2010.

Screening link reports (DRMS Link) are valid for 3 days from the time your pharmacist generates them. After 3 days, the link expires and the report data is deleted. If you need continued access to a report, sign in to your portal account to view it — portal data remains available as long as your account is active and your pharmacist keeps the records linked.

In the event of a data breach involving your personal data, we will take immediate steps to contain and investigate the incident. Where the breach poses a risk to your rights and freedoms, we will notify you and the relevant authorities in accordance with PDPA 2010 and applicable data protection laws. Your pharmacy will also be notified. Please keep your contact details up to date so we can reach you if needed.