Your Privacy Matters

1. Introduction

Welcome to HealthSync ("we," "our," or "us"), located at 10900 Research Blvd, Austin, TX 78759, United States. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered healthcare automation platform and services.

2. Information We Collect

2.1 Personal Information

• Name and contact information
• Professional credentials and healthcare facility information
• Login credentials and authentication data
• Payment and billing information
• Usage data and platform analytics
• Communications, support requests, and feedback

2.2 Protected Health Information (PHI)

When acting as a Business Associate under HIPAA, we may process PHI on behalf of covered entities, including:

• Patient demographic information
• Medical record data processed by our AI agents
• Healthcare transaction data
• Voice recordings and transcriptions from patient interactions

2.3 Automatically Collected Information

• IP addresses and device identifiers
• Browser type and operating system
• Healthcare system integration logs
• Platform usage patterns and performance metrics
• Cookies and similar tracking technologies
• Security and audit logs

3. How We Use Your Information

3.1 Healthcare Services

• Provide AI-powered healthcare automation and agent services
• Process and analyze healthcare data for operational efficiency
• Generate reports and insights for healthcare providers
• Facilitate patient communication and appointment scheduling
• Support medical coding and billing automation

3.2 Platform Operations

• Personalize and improve your user experience
• Process payments and manage subscriptions
• Provide customer support and technical assistance
• Maintain platform security and prevent fraud
• Comply with healthcare regulations and legal obligations
• Conduct quality assurance and service optimization

3.3 PHI Processing

PHI is used solely for the purposes specified in our Business Associate Agreement and as directed by the covered entity, including:

• Treatment support and care coordination
• Healthcare operations and administrative functions
• Payment processing and billing activities

4. Information Sharing and Disclosure

4.1 General Sharing

We may share your information with:

• Service Providers: Third-party vendors who assist in platform operations (under appropriate data protection agreements)
• Healthcare Partners: Integration partners and EHR systems as necessary for service delivery
• Legal Authorities: When required by law, court order, or to protect rights and safety
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• With Consent: When you provide explicit authorization

4.2 PHI Sharing

PHI is shared only:

• As authorized by the covered entity in our Business Associate Agreement
• As required by law or for public health purposes
• For treatment, payment, or healthcare operations as permitted under HIPAA
• With your explicit written authorization

4.3 De-identified Data

We may use and share de-identified health information that cannot reasonably identify individuals for research, analytics, and service improvement purposes.

5. Your Rights

5.1 General Rights

• Access: Request copies of your personal information
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your data
• Opt-out: Unsubscribe from marketing communications
• Restriction: Request limitations on data processing

5.2 HIPAA Rights (for PHI)

• Right to access your PHI
• Right to request amendments to PHI
• Right to request restrictions on PHI use/disclosure
• Right to request confidential communications
• Right to file complaints with us or the Department of Health and Human Services

6. Data Security

We implement comprehensive security measures including:

• Encryption: Data encrypted in transit and at rest using industry-standard protocols
• Access Controls: Role-based access with multi-factor authentication
• Audit Logging: Comprehensive logging of all PHI access and modifications
• Security Training: Regular HIPAA and security training for all personnel
• Risk Assessments: Regular security risk assessments and vulnerability testing
• Incident Response: Established procedures for security incident management and breach notification

7. Data Retention

• Personal Information: Retained as long as necessary for service provision and legal compliance
• PHI: Retained according to Business Associate Agreement terms and applicable healthcare record retention requirements
• Audit Logs: Maintained for minimum periods required by healthcare regulations
• De-identified Data: May be retained indefinitely for research and analytics

8. International Data Transfers

Healthcare data is primarily processed within the United States. Any international transfers comply with applicable laws including HIPAA and are subject to appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

9. Cookies and Tracking

We use cookies and similar technologies for:

• Platform functionality and user authentication
• Performance monitoring and analytics
• Security and fraud prevention

You can manage cookie preferences through your browser settings, though some platform features may be affected.

10. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from minors without appropriate parental consent and healthcare provider authorization.

11. State-Specific Rights

Residents of certain states may have additional privacy rights under state laws (e.g., California CCPA, Virginia CDPA). Contact us for information about exercising these rights.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. Material changes will be communicated through platform notifications or email.

13. Contact Information