Privacy Policy

Introduction

Astute Medic ("we," "us," or "our") is committed to protecting the privacy of individuals who visit our website, register for our service, and use our applications ("Platform"). This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our Platform and services.

We understand the sensitive nature of healthcare information and take our responsibility to protect it seriously. We comply with all applicable laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and other relevant privacy laws.

Information Collection

We collect several types of information from and about users of our Platform, including:

Personal Information

Personal information may include:

• Contact information (name, email address, phone number, etc.)
• Account credentials
• Billing information
• Professional information (for healthcare providers)

Protected Health Information (PHI)

As a business associate to healthcare providers, we may process Protected Health Information (PHI) as defined by HIPAA. This includes demographics, medical history, test and laboratory results, insurance information, and other data that healthcare providers or health plans collect to identify an individual and determine appropriate care.

Usage Data

We automatically collect certain information about how you access and use our Platform, including:

• IP address and device information
• Browser type and version
• Operating system
• Time spent on pages
• Clickstream data
• Cookies and similar tracking technologies

Information Use

We use the information we collect for the following purposes:

Service Delivery

• Provide, operate, and maintain our Platform
• Process transactions and send related information
• Send administrative information
• Provide customer support

Improvement & Development

• Improve, personalize, and expand our Platform
• Understand and analyze usage patterns
• Develop new products, services, and features

Communication

• Respond to inquiries and fulfill requests
• Send important notices and updates
• With consent, send marketing communications

Legal Basis for Processing (where applicable)

We process personal information with the following legal bases:

• Performance of a contract when we provide services
• Legitimate interests in operating and improving our business
• Compliance with legal obligations
• Consent, where specifically requested

Information Protection

We implement appropriate technical and organizational measures to protect the information we collect and maintain. Our comprehensive security program includes:

While we implement safeguards designed to protect your information, no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.

HIPAA Compliance

As a business associate to covered entities (healthcare providers and organizations), we comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA).

Business Associate Agreements

We enter into Business Associate Agreements (BAAs) with covered entities that outline our obligations regarding the use, disclosure, and protection of Protected Health Information (PHI).

Security Rule Compliance

We maintain appropriate administrative, technical, and physical safeguards as required by the HIPAA Security Rule, including:

• Risk analysis and management procedures
• Security incident procedures and response plan
• Workforce security training and awareness
• Regular security assessments and audits

Privacy Rule Compliance

We respect the limitations on uses and disclosures of PHI as outlined in the HIPAA Privacy Rule. We only use or disclose PHI as permitted by our BAAs and applicable law.

Patient Rights

We respect and support the rights of individuals regarding their personal and health information:

Individual Rights under HIPAA

We assist covered entities in fulfilling their obligations regarding individual rights under HIPAA, including:

• Right to access and obtain a copy of health information
• Right to request corrections to health information
• Right to request restrictions on certain uses and disclosures
• Right to request confidential communications
• Right to receive an accounting of disclosures
• Right to be notified of breaches

Data Subject Rights (where applicable)

Where required by applicable law, we honor additional individual rights, which may include:

• Right to be informed about the collection and use of personal data
• Right to data portability
• Right to erasure ('right to be forgotten')
• Right to object to processing
• Right to restrict processing

To exercise these rights or to ask questions about your information, please contact your healthcare provider directly. As a business associate, we work with healthcare providers to respond to individual requests in accordance with applicable law.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws and regulations. The "Last Updated" date at the top of this Privacy Policy indicates when it was last revised.

When we make material changes to this Privacy Policy, we will notify you through a prominent notice on our Platform or by sending you an email. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer at: