Data Use Policy

1. Introduction

This Data Use Policy describes how Helpcare AI, Inc. ("we," "us," or "our") collects, uses, stores, and protects data through our healthcare information technology platform (the "Service"). We are committed to maintaining the privacy, security, and integrity of all data entrusted to us, particularly Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).

2. Scope

This policy applies to all data processed through the Service, including data provided by healthcare organizations ("Covered Entities"), their patients, and authorized users. It governs data collected directly, data integrated from Electronic Health Record (EHR) systems, and data generated through use of the Service.

3. Data We Collect

We collect and process the following categories of data:

Patient Information: Name, date of birth, contact information, medical record numbers, appointment details, insurance information, and clinical information necessary to deliver the Service.

Usage Data: System logs, interaction records, timestamps, and performance metrics related to Service operation.

Administrative Data: User credentials, role assignments, audit trails, and configuration settings.

4. How We Use Data

We use data solely for the following purposes:

Service Delivery: To perform the contracted healthcare operations, including patient communications, appointment management, care coordination, and clinical workflow support.

Quality Assurance: To monitor, maintain, and improve the accuracy, reliability, and performance of the Service.

Compliance and Reporting: To meet legal, regulatory, and contractual obligations, including generating reports required by Covered Entities.

Security: To detect, prevent, and respond to security incidents, fraud, or unauthorized access.

We do not sell patient data. We do not use PHI for marketing purposes without explicit authorization.

5. Data Sharing

We disclose data only as follows:

To Covered Entities: We return data and reports to the healthcare organizations that have engaged our Service, in accordance with our Business Associate Agreements.

As Required by Law: We may disclose data when required by law, regulation, court order, or governmental authority.

6. Data Retention

We retain data only as long as necessary to fulfill the purposes described in this policy and to comply with legal and contractual retention requirements. Upon termination of a customer relationship, we will return or securely destroy data in accordance with the applicable Business Associate Agreement and regulatory requirements.

7. Security Measures

We implement administrative, technical, and physical safeguards designed to protect data against unauthorized access, disclosure, alteration, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, workforce training, and incident response procedures.

8. Patient Rights

Patients retain rights regarding their health information as provided under applicable law, including HIPAA. Requests to access, amend, or restrict the use of PHI should be directed to the relevant Covered Entity, who will coordinate with us as necessary.

9. Policy Updates

We may update this policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated to our customers, and the updated policy will be posted with a revised effective date.

10. Contact Information

Questions about this policy or our data practices may be directed to:

Privacy Officer privacy@careforce.ai