Privacy Policy

Effective Date: 01/01/2025

Last Updated: 01/01/2025

Medicus Notes ("we," "our," or "us") is committed to protecting the privacy and security of information processed through our mobile application ("App"). This Privacy Policy describes how we collect, use, and share information provided by healthcare professionals (referred to as "users" or "you") and how we securely handle Protected Health Information (PHI) related to patients.

By using the App, you agree to the terms outlined in this Privacy Policy.

1. Applicability of HIPAA

Our App is designed for healthcare professionals, including doctors, who may use the App to record, process, and manage patient visits. In doing so:

• You may transmit or store PHI (e.g., audio recordings, SOAP notes) through the App.
• We are committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) to ensure the privacy and security of PHI.
• As a Business Associate under HIPAA, we safeguard PHI on behalf of Covered Entities (e.g., healthcare providers) who use our App.

2. Information We Collect

2.1. Information Provided by Healthcare Professionals

• Account Information: Login credentials (e.g., via Google or other email).
• Subscription Information: Payment and subscription details collected through Apple or Google.
• Audio Recordings: Recordings of patient visits captured via the App for transcription into SOAP notes.

2.2. Patient Data (PHI)

• PHI may include patient symptoms, diagnoses, treatment plans, or other health information recorded by healthcare professionals and processed through the App.
• We do not excplicitly collect any PII (Personally Identifiable Information) except the name of the patient.

2.3. Automatically Collected Information

• Device Information: Device type, operating system, and unique device identifiers.
• Usage Data: Information about your interactions with the App, such as features accessed and session durations.

3. How We Use Information

We use the information we collect, including PHI, for the following purposes:

• For Healthcare Professionals: To provide core App functionality, manage subscriptions, and ensure compliance with HIPAA.
• For Patients (PHI): To process and securely store audio recordings for real-time transcription into SOAP notes.
• For Security and Compliance: To detect and prevent unauthorized access to PHI.
• Legal and Regulatory Requirements: To comply with legal obligations under HIPAA.

4. How We Use Information

We do not sell personal information or PHI. We use it in the context of the app and the services we provide:

• With Service Providers: Trusted third-party vendors who process information on our behalf under HIPAA-compliant safeguards.
• With Covered Entities: Authorized sharing with healthcare organizations using the App.
• For Legal Reasons: To comply with legal or regulatory obligations, including HIPAA.

5. HIPAA Compliance and Data Security

We implement rigorous measures to protect patient data and ensure compliance with HIPAA:

• Audio Recordings: Temporarily stored in encrypted cloud storage and deleted automatically after 30 days.
• SOAP Notes: Stored in Firestore and associated with the healthcare professional’s account. Retention may be controlled by the user based on their clinical documentation needs.
• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption, including audio files and transcribed SOAP notes.
• Access Controls: We enforce strict, role-based access to PHI and use Firebase Authentication to verify and restrict user access.
• Storage: Data is encrypted at rest, and stored on Google Cloud Platform using HIPAA-compliant services.
• Logging: Access to PHI is logged and periodically reviewed to detect unauthorized access.
• Device Controls: Audio recordings are automatically deleted from the iOS device once they are successfully uploaded to secure cloud storage.

6. Your Responsibilities as a Healthcare Professional

As a user of the App:

• You are responsible for ensuring your use of the App complies with HIPAA or other applicable regulations.
• You must use secure devices and accounts to access the App.
• You should not share your App credentials or PHI with unauthorized parties.

8. Contact Us

If you have questions or concerns about this Privacy Policy or HIPAA compliance, please contact us:

Email: support@unaryops.com