Privacy & HIPAA Notice

Scope

This policy applies to information collected through our website and by AcuteHealth when providing services. It describes our practices for handling personally identifiable information (PII), and where applicable, PHI as defined under the Health Insurance Portability and Accountability Act (HIPAA).

Information We Collect

• Contact information: name, email, phone, organization (when provided through forms).
• Communications: messages you submit via contact forms and inquiry emails.
• Technical data: IP address, browser type, device identifiers, cookies and usage analytics.
• PHI: We do not request PHI via public contact forms. If PHI is provided inadvertently, we will treat it in accordance with the terms below and applicable law.

How We Use Information

We use collected information to:

• Respond to inquiries and provide information about our services.
• Improve site functionality, content, and user experience.
• Support operational needs such as billing, analytics, and security.

HIPAA & PHI Handling

AcuteHealth respects the sensitivity of PHI. Key controls and practices include:

• Minimal collection: Our public website is designed not to collect PHI. Contact forms are for general inquiries only.
• Use of PHI: If PHI is shared to evaluate services, we will only use it to respond and as otherwise authorized by you or required by law.
• Business Associate Approach: When we act as a Business Associate under a formal agreement, we implement administrative, physical, and technical safeguards required by HIPAA (e.g., encryption, access controls, audit logging).
• Data sharing: PHI is shared only with authorized personnel or third-party processors under contract with appropriate safeguards and limitations.

Note: This page provides a summary of privacy and HIPAA practices but does not replace a Business Associate Agreement (BAA). If you require a BAA, contact us and we will supply one prior to any PHI exchange.

Security Measures

We maintain administrative, physical, and technical safeguards to protect information, including:

• Encryption in transit (TLS) for web and API traffic.
• Encryption at rest for data stores where applicable.
• Role-based access controls and least-privilege principles.
• Regular security assessments, vulnerability scanning, and patch management.
• Incident response procedures and breach notification protocols in accordance with applicable law.

Third Parties & Service Providers

We may use third-party services (e.g., SparkPost for email transmissions, analytics providers, cloud hosts). Before sharing any sensitive data with a vendor, we require appropriate contractual protections, such as data processing agreements and — where required — BAAs.

For example, contact form messages are transmitted via the configured email provider (SparkPost). Please do not include PHI in public contact forms unless you have an executed BAA and have been instructed to do so.

Cookies & Tracking

We use cookies and similar technologies to improve site performance and analytics. Cookies do not contain PHI. You can control cookies via your browser settings; disabling some cookies may affect site functionality.

Data Retention & Deletion

We retain personal information only as long as necessary to fulfill the purposes described, or to comply with legal obligations. If you request deletion of your personal data, we will evaluate the request and remove data where appropriate and lawful. Requests can be made via the contact details below.

Your Rights

Subject to applicable law, you may have rights to access, correct, or request deletion of your personal information. To exercise these rights, please contact us at the address below. We will respond in accordance with applicable legal timeframes.

Breach Notification

In the unlikely event of a breach involving PHI, AcuteHealth will follow notification requirements set by HIPAA and applicable state laws. We will notify affected parties and authorities as required.

Contact & Requests

For privacy questions, BAAs, data access or deletion requests, please contact:

Email: info@acutehealth.ai
Phone: +1 (555) 123-4567

Changes to this Policy

We may update this privacy notice from time to time. The "Effective date" at the top indicates when this page was last updated. Material changes will be communicated where appropriate.