Neolytix is committed to protecting your privacy. These Privacy Policy explain how we collect, use, disclose, and protect your personal information when you use our application (the “App”) to transcribe and summarize recorded audio and generate notes from small text inputs. By using the App, you agree to the collection, use, and disclosure of your personal information in accordance with this Privacy Policy. 

Definitions: 
“Customer” means any entity that subscribes to Neoscribe Application, including but not limited to licensed healthcare providers, medical practices, clinics, hospitals, healthcare systems, and other professional healthcare entities.  

“Individual/Patient” means end-users, or patients of Customers, who receive healthcare treatment, consultation, or related services from the Customer in a personal capacity. They are not parties to any direct contractual relationship with Neoscribe and do not engage Neoscribe for its services themselves. 

Scope & Application: 
This Privacy Policy applies to any Customer of Neoscribe that are healthcare providers, businesses, enterprises, medical practices, clinics, hospitals, or other professional organization. 
 

Consent 
Neoscribe does not have any direct relationship with Individuals/Patients of its Customers. Neoscribe relies on and requires its Customers to ensure that they have obtained the necessary consent of their Individuals/Patients or other authority for Neoscribe to collect and use their data on behalf of the Customer. 

Usage and Protection: 

When you access and use our website, Platform, Application or other associated services, we collect and hold the following main categories of information as detailed in the table below. The collection of extensive data sets, including device information, is crucial for enhancing user experience, optimizing service functionality, and ensuring effective security measures. We process such information based on legitimate interests, improving our services and maintaining security.  
 

Category	Details
Your general personal information	This includes information or an opinion about you that is reasonably identifiable. For example: your name, address, age or date of birth, gender, contact number and email address. Whether you are a Practitioner we may also collect information relating to your qualifications, registrations, training and educational background.
Your health information	This includes any health information that Customer provides when accessing or using our website, Platform or other services. We may collect health information from you for the purpose of facilitating the delivery of healthcare services by you. We may also collect health information of Patients from Practitioners, including where a Practitioner has treated a Patient arising out of, or in connection with, the Platform. This may include information that a Practitioner provides directly to us or otherwise makes available to us. The types of health information may include your medical history, clinical notes, test results, disease status and prescribed medications (amongst others).
Device information	This includes your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information.
Information collected for our own business improvement	We may de-identify your general personal information and use it in aggregate form to conduct analysis on how our website, Platform and other services are being used to help us improve our services and provide benefits back to our users. When we refer to ‘de-identified’ information, we mean information that has undergone a process of removing all personal identifiers that can reasonably identify you so that there is no reasonable likelihood of re-identification occurring. When we use this information for the purposes of business improvement, it is always in de-identified form.
De-identified health information	We may de-identify your health information and use it to provide the Platform functionality and to improve the Platform and other services.
Information collected by cookies	We may collect de-identified information via cookies on our website, such as your browser type, operating systems and other websites visited. We may also collect some personal information when using cookies, such as where a cookie is linked to your account.

 

How we collect your Information: 

Category	Details
Registration	When you register on our website or Platform.
Communication	Where you communicate with us through correspondence, questionnaires, chats, email, or when you share information with us from other services or websites. Communications may occur through the Platform.
Interaction	When you interact with our sites, Platform, services, content and advertising or use our Platform or services.

 

Why we use your Information: 

Category	Details
Access	To enable you to access and use our website, Platform and other services.
Improvement	Design, provide, improve and manage our website, Platform and other services, business and your experience, such as to perform analytics.
Services	To facilitate the delivery of healthcare services to patients. For example, information relating to Patients’ medical history, complaints or symptoms may be collected and used by the Platform so that Practitioners can make treatment decisions.
De-identified information for Platform functions and improvement	We may de-identify and/or aggregate your personal information, including your health information, for the purposes of using that de-identified information to provide certain functionality and develop and improve the Platform.  ‍
Support	Send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you.
Contact	Contact you when we need to tell you something important about the website, Platform and other services, or your information.
Other purposes when de-identified and/or aggregated	We may also de-identify and/or aggregate your personal information for other purposes that may not be set out in this Privacy Policy including improving our services and accuracy of our services

 

How we protect your information: 

Category	Details
Staff Training	We put our staff through training in how to keep your information safe and secure at all times.
De-identification tools	We use a range of tools designed to de-identify your information before it is used or disclosed for certain purposes, as described in this policy.
Services	To facilitate the delivery of healthcare services to patients. For example, information relating to Patients’ medical history, complaints or symptoms may be collected and used by the Platform so that Practitioners can make treatment decisions.
Secure storage and handling	We use a combination of techniques and measures to maintain the security of our website and Platform and to protect your account and your information.  ‍
Destroying or de-identifying your information	We only keep your information for as long as we need it or are lawfully required to keep it.

Retention: 
Neolytix does not permanently store PHI. Data submitted may be used to train LLM models, ensuring all inputs are de-identified. No PHI or identifiable user data is retained by us. Data privacy and confidentiality are strictly maintained.  

Information Disclosure:  
We do not disclose your personal information to any third parties. None of the user data (ie. emails, usage data) is shared with third-party groups. 

Changes to the Policy 

If we need to change this policy in a way that affects the way we handle your information, if you use our Platform, you’ll receive an alert from us. We will also publish the changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy. 

 

Privacy Compliance Statement 

Compliance Statement-Federal USA, Federal Canadian 

Neolytix has demonstrated a strong commitment to adhering to the Health Insurance Portability and Accountability Act (HIPAA)1996 and Personal Information Protection and Electronic Documents Act(PIPEDA) 2000 regulations ensuring the protection and confidentiality of Electronic Protected Health Information (ePHI).  

Key Areas of Compliance:  

1. Privacy Rule Compliance 45 CFR §164.502(e): Neolytix ensures the confidentiality of ePHI, allowing access only to authorized individuals and maintaining strict control over the use and disclosure of health information. 
2. Security Rule Compliance 45 CFR §164.312: The organization has implemented robust security measures, including administrative, physical, and technical safeguards, to ensure the integrity and security of ePHI. This includes advanced encryption protocols, secure data transmission methods, and comprehensive access control systems.
3. Breach Notification Compliance: Neolytix has an effective breach notification process in place. In the event of any unauthorized access or breach, there are established protocols for prompt notification to affected parties and relevant authorities, aligning with HIPAA requirements. 
4. Training and Awareness: Regular training programs are conducted for all employees to ensure awareness and understanding of HIPAA regulations, focusing on the handling of ePHI and compliance responsibilities. 
5. Business Associate Agreements (BAAs): Neolytix maintains BAAs with all third-party service providers who handle ePHI, ensuring that these associates adhere to HIPAA standards and provide sufficient guarantees about their safeguards for protecting health information. 
6. Disclosure of Data Practices: Neolytix shall make readily available to users specific information about its policies and practices relating to the management of personal information as per Section 4.8, Schedule I, PIPEDA 2000
7. Data Security Measures: Neolytix shall implement physical, technical, and organizational safeguards to protect user health data against loss, theft, modifications and unauthorized access as stated under Section 4.7, Schedule I of PIPEDA 2000
8. Right to Access Information: Neolytix will provide users access to their personal information stored in the database as per Section 4.9, Schedule I, PIPEDA 2000

Related Regulations: 

1. Neolytix shall not interfere with or delay access to patient data that is legally required to be shared under the Information Blocking provisions of the 21st Century Cures Act (45 CFR §171.103).
2. Neolytix shall ensure compliance with the HITECH Act (42 U.S.C. §17931) by reporting any known data breach or unauthorized disclosure of PHI to the user without unreasonable delay and within the 60-day federal window.

User Compliance 

1. User shall obtain valid patient authorizations and consents as required under HIPAA (45 CFR §164.508) prior to sharing any PHI for documentation-related purposes,
2. User shall notify the service provider of any revocation of consent or data subject rights under HIPAA within 24 hours to avoid unauthorized processing or disclosure.  
3. User shall ensure that the data submitted is truthful, current, and accurate to the best of their knowledge. Providing falsified or misleading data constitutes a material breach and may trigger penalties under the False Claims Act (31 U.S.C. §3729)

 

Neolytix adherence to compliance regulations shows its dedication to maintaining the highest standards of privacy and security in the handling of sensitive health information. Through continuous monitoring, training, and updates to security practices, Neolytix remains committed to upholding these standards and adapting to any changes in regulatory requirements. 

Find out more: 
If you have any questions about this Privacy Policy or our privacy practices, please contact us at: legal@neolytix.com