CareCompile ("we," "our," or "us") is committed to protecting the privacy of healthcare organizations and their patients. This Privacy Policy explains how we collect, use, and safeguard information when you use our clinical intelligence platform.
CareCompile is designed to be HIPAA-compliant and we offer Business Associate Agreements (BAA) to covered entities.
1. Information We Collect
CareCompile processes clinical data on behalf of healthcare organizations in accordance with HIPAA regulations. We may collect:
Contact Information: Name, email, organization name, and role when you request information or sign up
Clinical Data: HL7 messages, lab results, radiology reports, and clinical notes as configured by your organization
Usage Data: System performance metrics, feature usage statistics, and error logs
Technical Data: IP addresses, browser types, and device information for security purposes
2. HIPAA Compliance
CareCompile is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) when deployed according to our implementation guidelines. We maintain:
Data encryption in transit (TLS 1.3) and at rest (AES-256)
Comprehensive audit logging of all data access
Role-based access controls (RBAC)
Business Associate Agreements (BAA) with covered entities
Regular security assessments and penetration testing
Incident response and breach notification procedures
3. How We Use Information
We use collected information to:
Provide and improve our clinical intelligence services
Generate AI-powered clinical summaries and recommendations
Detect and flag critical values and concerning trends
Maintain system security and prevent unauthorized access
Communicate important updates and service information
Comply with legal and regulatory requirements
4. Data Sharing
Protected Health Information (PHI) processed by CareCompile is:
Never sold to third parties
Never used for marketing purposes
Only shared with authorized users within your organization
Only disclosed as required by law or with explicit authorization
5. Data Security
We employ industry-standard security measures including:
AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
Multi-factor authentication (MFA) support
Regular security audits and vulnerability assessments
24/7 security monitoring and alerting
Documented incident response procedures
6. Data Retention
We retain data according to your organization's policies and applicable legal requirements. Upon contract termination:
You may request export of your data
Data is securely deleted within 90 days unless otherwise required by law
Deletion certificates are available upon request
7. Your Rights
Depending on your jurisdiction, you may have the right to:
Access your personal data
Request correction of inaccurate data
Request deletion of your data (subject to legal retention requirements)
Object to certain data processing
Request data portability
8. Cookies and Tracking
Our website uses essential cookies for functionality. We do not use third-party advertising trackers. Analytics data is anonymized and used only to improve our services.
9. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated to active customers via email. The "Last Updated" date at the top indicates when the policy was most recently revised.