Carelytics Privacy Policy (HIPAA-Compliant)

Effective Date: 7/10/25

1. Introduction

At Carelytics, we are committed to protecting the privacy and security of your health information. This Privacy Policy outlines how Carelytics collect, use, disclose, and safeguard your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws.

2. Information Carelytics Collect

Carelytics collect PHI through various means, including:

• Forms and Surveys: Information provided directly by you via online forms, surveys, or during consultations.

• Health Devices: Data collected from connected health devices or applications.

• Communications: Information from emails, phone calls, or other communications with our team.

3. How Carelytics Use Your Information

Your PHI may be used for:

• Treatment: To provide, coordinate, or manage your healthcare services.

• Payment: To process billing and payment for healthcare services.

• Healthcare Operations: For activities related to the operation of our services, such as quality assessment and improvement activities.

4. How Carelytics Share Your Information

Carelytics may disclose your PHI to:

• Healthcare Providers: For the purpose of providing treatment.

• Business Associates: Third-party vendors who perform services on our behalf, with whom Carelytics have signed a Business Associate Agreement (BAA) to ensure they comply with HIPAA regulations.

• Legal Requirements: As required by law, such as in response to a subpoena or court order.

5. Your Rights

You have the right to:

• Access: Request copies of your PHI.

• Amend: Request corrections to your PHI.

• Restrict: Request restrictions on certain uses and disclosures of your PHI.

• Confidential Communications: Request to receive communications of your PHI by alternative means or at alternative locations.

• Accounting of Disclosures: Request a list of disclosures Carelytics have made of your PHI.

To exercise these rights, please contact us at [Insert Contact Information].

6. Security of Your Information

Carelytics implement appropriate administrative, physical, and technical safeguards to protect your PHI, including:

• Encryption: Using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols for data transmission.

• Access Controls: Implementing role-based access controls and requiring multi-factor authentication for system access.

• Data Storage: Storing PHI in encrypted databases and ensuring secure backup procedures.

7. Breach Notification

In the event of a breach involving your PHI, Carelytics will notify you as required by HIPAA and applicable state laws. Notifications will include:

• A description of the breach.

• The types of information involved.

• Steps you can take to protect yourself.

• What Carelytics are doing to investigate and mitigate the breach.

8. Changes to This Privacy Policy

Carelytics may update this Privacy Policy from time to time. Any changes will be posted on this page, and the effective date will be updated accordingly.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at: Carelytics Privacy Office.