Privacy Policy

Introduction

At Hipmed, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your data when you use our website or services. We comply with both the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR) to provide the highest level of data protection for our users.

Our Commitment to HIPAA Compliance

As a healthcare technology provider, we recognize the importance of protecting Protected Health Information (PHI). We implement the following measures to ensure HIPAA compliance:

• Administrative Safeguards: We maintain comprehensive policies and procedures governing the protection of PHI, conduct regular risk assessments, and provide appropriate training to our staff.
• Technical Safeguards: We implement access controls, encryption, audit controls, and integrity controls to protect electronic PHI.
• Physical Safeguards: We maintain secure facilities and workstations, and implement proper device and media controls.
• Breach Notification: We have procedures in place to identify and respond to suspected or known security breaches.
• Business Associate Agreements: We enter into business associate agreements with third parties who may handle PHI on our behalf.

Our Commitment to GDPR Compliance

We respect the rights of EU residents and comply with the GDPR by implementing the following measures:

• Lawful Basis for Processing: We only collect and process personal data with a valid legal basis, such as consent, contractual necessity, or legitimate interests.
• Transparency: We provide clear information about how we collect and use personal data.
• Data Minimization: We limit our data collection to what is necessary for the purpose for which it is processed.
• Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
• Individual Rights: We respect and facilitate the rights of individuals to access, rectify, erase, restrict processing, object to processing, and data portability.
• Data Security: We implement appropriate technical and organizational measures to ensure the security of personal data.

Information We Collect

We may collect the following types of information:

Personal Information

• Name
• Email address
• Phone number
• Organization or affiliation
• Message content when you contact us

Usage Information

• IP address
• Browser type and version
• Operating system
• Referral source
• Length of visit, page views, website navigation

How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain our services
• To respond to your inquiries and requests
• To send you updates, newsletters, or other communications that you have requested
• To improve our website and services
• To monitor the usage of our website
• To detect, prevent, and address technical issues
• To comply with legal obligations

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and the purposes for which we process the data.

Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal information:

• Right to Access: You have the right to request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete information about you.
• Right to Erasure: You have the right to request that we delete your personal information in certain circumstances.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: You have the right to request that we transfer your personal information to another organization or to you directly.
• Right to Object: You have the right to object to our processing of your personal information in certain circumstances.

To exercise these rights, please contact us at privacy@hipmed.co.

Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms
• Regular backup procedures
• Staff training on data protection and security

Third-Party Services

We may use third-party services to assist us in providing our services. These third parties have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. All third-party service providers that may process personal health information on our behalf are HIPAA compliant and bound by Business Associate Agreements where applicable.

Children's Privacy

Our services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us at privacy@hipmed.co.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes.