Privacy Policy
Information We Collect
PHI:
This includes information that can identify you, such as your name, contact details, medical records, treatment history, and insurance information.
Non-PHI:
This includes technical information like your device type, IP address, and usage data, which we collect through cookies and similar technologies.
Google User Data:
If you sign in using your Google account or connect your Google account to our services, we may collect certain information from your Google account, such as your email address and profile information. This data is used to enhance your experience on our platform.
How We Use Your Information
To Provide and Improve Our Services:
We use your PHI to schedule surgeries, generate analytics, and personalize your experience. Google user data is used to facilitate login, personalize your experience, and integrate with other Google services you may use.
To Communicate with You:
We may send you notifications, updates, and marketing materials related to our services. You can opt out of marketing communications at any time.
To Comply with Legal Obligations:
We may use and disclose your PHI as required by law, such as for reporting purposes or responding to court orders.
How We Share Your Information
With Your Healthcare Providers:
We may share your PHI with healthcare providers involved in your care, such as surgeons, hospitals, and clinics.
With Business Associates:
We may share your PHI with third-party vendors who perform services on our behalf, such as cloud storage providers or data analysts. These vendors are contractually obligated to protect your PHI.
With Your Consent:
We may share your PHI with other parties if you give us your express permission.
With Google:
We may share certain non-sensitive information with Google services you use, in accordance with Google’s API Services: User Data Policy. This includes information needed to facilitate Google integrations and services.
How We Protect Your Information
Security Measures: We implement administrative, technical, and physical safeguards to protect your PHI from unauthorized access, disclosure, alteration, or destruction.
Security Measures:
We implement administrative, technical, and physical safeguards to protect your PHI from unauthorized access, disclosure, alteration, or destruction.
De-identification:
We may de-identify your PHI for research and analytics purposes. De-identified information cannot be traced back to you.
Your Rights
Access and Rectification:
You have the right to request access to your PHI and to correct any inaccuracies.
Restriction of Use:
You can request that we restrict the use or disclosure of your PHI, although this may limit our ability to provide certain services.
Objection:
You can object to the processing of your PHI for direct marketing purposes.
Specific Information about AI Models:
Which third-party AI models your app utilizes.
- Our app features a Q and A component which utilizes foundational LLMs, included but not limited to DBRX, Llama, Mixtral.
What data is shared with these models.
- The user’s question is sent as input data (the inquiry). Additionally with a RAG implementation, app usage data is also sent for context.
The purpose of sharing this data with AI models.
- This data represents the user’s question/inquiry, which is then responded to via the LLM.
How the models use this data and what impact it might have on users.
- The LLM is only used to provide answers using natural language during chat and Q and A.
Do users have any options to control or opt out of data sharing with AI models?
- Users can sign up/opt to use our Q and A feature at their discretion.
How you ensure responsible and ethical use of data by these models.
- User inputs are not used to train any LLMs, in addition, as with industry standard, the data is used within built in guard rails to ground the outputs and also make sure no harmful or abusive use is intended.
HIPAA Compliance
We adhere to all HIPAA regulations, including the Privacy Rule, Security Rule, and Breach Notification Rule. We have a designated HIPAA Privacy Officer who oversees our compliance efforts.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the revised policy on our website.
Contact Us
If you have any questions or concerns about our privacy practices, please contact us at info@surgicalendar.com
Additional Information
Cookies:
We use cookies to enhance your browsing experience and collect usage data. You can manage your cookie preferences through your browser settings.
Third-Party Links:
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites.
Children’s Privacy:
Our services are not intended for children under the age of 13. We do not knowingly collect personal information from children.
Limited Use Disclosure:
Surgicalendar’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. For more information, please review the https://developers.google.com/terms/api-services-user-data-policy.
By using Surgicalendar, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
Visibility and Links
- This Privacy Policy is visible to users on our app homepage.
- The Privacy Policy is linked on the OAuth consent screen in the Google Cloud Console.
- The URL for the Privacy Policy on the OAuth consent screen matches the URL on our app homepage.
1. Our application makes use of proprietary models that are trained using de-identified and anonymized cohort datasets. No training is performed using identifiers such as names, DOB, addresses, phone numbers and email addresses.
The data used does include metadata related to normal application use such as timestamps/dates of user engagement in the app, scheduling information, procedure ontologies, and user preferences.
Any user input that is served to a language model is not used in the training of that language model. As per industry standard, note that user inputs may temporarily be stored on the model serving service that is being utilized. This is for the purposes of detecting, preventing, and mitigating abuse or harmful uses. This can be stored for up to 30 days and only accessible for detecting and responding to security or abuse concerns.
2. Users are made aware of this via the Terms and Conditions provided, outlined by the privacy policy listed as part of the terms of use.
By addressing these requirements, we ensure compliance with Google’s policies and protect user data effectively. If you have any questions or need further information, please contact us at info@surgicalendar.com.