Privacy Policy

Privacy Policy For Pocket Patient Advocate

Safeguarding your privacy is our priority at Pocket Patient Advocate, accessible at pocketpatientadvocate.com. This Privacy Policy outlines how we collect, use, and protect your data while aligning with recognized privacy and security standards. Bespoke Patient Solutions LLC is the company behind Pocket Patient Advocate. This Privacy Policy applies to all services provided by Pocket Patient Advocate and managed by Bespoke Patient Solutions LLC.

If you have questions or need assistance, please contact us.

Scope of This Privacy Policy

This Privacy Policy applies to data collected through our website, mobile application, and associated services. It ensures transparency about managing and protecting your data when you use our services.

Consent

By using Pocket Patient Advocate (PPA), you consent to collecting, using, and processing your data as outlined in this Privacy Policy. This includes but is not limited to data required for app functionality, AI-driven services, and storage on secure external servers.

  1. Obtaining Consent:
    • Medical Disclaimer: Users are presented with a medical disclaimer and privacy information when logging into the app.
    • App-Level Permissions: The app uses standard device prompts (e.g., Apple/Android permissions) to request access to SMS, contacts, and uploaded files. Users are informed about why these permissions are needed.
    • Onboarding Process: At the time of account creation, users must accept the Terms & Conditions and Privacy Policy through a mandatory checkbox to proceed.
  2. Specific Consent for Sensitive Data:
    • Uploaded Medical Records: By uploading medical records or entering sensitive information, you explicitly consent to their processing through AWS and OpenAI’s services for the purpose of delivering app features.
    • AI Features: By using AI-driven services (e.g., symptom search), you consent to processing related data as described.
  3. Privacy Transparency:
    • Users can access detailed privacy disclosures via:
      • The Privacy Policy is available on the website.
      • Privacy disclosures within the app store listing.
  4. Withdrawal of Consent:
    • You can withdraw consent at any time by contacting support at contact@pocketpatientadvocate.com.  Your account and data can be deleted upon withdrawal per the Data Retention and Deletion policy. Note that withdrawing consent may limit app functionality.

Global Data Processing and Availability

Our app is available worldwide and may be downloaded and used in countries outside of the United States, including the UK and EU. We are committed to protecting your privacy across all regions by adhering to global privacy standards, such as:

  • Data Minimization: We collect only the information necessary to provide our services.
  • Secure International Transfers: Data transmitted between regions is encrypted using industry-standard SSL/TLS protocols.
  • Compliance with Applicable Standards: Our practices align with internationally recognized privacy principles, such as transparency, user rights, and purpose limitation.
  • User Rights: Users worldwide can access, correct, delete, or transfer their data upon request.

While regulations may vary by region, our goal is to provide a consistent, high level of privacy and security for all users, regardless of location.

Legal Basis for Data Processing
We handle your data based on the following legal grounds in accordance with applicable privacy laws:

  • Consent: Your explicit consent is obtained for processing sensitive data, such as medical records and data used for AI-driven services.
  • Contractual Necessity: Some data processing is essential to fulfill our obligations to you, such as maintaining your account and providing requested services.
  • Legitimate Interest: We process non-sensitive data, such as anonymized logs, to improve app functionality and troubleshoot performance issues. Legitimate interest ensures this processing is conducted responsibly and minimally impacts your privacy.
  • Legal Obligations: We may process and retain certain data to comply with legal and regulatory requirements.

Information We Collect

We collect specific types of information to provide you with a seamless, personalized, and secure experience:

  • Contact Information: Such as your name, email, and phone number, provided during registration or communication.
  • Uploaded Medical Records: Documents, including test results and notes, uploaded by users.
  • Search Queries and Questions: Entered into the app to deliver AI-driven insights.
  • App Permissions: SMS messages and phone contacts are accessed only to display within the app. We do not modify, delete, or send SMS messages, nor alter contact details in any way.

We ensure you are informed about what data is being collected and why.

How We Use Your Information

We use your information responsibly to:

  • Provide accurate, AI-driven insights and features, such as symptom search and medical upload translation.
  • Enhance and personalize your experience with our services.
  • Respond to inquiries and provide support.
  • Improve our services and introduce new features.
  • Maintain a secure and reliable platform.

Your data is never used for purposes other than those specified in this policy.

Data Storage and Security

We prioritize the protection of your data through robust security measures:

HIPAA-Eligible Services and Compliance: We store data securely on AWS services that meet HIPAA requirements. While cloud providers do not receive HIPAA certification, AWS adheres to FedRAMP, NIST 800-53, and other security standards that align with the HIPAA Security Rule.

OpenAI Integration: OpenAI’s API processes certain AI-driven services. We have executed a Business Associate Agreement (BAA) with OpenAI, ensuring all PHI-related processing occurs through zero-retention, HIPAA-compliant API endpoints. OpenAI does not store PHI, ensuring privacy and security.

Security Measures Include:

  • Encryption: SHA-256 with RSA encryption secures all PHI in transit and at rest.
  • Access Controls: Strict, role-based access restrictions limit PHI access to authorized personnel only.
  • Audit Logs: Secure logging ensures compliance monitoring.
  • Data Minimization: Only essential PHI is processed.

These safeguards ensure the Pocket Patient Advocate app aligns with HIPAA requirements.

Breach Notification & Compliance

Pocket Patient Advocate follows strict breach response protocols in line with HIPAA and GDPR regulations.

  • HIPAA Compliance: If there is a breach involving Protected Health Information (PHI), we will notify affected users and the Department of Health & Human Services (HHS) within 60 days.
  • GDPR Compliance: If a breach risks user privacy under GDPR, we will notify the appropriate Data Protection Authority (DPA) within 72 hours and affected users as required.
  • Incident Response: If a breach occurs, we will:
    • Secure affected accounts and mitigate exposure.
    • Investigate vulnerabilities and document findings.
    • Provide guidance to affected users on protective actions.

We maintain audit logs and security reports to ensure ongoing compliance. Please contact us at contact@pocketpatientadvocate.com for more information or assistance.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

  • Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collect about consumers.
  • Request that a business delete any personal data about the consumer that a business has collected.
  • Request that a business that sells a consumer’s personal data, no sell the consumer’s personal data

If you make a request, we have one month to respond to you.  Please contact us, if you would like to exercise any of these rights.

User Rights and Privacy Standards

We adhere to global privacy principles to protect your rights as part of our ongoing commitment to safeguarding your data.  Every user is entitled to the following:

  • The Right to Transparency: You have the right to be informed about data collection and use practices upfront.
  • The Right to Access: You have the right to view and obtain copies of your personal data. We may charge you a small few for this service.
  • The Right to Rectification: You have the right to request that we update or correct any information you believe is inaccurate.  You also have the right to request that we complete the information you believe is incomplete.
  • The Right to Erasure: You have the right to request that we erase your personal data, under certain circumstances.
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your data, under certain conditions, such as when disputing its accuracy or objecting to its use.
  • The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions such as direct marketing or non-essential operations
  • The Right to Data Portability: You have the right to request that we transfer your data in a secure format to another organization or directly to you, under certain conditions.

Your data is collected and used strictly for purposes outlined in this Privacy Policy.  These rights reflect our commitment to privacy and transparency in all regions where Pocket Patient Advocate app is available.  If you believe your rights have been violated, you have the right to file a complaint with the relevant Data Protection Authority (DPA) in your jurisdiction.
To exercise these rights, please contact our support team at contact@pocketpatientadvocate.com.  We have one month to respond to your request in accordance with applicable laws.

AI-Driven Services

Pocket Patient Advocate integrates OpenAI’s API to process medical queries, symptom searches, and document analysis.

  • Data Usage: OpenAI processes data solely to generate requested outputs. Data is not stored or used for model training.
  • Security: OpenAI’s HIPAA-compliant API ensures zero data retention for all PHI-related queries.
  • Business Associate Agreement (BAA): We have a signed BAA with OpenAI, ensuring all PHI processing occurs within HIPAA-compliant endpoints.

OpenAI does not retain user data beyond immediate processing, ensuring privacy compliance.

Data Retention and Deletion

  • Retention: Data is stored only as long as necessary to provide services or comply with legal obligations.
  • Deletion: Users can delete their accounts and associated data via the app. Upon request, our support team can permanently remove all records, including backups and logs.
  • Automatic Deletion: Deleted data is permanently removed within 30 days.
  • OpenAI API: Any PHI sent to OpenAI’s API is not retained under its zero-retention policy.

Our policies ensure compliance with HIPAA’s Minimum Necessary Standards and data protection best practices.

Tracking and Analytics
We use cookies to improve your experience:

  • Preferences: Cookies remember your settings for a more personalized experience.
  • Performance: Cookies optimize our website and app functionalities.

In addition to necessary cookies, we may use analytics tools to better understand how users interact with our app and improve its functionality. These tools may collect anonymized data, such as user activity and preferences, to help us enhance your experience.

Cookie Preferences and Opt-Out Options:

  • Users can manage their cookie preferences through their browser settings or by using in-app privacy tools (where applicable).
  • For analytics cookies, you can opt out at any time without affecting the core functionality of the app.

We do not use cookies or tracking technologies for advertising purposes.

Transparency and Log Files

We use anonymized log files to improve our services and troubleshoot issues continuously. These logs may include:

  • IP addresses
  • Browser details
  • Access times and dates
  • Referring/exit pages

This data is anonymized and used strictly for performance monitoring.

Website-Specific Log Files:

In addition to anonymized log files for app and service performance, we collect standard log files when you visit our website. These log files may include:

  • Internet Protocol (IP) addresses
  • Browser type
  • Internet Service Provider (ISP)
  • Date and time of access
  • Referring/exit pages
  • Number of clicks and browsing patterns

This information is collected solely for analytics and demographic tracking to improve our website’s functionality and user experience. The data is anonymized and is not linked to any personally identifiable information.

Proactive Security Measures

Your security is at the core of what we do:

  • End-to-End Encryption: Data is encrypted during transmission.
  • HIPAA-Compliant Storage: Data is stored on HIPAA-compliant AWS services, ensuring PHI security under our Business Associate Agreement (BAA) with AWS
  • Regular Security Evaluations: Our security practices are regularly reviewed to meet industry standards. Access to PHI is monitored through secure audit logs, which are regularly reviewed to detect and address unauthorized access.

Children’s Privacy

Protecting the privacy of children is especially important to us. Pocket Patient Advocate does not knowingly collect any Personal Identifiable Information (PII) from children under 13.

If we become aware that a child under 13 has provided personal information, we will take immediate steps to delete that data from our systems. We encourage parents and guardians to observe, participate in, and/or monitor their children’s online activities.  Please contact us at contact@pocketpatientadvocate.com if you believe a child has provided personal information through our services.

Updates and Communication

We review this policy regularly and will notify users of significant updates through in-app notifications, emails, or updates to this page.

Feedback and Accessibility

Your feedback helps us improve. If you have questions or need this policy in an accessible format, please contact us. We’re here to help.

Quick Links

Legal

Contact

Linkedin Facebook-square
Download PPA on iOS today and take control of your health education with a free trial period!