Privacy Policy

1. Information We Collect

a. Patient Health Information (PHI)

We collect, process, and store Protected Health Information (PHI) on behalf of covered entities (e.g., SNFs, physician groups) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This may include:

• Patient names, dates of birth, and contact information
• Clinical notes, diagnoses, medications, and treatment plans
• Vitals, lab results, imaging data, and care documentation
• Discharge summaries, SBAR/Change-of-Condition notes, and orders

b. Provider Information

We may collect information about healthcare providers and SNF staff, such as:

• Name, role/title, NPI number
• Login credentials and contact information
• Documentation patterns and feedback for training AI models

c. Usage Data

When you use our Services, we may automatically collect information including:

• Device type, browser, and IP address
• Pages or features used, timestamps, and performance metrics
• Error reports and diagnostic logs

2. How We Use Information

We use the information we collect to:

• Deliver and maintain the functionality of our Services
• Generate clinical documentation (e.g., shift notes, SBARs, med pass logs)
• Improve care coordination and reduce readmissions
• Monitor service performance, usage trends, and system health
• Train and improve our AI models (only using de-identified data)

We do not sell or rent any personal or patient data.

3. How We Share Information

We may share information in the following circumstances:

• With SNFs, hospitals, and providers: to deliver contracted Services and reports
• With third-party service providers: for hosting, analytics, or support, under strict data protection agreements
• As required by law: to comply with legal obligations or law enforcement requests
• In case of a merger or acquisition: with appropriate safeguards and notices

4. Data Security and Storage

We implement robust security measures to protect data, including:

• Encryption of data at rest and in transit
• Access controls based on role and least privilege
• Routine security audits and logging
• HIPAA-compliant infrastructure partners

5. Data Retention

We retain information only for as long as necessary to:

• Fulfill the purposes outlined in this Policy
• Comply with legal, contractual, or regulatory obligations
• Support customer-requested data retention schedules

De-identified data may be retained to improve our Services and AI capabilities.

6. Your Rights and Choices

For providers and facilities:

You may request access, correction, or deletion of your account data by contacting us.

For patients:

Symbolic Health operates as a Business Associate under HIPAA and does not directly provide healthcare. Please contact your SNF or healthcare provider for any access or correction requests related to your health records.

7. Children's Privacy

Our Services are intended for use by licensed healthcare professionals and institutions. We do not knowingly collect personal information directly from individuals under 13.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via our website or through your organization's designated contact.

9. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact: