Dev 1.0
Health
QubixCare
Quick Actions
New Task Add Appointment Add Member
Notifications
Live
Profile Picture
s
Messages Profile Logout
Audio Call
Toggle switch to become available for calls

Privacy Policy & Notice of Privacy Practices

Last updated: 11/8/2025
HIPAA Notice of Privacy Practices

This Notice of Privacy Practices describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This notice is required by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

1. Our Commitment to Your Privacy

IndoQubix Health Solutions ("we", "us", "our") is committed to protecting the privacy and security of your Protected Health Information (PHI). This comprehensive policy describes our practices concerning the collection, use, and disclosure of your health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, state privacy laws, and other applicable regulations.

1.1 Legal Framework

Our privacy practices are governed by the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the HITECH Act of 2009, the 21st Century Cures Act, state-specific healthcare privacy laws, Federal Trade Commission (FTC) regulations, and the General Data Protection Regulation (GDPR) for EU residents.

2. Information We Collect

2.1 Protected Health Information (PHI)

We collect and maintain various types of health information necessary for providing comprehensive healthcare services through our platform.

Personal Identifiers

We collect essential personal identifying information including your full name and any aliases you may use, your date of birth and current age, and your Social Security Number when required for insurance or legal purposes. We also maintain your current address and comprehensive contact information, including all phone numbers (home, work, and mobile), email addresses, and emergency contact information for safety purposes. Additionally, we record your preferred language and communication preferences to ensure we can effectively communicate with you in the manner you prefer.

Health Information

Our platform maintains comprehensive health information including your complete medical history and current diagnoses, ongoing health conditions and reported symptoms, as well as treatment plans and care protocols developed by your healthcare providers. We store laboratory and diagnostic test results, radiology and imaging reports, vital signs and biometric data collected during your care. We also maintain detailed medication lists and prescription history, along with important allergy and adverse reaction information to ensure your safety during treatment.

Healthcare Provider Information

We collect healthcare provider information including provider communications and notes, referrals and consultation reports, care team assignments and roles, progress notes and care summaries, and discharge summaries and care transitions to ensure comprehensive and coordinated healthcare delivery.

Financial and Insurance Information

We maintain financial and insurance information including insurance policy numbers and coverage details, billing and payment information, claims processing data, co-payment and deductible information, and financial assistance and payment plans to facilitate healthcare billing and payment processing.

2.2 Technical and Usage Information
Device and Access Information

We collect device and access information including IP addresses and location data, device identifiers and characteristics, browser type and version, operating system information, and screen resolution and device capabilities to ensure platform security and optimize user experience.

Platform Usage Data

We track platform usage data including login times and session duration, page views and navigation patterns, feature usage and preferences, search queries and filters used, and error logs and technical issues to improve platform functionality and user experience.

2.3 Communication Data

We collect communication data including messages between patients and providers, appointment scheduling communications, customer support interactions, survey responses and feedback, marketing communication preferences, and consent forms and authorizations to facilitate effective healthcare communication and service delivery.

3. How We Use Your Information

We use your Protected Health Information for the following primary purposes as permitted by HIPAA:

3.1 Treatment

We use your Protected Health Information primarily to provide, coordinate, and manage your healthcare and related services in a comprehensive and integrated manner. This includes coordinating care between multiple healthcare providers and specialists to ensure seamless treatment delivery, managing comprehensive care plans and treatment protocols tailored to your specific needs, and facilitating secure communication within your entire care team. We provide clinical decision support and evidence-based recommendations to enhance the quality of your care, continuously monitor treatment outcomes and adjust care plans accordingly based on your progress and response to treatment.

Our platform also manages critical safety features such as medication interactions and allergy alerts to prevent adverse events, schedules and coordinates appointments and procedures to streamline your healthcare experience, and provides telehealth and remote monitoring services for convenient access to care. We coordinate care transitions and hospital discharges to ensure continuity of care, and manage chronic disease programs and population health initiatives to support long-term wellness and disease management.

3.2 Payment

We use your information for various billing and payment-related activities essential for healthcare service delivery. This includes processing insurance claims and prior authorizations to ensure coverage for your care, verifying insurance coverage and benefits to help you understand your financial responsibility, and calculating co-payments, deductibles, and out-of-pocket expenses accurately. We collect payment for healthcare services rendered and process refunds and adjustments when necessary to maintain accurate financial records.

Additionally, we manage payment plans and financial assistance programs to make healthcare more accessible, conduct medical necessity reviews to ensure appropriate care delivery, and support appeals and grievance processes when coverage disputes arise. We also handle reporting to insurance companies and government payers as required by regulatory and contractual obligations, ensuring compliance with all applicable healthcare billing regulations.

3.3 Healthcare Operations

We use your information for administrative and operational purposes:

Quality Improvement
  • Quality assurance and improvement programs
  • Clinical effectiveness studies
  • Patient safety initiatives
  • Performance measurement and reporting
  • Accreditation and certification activities
Administrative Functions
  • Care coordination and case management
  • Risk assessment and population health management
  • Compliance monitoring and auditing
  • Training and education of healthcare staff
  • Business planning and development
3.4 Required by Law

We may use and disclose your PHI when required by federal, state, or local law including court orders, subpoenas, and legal proceedings, law enforcement investigations and activities, public health reporting requirements, communicable disease reporting, child abuse and neglect reporting, elder abuse reporting, FDA adverse event reporting, workers' compensation claims, and coroner and medical examiner requirements.

4. Information Sharing and Disclosure

We may share your PHI in the following circumstances, always with appropriate safeguards:

4.1 With Your Written Authorization

We will always seek your written permission before sharing PHI for purposes not covered by this notice including sharing with family members or caregivers you specifically designate, participation in research studies (with your explicit consent), marketing communications about health-related products or services, sale of PHI (only with your authorization and as permitted by law), use of PHI for fundraising purposes beyond what is permitted, sharing with employers (except as required for workers' compensation), and disclosures for purposes not outlined in this notice.

4.2 Without Your Authorization (as permitted by law)
Healthcare and Safety

We may share information without authorization for healthcare and safety purposes including emergency treatment situations where consent cannot be obtained, public health activities and disease prevention, preventing serious threats to health or safety, organ and tissue donation coordination, and medical examiner and funeral director activities.

Legal and Regulatory

We may disclose information for legal and regulatory purposes including legal proceedings and court orders, law enforcement investigations, government oversight activities and audits, national security and intelligence activities, and correctional institutions and law enforcement custody situations.

4.3 Business Associates and Third-Party Providers

We may share your information with third-party service providers who assist us in delivering healthcare services:

Technology Partners
  • Cloud hosting and data storage providers (AWS, Microsoft Azure)
  • Electronic health record vendors
  • Telehealth and communication platforms
  • Analytics and reporting services
  • Cybersecurity and monitoring services
Healthcare Services
  • Laboratory and diagnostic services
  • Pharmacy and medication management
  • Medical transcription services
  • Billing and claims processing services
  • Care coordination and case management

Important: All business associates are required to sign Business Associate Agreements (BAAs) ensuring they protect your PHI in accordance with HIPAA requirements and implement appropriate safeguards.

4.4 Healthcare Information Exchange

We may participate in health information exchanges to improve care coordination:

  • Regional Health Information Organizations (RHIOs)
  • Statewide health information networks
  • National networks for care coordination
  • Interoperability initiatives and data sharing programs
  • Quality reporting and public health networks

5. Your Rights Regarding Your PHI

Under HIPAA and applicable state laws, you have comprehensive rights regarding your health information:

5.1 Right to Access Your Records

You have the right to:

  • Request and receive copies of your health records within 30 days
  • Inspect your PHI in our systems during regular business hours
  • Request electronic copies when technically feasible
  • Direct us to transmit copies to third parties you designate
  • Receive records in the format you request (paper or electronic)
  • Obtain copies of billing and payment records

Process: Submit a written request to our Privacy Officer. We may charge reasonable fees for copying and mailing.

5.2 Right to Amend Your Information

You have the right to:

  • Request corrections to inaccurate or incomplete health information
  • Add statements to your record for clarification
  • Appeal our decision if we deny your amendment request
  • Have approved amendments shared with relevant parties

Process: Submit a written request explaining the desired changes and reasons.

5.3 Right to Request Restrictions

You have the right to:

  • Request limits on how we use or disclose your PHI
  • Restrict disclosures to specific individuals or organizations
  • Limit sharing for treatment, payment, or healthcare operations
  • Request restrictions on information shared with family members

Note: We are not required to agree to all restriction requests, but we will consider each carefully.

5.4 Right to Confidential Communications

You have the right to:

  • Request alternative methods of communication (secure email, phone, mail)
  • Specify preferred contact information and times
  • Request privacy accommodations for sensitive communications
  • Use alternative addresses for confidential communications
  • Limit communications to certain phone numbers or addresses

Process: Submit a written request specifying your preferred communication method.

5.5 Right to an Accounting of Disclosures

You have the right to:

  • Receive a list of disclosures we have made of your PHI
  • Details about when, why, and to whom information was shared
  • Information about recipients of your PHI (excluding routine uses)
  • Accounting for disclosures made in the past 6 years

Note: The first accounting each year is free; additional requests may incur reasonable fees.

5.6 Right to File a Complaint

You have the right to:

  • Contact our Privacy Officer if you believe your privacy rights have been violated
  • File complaints with the U.S. Department of Health and Human Services
  • File complaints with state regulatory authorities
  • Receive no retaliation for filing complaints or exercising your rights
5.7 Right to Notification of Breaches

You have the right to be notified if a breach of your PHI occurs, including:

  • Description of what happened and when it was discovered
  • Types of information involved in the breach
  • Steps we are taking to investigate and address the breach
  • Measures you can take to protect yourself
  • Contact information for follow-up questions

6. Security Safeguards and Data Protection

We implement comprehensive security measures to protect your health information using the "Defense in Depth" approach:

6.1 Technical Safeguards
Encryption and Data Protection
  • AES-256 encryption for data at rest
  • TLS 1.3+ encryption for data in transit
  • End-to-end encryption for sensitive communications
  • Database encryption and tokenization
  • Encrypted backups and archives
Access Controls
  • Multi-factor authentication (MFA) for all users
  • Role-based access controls (RBAC)
  • Single sign-on (SSO) integration
  • Privileged access management
  • Automatic session timeouts
Monitoring and Detection
  • 24/7 security information and event management (SIEM)
  • Intrusion detection and prevention systems
  • Automated threat detection and response
  • Comprehensive audit logging
  • Real-time security monitoring
6.2 Physical Safeguards
Data Center Security
  • SOC 2 Type II certified data centers
  • 24/7 physical security monitoring
  • Biometric access controls
  • Environmental controls and redundancy
  • Fire suppression and disaster protection
Facility Access Controls
  • Controlled facility access with visitor logs
  • Secured workstation environments
  • Clean desk and clear screen policies
  • Secure disposal of PHI-containing materials
  • Equipment tracking and inventory management
Device and Media Controls
  • Encrypted mobile devices and laptops
  • Secure remote access solutions
  • Device management and compliance monitoring
  • Secure media sanitization procedures
  • Hardware destruction certificates
6.3 Administrative Safeguards
Policies and Procedures
  • Comprehensive privacy and security policies
  • Incident response and breach notification procedures
  • Risk assessment and management programs
  • Business continuity and disaster recovery plans
  • Vendor management and oversight programs
Workforce Training and Management
  • Regular HIPAA and privacy training for all staff
  • Security awareness training and phishing simulations
  • Background checks for personnel with PHI access
  • Regular access reviews and permission audits
  • Disciplinary actions for policy violations
Compliance and Oversight
  • Regular security audits and assessments
  • Third-party penetration testing
  • Compliance monitoring and reporting
  • Privacy impact assessments
  • Continuous improvement programs

7. Data Retention and Disposal

We retain your Protected Health Information in accordance with federal and state laws:

7.1 Retention Periods
Medical Records
  • Adult medical records: Minimum 7 years from date of service
  • Pediatric records: Until age of majority plus 7 years
  • Mental health records: 7 years or longer as required by state law
  • Substance abuse records: As required by 42 CFR Part 2
  • Research records: As specified in research protocols
Administrative Records
  • Billing records: 7 years from date of service
  • Insurance claims: 7 years from final payment
  • Audit logs: 6 years from date of creation
  • Consent forms: Duration of treatment plus 7 years
  • Complaints and grievances: 6 years from resolution
7.2 Secure Disposal

When PHI is no longer needed, we ensure secure disposal through:

  • Cryptographic erasure of encrypted data
  • DOD 5220.22-M standard data wiping for magnetic media
  • Physical destruction of hard drives and storage devices
  • Shredding of paper documents containing PHI
  • Certificate of destruction from approved vendors
  • Documentation of all disposal activities

8. Breach Notification and Incident Response

We have comprehensive procedures in place to address potential security incidents and breaches:

8.1 Incident Detection and Response
Immediate Response (0-24 hours)
  • Contain the incident and assess initial scope
  • Activate incident response team
  • Document all aspects of the incident
  • Implement immediate corrective measures
  • Notify law enforcement if criminal activity is suspected
Investigation Phase (1-30 days)
  • Conduct thorough forensic analysis
  • Determine root cause and contributing factors
  • Assess risk to individuals and organization
  • Implement additional safeguards as needed
  • Prepare notification materials and communications
8.2 Notification Requirements
Individual Notification
  • Written notification within 60 days of breach discovery
  • Description of what happened and when it occurred
  • Types of information involved in the breach
  • Steps individuals can take to protect themselves
  • Contact information for questions and assistance
  • What we are doing to investigate and prevent future breaches
Regulatory Reporting
  • HHS Office for Civil Rights: Within 60 days of discovery
  • State attorneys general: As required by state law
  • Media notification: If breach affects 500+ individuals in a jurisdiction
  • FBI and other law enforcement: If criminal activity is involved
8.3 Post-Breach Support

Following a breach, we provide:

  • Dedicated call center for affected individuals
  • Credit monitoring services when appropriate
  • Identity theft protection resources
  • Regular updates on investigation progress
  • Additional security measures and monitoring

9. International Data Transfers and Global Privacy

9.1 Cross-Border Data Transfers

When we transfer your PHI internationally, we ensure adequate protections through:

  • Appropriate safeguards and contractual obligations with international partners
  • Compliance with applicable international privacy laws (GDPR, etc.)
  • Data processing agreements with international service providers
  • Regular monitoring of international data handling practices
  • Implementation of standard contractual clauses where applicable
9.2 Rights for International Users

If you are located outside the United States, you may have additional rights under local privacy laws:

European Union (GDPR)
  • Right to data portability
  • Right to be forgotten (erasure)
  • Right to object to processing
  • Right to automated decision-making information
  • Right to lodge complaints with supervisory authorities
Other Jurisdictions
  • California Consumer Privacy Act (CCPA) rights
  • Canadian Personal Information Protection Act (PIPA)
  • Australian Privacy Act requirements
  • Other applicable local privacy regulations

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use
Essential Cookies
  • Authentication and session management
  • Security and fraud protection
  • Load balancing and performance
  • User preference storage
Analytics Cookies
  • Usage statistics and performance metrics
  • Error tracking and debugging
  • Feature usage analysis
  • Platform optimization data
10.2 Managing Your Cookie Preferences

You can control cookies through:

  • Browser settings to accept, reject, or delete cookies
  • Our cookie preference center within the platform
  • Opt-out tools for specific analytics services
  • Third-party privacy tools and browser extensions

11. Contact Information and Support

For questions about this privacy policy or to exercise your rights, please contact:

Privacy Officer
IndoQubix Health Solutions
Chief Privacy Officer
Email: privacy@indoqubix.com
Phone: 1-800-XXX-XXXX
Fax: 1-800-XXX-XXXX
Address: [Physical Address]
Hours: Monday-Friday, 8 AM - 6 PM EST
File a Complaint with HHS
Office for Civil Rights
U.S. Department of Health and Human Services
Website: www.hhs.gov/ocr/privacy
Phone: 1-800-368-1019
TTY: 1-800-537-7697
Email: OCRComplaint@hhs.gov
Online: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf

12. Changes to This Policy

We may update this privacy policy periodically to reflect:

We may update this privacy policy to reflect changes in applicable laws and regulations, updates to our services and technology, improvements to our security and privacy practices, feedback from patients, providers, and regulatory authorities, and industry best practices and standards.

12.1 Notification of Changes

Material changes will be posted prominently on our platform with email notification to active users 30 days before the effective date. Updated privacy notices will be available at registration, and previous versions will be available upon request for historical reference. A summary of changes will be provided with each update to help you understand what has been modified.

12.2 Effective Date

Changes to this policy become effective on the date specified in the updated notice. We reserve the right to make changes to this notice that will be effective for PHI we already have as well as PHI we create or receive in the future.

13. Acknowledgment and Consent

By using our healthcare platform, you acknowledge that you have read and understand this comprehensive Notice of Privacy Practices, been informed of your rights regarding your Protected Health Information, understand how we may use and disclose your PHI, had the opportunity to ask questions about our privacy practices, and agree to our privacy policies and procedures as outlined in this notice.

Important: You may revoke your consent at any time by contacting our Privacy Officer, except to the extent that we have already taken action based on your consent.

Your Privacy Matters

Protecting your health information is not just a legal requirement—it's fundamental to the trust you place in us. We are committed to maintaining the highest standards of privacy and security while providing you with exceptional healthcare services. If you have any questions or concerns about your privacy, please don't hesitate to contact us.