Back to Home

Privacy Policy

Last updated: October 2025

Our Commitment to Privacy

At IMSAI (Integrity Med Solutions AI), we take the privacy and security of your Protected Health Information (PHI) seriously. This Privacy Policy explains how we collect, use, protect, and handle your data.

PHI Protection & Usage

Zero Training or Self-Use Policy

We never use your PHI for AI model training, self-improvement, or any purpose other than providing our clinical documentation services to you. Your patient data is processed solely to generate clinical summaries, documentation, and insights for your immediate healthcare needs.

Business Associate Agreements (BAA)

We have signed comprehensive Business Associate Agreements with all our cloud infrastructure providers and AI service vendors. These agreements contractually guarantee healthcare data protection and compliance at every stage of processing.

Zero Data Retention with AI Providers

Our contracts with AI providers explicitly prohibit data retention. Your PHI is processed in real-time and immediately discarded by our AI vendors after processing. They cannot and do not store, log, or retain any of your patient data.

Automatic Data Deletion

To minimize data exposure and enhance security, we automatically delete all PHI from our systems 3 days after creation. This automated deletion policy ensures that your data doesn't linger in our systems longer than necessary.

Additionally, you maintain full control and can manually delete any PHI at any time through your dashboard. Deleted data is permanently and irrecoverably removed from all our systems within 24 hours.

Dedicated Secure Infrastructure

Each organization using IMSAI receives a dedicated, isolated server environment. Your data is never commingled with other organizations' data. This architectural approach provides:

  • Physical and logical data isolation
  • Dedicated encryption keys per organization
  • Independent backup and disaster recovery
  • Customizable security policies and access controls

Security Measures

End-to-End Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Role-Based Access Control (RBAC): Granular permissions ensure users only access data they need
Comprehensive Audit Trails: Every access and action is logged for compliance and security monitoring
Multi-Factor Authentication (MFA): Required for all user accounts
Regular Security Audits: Third-party penetration testing and vulnerability assessments

Data We Collect

We only collect data necessary to provide our clinical documentation services:

  • Clinical documents from your EMR system
  • Lab results and radiology reports
  • User account information (name, email, role)
  • System usage logs for security and compliance

Your Rights

Under applicable data protection laws, you have the right to:

  • Access your PHI at any time through your dashboard
  • Request corrections to inaccurate data
  • Delete your PHI manually at any time
  • Export your data in standard formats
  • Receive a detailed accounting of all PHI disclosures
  • Opt out of the service and have all data permanently deleted

Account Cancellation

Upon account cancellation, you can export all your data in standard formats (PDF, CSV, HL7, FHIR). We permanently delete all your data from our systems within 30 days of cancellation, or immediately upon request. Once deleted, data cannot be recovered.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes via email and update the "Last Updated" date at the top of this page.

Contact Us

If you have any questions about this Privacy Policy or our data practices:

Email: support@integritymedsolutions.com