Privacy Policy
Effective Date: March 14, 2025
Last Updated: March 14, 2025
Captura Health is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and share your information while ensuring compliance with HIPAA and industry security standards.
By using Captura Health, you consent to the data practices described below.
1. Information We Collect
We collect and process two main types of information:
A. Personal Information (PI)
- Name, email, phone number, and account details
- Professional credentials (e.g., NPI number, hospital affiliation)
- Payment and billing information (for subscriptions, if applicable)
B. Protected Health Information (PHI)
- De-identified patient records for documentation analysis
- Physician-generated notes and chart insights
- Critical care documentation and charge capture data
- We do not store full patient charts to minimize risk
2. How We Use Your Information
We use your data to:
- Improve documentation integrity and charge capture
- Provide AI-powered recommendations for clinical documentation
- Enable secure access to the platform using 2FA and OAuth2 authentication
- Generate reports for providers and hospital administrators
- Ensure compliance with HIPAA and other regulatory standards
We do not sell or share your data for marketing purposes.
3. How We Share Your Information
We only share your data in the following cases:
- With Your Consent: When you approve documentation recommendations
- With Your Healthcare Organization: If your employer provides access, they may receive usage analytics
- With EHR Providers: To facilitate write-back functionality via secure APIs (e.g., Epic FHIR)
- For Legal Compliance: If required by law, court orders, or regulatory agencies
We never sell, rent, or disclose your data for advertising purposes.
4. Data Security & HIPAA Compliance
We implement strong security measures, including:
- Encryption: End-to-end encryption (E2E) for data transmission and storage
- Access Controls: Two-factor authentication (2FA) for all logins
- Audit Logs: Continuous tracking of platform activity
- Minimal Data Storage: Only essential information is retained
- Business Associate Agreements (BAAs): All third-party vendors must comply with HIPAA
5. Your Rights & Choices
You have the right to:
- Access Your Data: Request a copy of your stored information
- Correct Your Information: Update or fix inaccuracies in your account
- Request Data Deletion: Ask us to remove your personal data (except where legally required)
- Restrict Data Processing: Opt out of non-essential data use
To exercise these rights, contact [Insert Support Email].
6. Data Retention Policy
We retain data as follows:
- Account Information: Stored as long as your account is active
- Clinical Data: Retained for operational purposes but not indefinitely
- Audit Logs: Kept for compliance, then periodically purged
We follow the “minimum necessary” principle to reduce exposure risks.
7. Cookies & Tracking Technologies
We may use cookies to:
- Improve website functionality
- Analyze user engagement and platform performance
Users can manage cookie settings in their browser. We do not use cookies for third-party advertising.
8. Third-Party Services & Integrations
Captura Health integrates with EHR systems (e.g., Epic), AI models, and cloud services.
- All third-party services are security-vetted and sign BAAs with us
- These services only access necessary data to support platform functionality
9. Changes to This Privacy Policy
We may update this Privacy Policy periodically.
- Significant changes will be communicated via email or platform notifications
- Continued use of the platform after updates indicates acceptance of the revised policy
10. Contact Us
For questions or concerns, reach out to:
Email: info@capturahealth.com