NobelMind HIPAA Notice of Privacy Practices

This notice describes how your medical information may be used, disclosed, and protected, and how you can access this information. Please read it carefully.

1. Your Protected Health Information (PHI)

Protected Health Information (PHI) includes any data that identifies you and relates to:

• Your medical records, diagnoses, and treatments.

• Clinical notes, imaging reports, and lab results.

• Payment and insurance details.

2. Your Health Information Rights

Under HIPAA, you have the right to:

• Access: Request and receive a copy of your health records.

• Correct: Request corrections to inaccurate or incomplete PHI.

• Restrict: Request limitations on how your PHI is shared.

• Confidential Communication: Receive PHI through specific methods (e.g., alternate addresses or emails).

• Breach Notification: Be notified within 24 hours of any breach involving your PHI.

• Request Disclosures: Know how your PHI has been shared, subject to legal limitations.

To exercise these rights, contact us at support@nobelmind.com.

3. Our Responsibilities

We are committed to:

• Protecting the privacy and security of your PHI.

• Using or sharing your PHI only as described in this notice.

• Notifying you promptly in case of a breach involving your PHI.

• Obtaining your written consent before sharing PHI for purposes other than treatment, payment, or operations.

4. How We Use and Share Your PHI

We may use and disclose your PHI for the following purposes without requiring additional authorization:

a. Treatment

• To assist your healthcare team in providing care.

• Example: Our AI tools may summarize clinical notes or retrieve relevant medical information to support decision-making.

b. Payment

• To process insurance claims and manage billing.

• Example: Sharing PHI with insurers to confirm coverage for treatments.

c. Healthcare Operations

• To improve workflows, analyze performance, and deliver insights.

• Example: Using AI to analyze clinical documentation or generate operational dashboards.

d. Legal and Regulatory Requirements

We may disclose PHI as required by law, such as for:

• Public health reporting.

• Compliance with court orders or subpoenas.

• Regulatory audits.

e. De-Identified Data for Improvements

We may analyze de-identified PHI (data stripped of identifiers) to improve platform performance.

5. AI Tools and PHI Usage

Our AI-powered tools are designed to support clinical workflows and decision-making:

• Processing Only: PHI is processed to generate actionable insights but is never stored or retained beyond immediate use.

• No AI Training: Your PHI is not used to train or improve our AI models.

• Data Security: All AI operations occur within a secure, HIPAA-compliant environment.

AI tools assist your healthcare team but do not replace clinical judgment.

6. Data Security Measures

We use robust safeguards to protect your PHI:

• Encryption: All PHI is encrypted at rest and in transit using industry-standard protocols.

• Access Controls: Access to PHI is strictly limited to authorized personnel through multi-factor authentication (MFA).

• Regular Audits: We conduct frequent security audits and risk assessments to ensure HIPAA compliance.

• Incident Response: In the event of a security incident, we will:

  • Notify you within 24 hours of breach confirmation.

  • Report the incident to the Department of Health and Human Services as required.

  • Take corrective actions to prevent future breaches.

7. Your Authorization and Consent

We will obtain your written authorization before using or sharing your PHI for purposes outside of:

• Treatment

• Payment processing

• Healthcare operations

You may revoke your consent at any time by contacting support@nobelmind.com.

8. Patient Note Retention and Deletion

• Patient notes are retained for 30 days by default.

• You can request immediate deletion or adjust the retention period as needed.

To make a request, contact us at support@nobelmind.com.

9. Breach Notification

If there is a breach involving your PHI:

• You will be notified within 24 hours of our confirmation of the breach.

• We will investigate, contain, and address the issue promptly.

• Affected regulatory bodies, such as the Department of Health and Human Services, will be notified in compliance with HIPAA.

10. Changes to This Notice

We reserve the right to update this Notice of Privacy Practices as needed. Any changes will be posted on our website, and you will be notified of significant updates.

11. Contact Information

If you have questions, concerns, or requests about your PHI or this Notice, contact us:

NobelMind Privacy Office
Email: support@nobelmind.com
Website: www.nobelmind.com

Summary of Your Rights and Our Practices:

1. Your PHI: You can access, correct, and restrict your data.

2. AI Tools: PHI is used securely for decision support but never stored or used for AI training.

3. Security: We encrypt and protect your data with HIPAA-compliant measures.

4. Breach Notifications: You will be informed of breaches within 24 hours.