Privacy Policy

Your privacy and data security are fundamental to our mission of transforming healthcare documentation.

Last updated: November 17, 2024

Introduction

SigXA ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our AI-powered medical scribe platform and related services.

HIPAA Compliance

As a healthcare technology provider, SigXA operates under the Health Insurance Portability and Accountability Act (HIPAA) and serves as a Business Associate to covered entities. We maintain comprehensive Business Associate Agreements (BAAs) with our healthcare provider customers and implement administrative, physical, and technical safeguards required by HIPAA.

  • We are fully HIPAA compliant and undergo regular compliance audits
  • All PHI is encrypted in transit and at rest using AES-256 encryption
  • We maintain detailed audit logs of all PHI access and modifications
  • Our platform includes role-based access controls and user authentication

Information We Collect

Personal Information

We may collect the following types of personal information:

  • Account Information: Name, email address, phone number, medical license information, and practice details
  • Usage Data: Information about how you interact with our platform, including session duration, features used, and system preferences
  • Technical Data: IP addresses, device information, browser type, and operating system information
  • Communication Data: Records of customer support interactions and feedback

Protected Health Information (PHI)

Through our AI medical scribe services, we may process PHI including:

  • Patient encounter recordings and transcriptions
  • Clinical documentation and medical notes
  • Patient identification information as necessary for documentation purposes
  • Medical history and treatment information contained in clinical notes

Zero Audio Retention Policy

SigXA maintains a strict zero audio retention policy. Audio recordings of patient encounters are:

  • Processed in real-time for transcription and documentation
  • Immediately deleted after processing is complete
  • Never stored on our servers or in our databases
  • Not used for training AI models or any other purposes beyond immediate transcription

This policy ensures maximum privacy protection and eliminates the risk of audio data breaches.

How We Use Information

Personal Information

  • Provide and maintain our AI medical scribe services
  • Process account registration and authentication
  • Communicate with users about service updates and support
  • Improve our platform functionality and user experience
  • Ensure security and prevent fraudulent activities
  • Comply with legal obligations and regulatory requirements

Protected Health Information

  • Generate clinical documentation and medical notes
  • Provide transcription services for patient encounters
  • Support healthcare delivery and patient care coordination
  • Maintain documentation for healthcare providers' medical records

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information or PHI to third parties except as described below:

Healthcare Providers

PHI is shared only with the healthcare provider organization that created it and their authorized personnel with legitimate access needs.

Service Providers

We may share information with trusted service providers who assist in operating our platform, subject to strict confidentiality agreements and HIPAA Business Associate Agreements where applicable.

Legal Requirements

We may disclose information when required by law, court order, or government regulation, or to protect our rights, property, or safety.

Data Security Measures

SigXA implements enterprise-grade security measures to protect your information:

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Access Controls: Multi-factor authentication and role-based access permissions
  • Network Security: Firewalls, intrusion detection, and continuous monitoring
  • Infrastructure: SOC 2 Type II compliant cloud infrastructure
  • Regular Audits: Third-party security assessments and penetration testing
  • Employee Training: Regular HIPAA and security awareness training

Data Retention

  • Audio Data: Deleted immediately after transcription (zero retention)
  • Clinical Documentation: Retained according to your organization's records retention policy
  • Account Data: Retained for the duration of your subscription plus 7 years for compliance purposes
  • Usage Analytics: De-identified usage data may be retained for platform improvement purposes

Your Rights

Under HIPAA and applicable privacy laws, you have the right to:

  • Access your personal information and PHI
  • Request corrections to inaccurate information
  • Request deletion of personal information (subject to legal retention requirements)
  • Receive an accounting of PHI disclosures
  • File complaints with us or regulatory authorities
  • Receive a copy of this privacy policy

Cookies and Tracking

Our website uses essential cookies for functionality and security. We may also use analytics cookies to improve our services. You can control cookie settings through your browser preferences.

Third-Party Integrations

SigXA integrates with various Electronic Health Record (EHR) systems and healthcare platforms. These integrations are governed by separate agreements and are designed to maintain the privacy and security of your information.

International Data Transfers

Your information is processed and stored within the United States. We do not transfer PHI outside the US. Any international transfers of personal information are conducted with appropriate safeguards.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify users of material changes through our platform or by email.

Contact Information

For questions about this Privacy Policy or our privacy practices, please contact us:

SigXA Privacy Office

Email: privacy@sigxa.com

Phone: 1 (825) 436-9647

Regulatory Compliance

SigXA maintains compliance with:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health (HITECH) Act
  • State healthcare privacy regulations
  • SOC 2 Type II standards
  • ISO 27001 information security management standards

Healthcare Provider Note

As a healthcare provider using SigXA, you remain the covered entity responsible for PHI under HIPAA. SigXA serves as your Business Associate and is committed to supporting your compliance obligations through our secure, HIPAA-compliant platform.