Curatios maintains safeguards to protect the confidentiality, integrity, and availability of Protected Health Information (PHI) in accordance with HIPAA, HITECH, and applicable state regulations. This notice explains how we collect, use, and disclose PHI when you access our services.

Cookies and Similar Technologies

• We use strictly necessary cookies to operate and secure this application. These cookies are required for authentication, security, and core functionality.
• We do not use cookies for advertising, marketing, or cross-site tracking.
• Cookies used by this application do not store protected health information (PHI).

Information We Collect

• Patient demographics, clinical notes, diagnostic images, and care plans submitted by covered entities.
• Audit metadata such as device identifiers, IP addresses, and event timestamps for security monitoring.
• Support artifacts you or your care team voluntarily provide.

How We Use PHI

• Deliver treatment coordination services on behalf of your provider.
• Operate, maintain, and improve the Curatios platform while applying the HIPAA minimum necessary rule.
• Detect, investigate, and respond to suspected security incidents or compliance violations.

Disclosures

We disclose PHI only to authorized covered entities, business associates under Binding Agreements, or when required by law. We do not sell PHI or permit third-party marketing without explicit authorization.

Your Rights

• Request access to or copies of your PHI in the designated record set.
• Request amendments to inaccurate or incomplete information.
• Receive an accounting of disclosures made outside treatment, payment, and operations.
• File a complaint with Curatios Privacy Office or the U.S. Department of Health and Human Services.

Security

We employ encryption in transit and at rest, role-based access controls, continuous logging, and incident response protocols to prevent unauthorized access or disclosure of PHI.

Contact

Email privacy@curatios.com to exercise your HIPAA rights or ask questions about this notice.

These Terms govern your access to Curatios services delivered as a HIPAA-compliant business associate platform. By using the application, you agree to follow these requirements on behalf of your organization and the patients you serve.

Authorized Users

• Only workforce members who completed HIPAA privacy and security training may access PHI.
• Accounts are individual; sharing credentials or leaving sessions unattended is prohibited.

Acceptable Use

• Use the platform solely for treatment, payment, or healthcare operations approved under your Business Associate Agreement.
• Upload only accurate, timely information and refrain from introducing malicious code.
• Notify Curatios within one business day of any suspected security incident or unauthorized disclosure.

Data Ownership and Retention

Covered entities retain ownership of all PHI. Curatios stores PHI for the duration of the service agreement and purges data in accordance with contractual retention schedules and NIST media sanitization standards.

Service Commitments

• Curatios maintains technical and administrative safeguards that meet or exceed HIPAA Security Rule requirements.
• Scheduled maintenance windows will be communicated in advance except for emergency fixes addressing security events.

Limitation of Liability

Except as prohibited by law, Curatios is not liable for indirect or consequential damages arising from misuse of the platform. Remedies are limited to direct damages up to the fees paid in the preceding twelve months.

Contact

For contractual questions or incident reporting, email legal@curatios.com.