Privacy Policy
QAPIShield™ Privacy Policy
Last Updated: December 10, 2025
1. Introduction
QAPIShield™ ("we," "our," or "us") respects the privacy of its users and is committed to supporting HIPAA-compliant deployments for healthcare organizations. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI-powered risk prediction and prevention platform.
By accessing or using QAPIShield, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.
2. Information We Collect
QAPIShield collects and processes the following categories of information:
De-Identified Clinical Inputs
- Age range (not exact date of birth)
- Clinical risk factors (mobility status, wound status, fall history)
- Medical conditions and diagnoses (categories only)
- Vital sign ranges and lab trend indicators
- Medication categories (not specific prescriptions)
Facility-Level Data
- Aggregated risk metrics and compliance scores
- Dashboard analytics and trend data
- QAPI performance indicators
User Account Information
- Email address
- User role and permissions
- Facility association
Information We Do NOT Collect
QAPIShield does not require or collect Protected Health Information (PHI) including: patient names, dates of birth, Social Security numbers, medical record numbers (MRNs), addresses, phone numbers, or any other personally identifiable health information.
3. How We Use Information
We use the information we collect for the following purposes:
Risk Score Generation
Calculate predictive risk scores for falls, pressure ulcers, infections, and readmissions
Care Plan Creation
Generate evidence-based interventions and survey-ready care plans
QAPI Dashboards
Provide real-time dashboards, reports, and compliance tracking
Product Improvement
Analyze usage patterns to improve platform performance and features
Secure Storage
Maintain secure data storage with comprehensive audit logging
Service Delivery
Operate, maintain, and provide our services to your facility
4. HIPAA & PHI Handling
Our HIPAA Commitment
QAPIShield is designed to support HIPAA-compliant deployments. We maintain administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of all information processed through our platform.
No PHI Processing by Default
QAPIShield does not process Protected Health Information (PHI) unless deployed in a HIPAA-covered environment with a signed Business Associate Agreement (BAA).
PHI Remains Within Facility Systems
All PHI remains secured within the facility's own systems. QAPIShield only processes de-identified clinical indicators that cannot be used to identify individual patients.
End-to-End Encryption
All data transmitted to and from QAPIShield is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256 encryption standards.
Business Associate Agreement
A BAA is available for enterprise and multi-facility deployments where PHI handling may be required. Contact our compliance team to request a BAA.
5. Third-Party Services
QAPIShield may utilize the following categories of third-party service providers:
Cloud Infrastructure Providers
We use HIPAA-eligible cloud service providers that maintain appropriate certifications and can execute Business Associate Agreements. Our infrastructure providers implement enterprise-grade security controls.
Important Notice on AI Models
QAPIShield never sends PHI or identifiable patient data to public AI models. Our risk prediction algorithms operate on de-identified clinical indicators only, and any AI processing occurs within our secure, HIPAA-supporting infrastructure.
6. Data Security
We implement comprehensive security measures to protect your information:
Encryption
AES-256 encryption at rest
TLS 1.2+ encryption in transit
Access Controls
Role-based permissions
Multi-factor authentication
Audit Logging
Comprehensive activity logs
Tamper-evident records
Additional security measures include: network firewalls and segmentation, intrusion detection systems, regular security assessments and penetration testing, employee security training, and incident response procedures.
7. User Rights
You have the following rights regarding your information:
Right to Access
Request a copy of the personal information we hold about you.
Right to Correction
Request correction of inaccurate or incomplete information.
Right to Deletion
Request deletion of your personal information, subject to legal retention requirements.
Right to Restriction
Request restriction of processing in certain circumstances.
To exercise any of these rights, please contact our privacy team using the contact information provided below. We will respond to your request within 30 days.
8. Changes to This Policy
QAPIShield may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will:
- Update the "Last Updated" date at the top of this policy
- Notify registered users via email of significant changes
- Post a notice on our platform for 30 days following any material changes
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
9. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our privacy practices, please contact our Privacy Team:
Privacy Team Contact
Response Time
We aim to respond to all privacy inquiries within 48 hours during business days. For urgent matters, please call our support line.