At Algoricum, Inc. (“Algoricum,” “we,” “our”), protecting patient privacy and securing sensitive data is foundational. Our platform is designed to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), its implementing regulations, and all other applicable privacy laws.

Scope of This Policy

This HIPAA Compliance & Disclaimer applies to all services provided by Algoricum, including our applications, platform, and communications systems (the “Services”).

HIPAA Compliance Commitment

Algoricum acts as a Business Associate to Covered Entities and enters into Business Associate Agreements (BAAs) as required under HIPAA. We are committed to:

• Safeguarding Protected Health Information (PHI) as defined by HIPAA.
• Using PHI only as permitted under BAAs and HIPAA regulations.
• Implementing and maintaining administrative, physical, and technical safeguards.

   

Protected Health Information (PHI)

“PHI” includes any individually identifiable health information transmitted or maintained in any form. Examples include patient names, contact details, appointment inquiries, and clinical notes provided via our Services.

No Medical Advice Disclaimer

Algoricum is a technology platform, not a medical provider. We do not provide medical advice, diagnosis, or treatment.
All clinical decisions are the sole responsibility of licensed healthcare professionals.

Permitted Uses & Disclosures of PHI

Algoricum may use or disclose PHI only:

• As instructed by the Covered Entity under a valid BAA.
• To provide, maintain, and improve the Services.
• To create de-identified data sets for analytics, benchmarking, and product development (in compliance with HIPAA de-identification standards).
• As required by law.

   

We will never sell PHI or use it for marketing purposes without explicit authorization.

Data Safeguards & Security Measures

We apply industry-standard safeguards, including:

• Encryption of PHI in transit and at rest.
• Role-based access controls.
• Secure audit logs and monitoring.
• Regular vulnerability assessments and security reviews.

Subprocessors & Third-Party Vendors

Algoricum may engage trusted subprocessors (e.g., hosting providers, communication platforms) to support delivery of our Services.

• All subprocessors are contractually required to meet HIPAA standards.
• A current list of subprocessors is available at: algoricum.com/subprocessors.

Breach Notification

In the event of a breach of PHI:

• Algoricum will notify affected Covered Entities without unreasonable delay, and no later than 10 business days after discovery, consistent with HIPAA requirements (45 C.F.R. §164.404).

Retention & Data Deletion

• We retain PHI only for as long as necessary to provide Services or as required by law.
• Upon termination of services, PHI will be returned or securely deleted within 60 days unless retention is legally required.

Patient Rights

If PHI is processed through our Services, patients retain their rights under HIPAA and applicable laws, including access, amendment, and accounting of disclosures.

Email, SMS & Electronic Communications

Electronic communications (including email and SMS) may be used to facilitate patient engagement and scheduling.

• These channels are secured, but patients should be aware of the risks of using electronic communication.
• If a message is misdirected or intercepted, Algoricum will follow HIPAA breach protocols.

Children’s Privacy

Our Services are not directed toward children under the age of 13, and we do not knowingly collect information from them.

Updates to This Policy

We may update this HIPAA Compliance & Disclaimer from time to time. Updates will be posted here, and material changes will be communicated to customers.