Privacy Policy

1. Introduction

At Asclep Inc. (“Asclep,” “Company,” “we,” “us,” or “our”), we recognize that privacy is a fundamental right. Our mission is to empower healthcare through our innovative product, the Transparent and Insightful Clinical Diagnostic Assistant (TICDA). TICDA assists in clinical diagnostics by processing patient data—including medical notes, images, and audio files—in a secure, accurate, and efficient manner. This Privacy Policy describes how we collect, use, store, process, and share your information while ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) and all other applicable laws.

By accessing or using TICDA or any related services (collectively, the “Services”), you agree to the terms of this Privacy Policy. If you do not agree with this policy, please do not use our Services.

2. Definitions

Personal Data: Any information—recorded electronically or otherwise—that can identify an individual. For TICDA, this includes both general personal information and Protected Health Information (“PHI”).

Protected Health Information (PHI): Individually identifiable health information collected or processed by Asclep Inc. in relation to the provision of clinical diagnostic services, as defined under HIPAA.

User/Data Subject: Any individual whose personal information is collected, including patients, healthcare providers, and other persons interacting with our Services.

Business Associate: A person or entity that performs functions on behalf of Asclep Inc. and requires access to PHI to perform its duties.

3. Items of Personal Information Processed

We process the following categories of personal information:

• Personal and Contact Information: Full name, email address, phone number, and professional details (e.g., job title, organization, role in healthcare).
• Health and Medical Information: Patient medical notes, history, diagnostic images (including DICOM format), audio recordings, and other related medical data required for clinical diagnostics.
• Technical and Usage Data: IP addresses, browser type, operating system, device identifiers, geolocation data, and usage logs (e.g., access times and pages viewed).
• Cookies and Tracking Data: Data collected via cookies, web beacons, and similar technologies used for user experience enhancement, performance analytics, and security purposes.

4. Purpose of Processing Personal Information

We collect and process your personal information exclusively for the following purposes:

• Clinical Diagnostic Services: To deliver accurate diagnostic insights, manage your user account, and support healthcare providers using TICDA.
• Compliance and Legal Obligations: To fulfill our legal responsibilities under HIPAA and other applicable laws, including responding to audits, investigations, and regulatory inquiries.
• Improvement, Research, and Analytics: To enhance our diagnostic algorithms, conduct aggregated and de-identified research, and improve overall healthcare outcomes.

Any additional use or processing of personal data beyond these purposes will require your explicit consent.

5. Period of Processing and Retaining Personal Information

We retain personal information only for as long as necessary to accomplish the purposes for which it was collected or as required by law. For example:

• Clinical Diagnostic and User Account Data: Retained until you request deletion or until our legal obligations mandate retention.
• Technical and Usage Data: Retained for analytical purposes and may later be anonymized or aggregated.
• Cookies and Tracking Data: Retained only as long as needed to support website functionality and user experience.

Once retention is no longer required, personal information will be securely destroyed or de-identified.

6. Sharing and Disclosure of Personal Information

6.1 With Healthcare Providers and Business Associates

Your personal data may be shared with healthcare providers and designated business associates solely to provide our diagnostic services, under strict confidentiality agreements and HIPAA-compliant safeguards.

6.2 Legal and Regulatory Requirements

We may disclose your personal data if required by law, court order, or governmental request. Such disclosures are limited to the minimum necessary to comply with legal obligations.

6.3 International Data Transfers

To provide our Services globally, your personal data may be transferred to and stored in jurisdictions outside your country of residence. All transfers are conducted under applicable data protection laws with appropriate safeguards (e.g., standard contractual clauses).

7. Outsourcing of Personal Information Processing

We may outsource certain processing activities to trusted third-party service providers. When outsourcing, we require that:

• The provider processes your personal data solely for the purposes specified by Asclep Inc.
• Appropriate technical and organizational security measures are implemented.
• No unauthorized re-processing or disclosure is permitted.

Any changes to our outsourcing arrangements will be promptly disclosed in this Privacy Policy.

8. Destruction of Personal Information

We have established procedures for the secure destruction of personal information once it is no longer required:

• Electronic Data: Permanently deleted using irreversible methods.
• Physical Documents: Destroyed through shredding or incineration.

Destruction is performed in accordance with our internal policies and legal obligations.

9. Your Rights and Choices

9.1 Access, Correction, and Deletion

You have the right to access, correct, or request deletion of your personal data, subject to applicable legal limitations.

9.2 Data Portability

You may request your personal data in a structured, commonly used format for transfer to another controller.

9.3 Consent and Withdrawal

You may withdraw your consent to our processing of your personal data at any time. Please note that withdrawing consent may affect your ability to use certain features of TICDA.

9.4 Exercising Your Rights

To exercise any of your rights, please contact our Data Protection Officer using the details provided below.

10. Measures for Ensuring the Safety of Personal Information

We have implemented comprehensive administrative, technical, and physical safeguards to protect your personal data:

• Administrative: Internal management plans, regular employee training, and strict access control policies.
• Technical: Encryption, firewall protection, intrusion detection systems, and periodic security audits.
• Physical: Secure facilities with controlled access to data storage areas.

11. Installation and Operation of Automatic Personal Information Collection Devices

We use cookies and similar technologies to collect information automatically for purposes including enhancing user experience, analyzing usage, and improving our Services. You can modify your browser settings to refuse cookies, though this may limit certain functionalities.

12. HIPAA Notice and Additional Information for PHI

As a company processing Protected Health Information (PHI), we are committed to full HIPAA compliance:

• Safeguards: We implement all required administrative, physical, and technical measures to protect PHI.
• Patient Rights under HIPAA: Patients have rights to access, correct, and request restrictions on the use or disclosure of their PHI.
• Breach Notification: In the event of a PHI breach, affected individuals and authorities will be promptly notified in accordance with HIPAA regulations.

For further details on our HIPAA practices, please contact our Privacy Office.

13. Dispute Resolution and Legal Recourse

Any disputes arising from our handling of your personal data will be resolved in accordance with applicable law. If you believe your privacy rights have been violated, you have the right to lodge a complaint with the relevant regulatory authority.

14. Privacy Officers

For all matters related to the processing of personal information, please contact our Data Protection Officer:

• Email: baeksw98@asclep.org
• Postal Address: 16192 Coastal Highway, Lewes, DE 19958
• Phone: (+1) 302-645-9999

15. Additional Provisions for California Residents

This section supplements the above information for users residing in California in compliance with the California Consumer Privacy Act (CCPA):

• Right to Access: You may request disclosure of the personal information we collected about you over the past 12 months.
• Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Opt-Out: We do not sell personal information. If this changes, you will have the right to opt-out.
• Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA.

16. Additional Provisions for Residents of the European Economic Area (EEA)

This section is provided for users residing in the EEA in accordance with the General Data Protection Regulation (GDPR):

• Right to Access: You have the right to request access to the personal data we hold about you.
• Right to Rectification: You have the right to have any inaccurate personal data corrected.
• Right to Erasure: You may request deletion of your personal data, subject to legal limitations.
• Right to Restrict Processing: You may request that we limit the processing of your personal data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format.
• Right to Object: Under certain circumstances, you may object to the processing of your personal data.
• Right to Withdraw Consent: If processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to the withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant supervisory authority if you believe your rights under the GDPR have been violated.

17. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to reflect changes in our practices, legal obligations, or as required by applicable regulations. We will notify you of any material changes by updating the “Last Updated” date on this document and, where appropriate, through direct communication.