AuraClinical
Book Now
Legal Documents

Privacy Policy & HIPAA Notice of Privacy Practices

Last Updated: June 29, 2026

Last updated: see the "Last updated" date shown on this page.

1. Who We Are

AuraClinical is a "Covered Entity" under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). We are legally required to protect the privacy and security of your Protected Health Information ("PHI") and to provide you with this notice of our legal duties and privacy practices.

2. Information We Collect

  • Identifiers (PII): name, date of birth, contact details, and identifiers you provide.
  • Protected Health Information (PHI): medical history, symptoms, clinical encounter notes, vital-sign logs, prescriptions, lab orders, and referral authorizations.
  • Remote monitoring data: readings transmitted by connected devices you enroll, normalized into standard clinical codes (LOINC/UCUM) and stored with your chart.
  • Payment information: Stripe tokens and transaction records. We do not store raw card numbers.
  • Technical & security data: IP address, device/browser metadata, and audit records used to secure your account and detect misuse.

3. How We Use & Disclose Your Information

We use and disclose PHI for Treatment, Payment, and Healthcare Operations ("TPO"):

  • Treatment — coordinating care with your clinical team, referring providers, and specialists.
  • Payment — submitting claims to insurers, Medicare, or Medicaid, and processing payments via Stripe.
  • Healthcare Operations — quality review, compliance auditing, security monitoring, and practice administration.

We may also disclose PHI when required by law or for public-health and safety purposes as permitted by HIPAA. We do not sell your PHI, and we do not use it for marketing without your written authorization.

4. Remote Patient Monitoring Data

Device data is collected only after you provide a separate RPM authorization and only while a device is active. You may pause or revoke any device at any time, which stops collection. Device readings are added to your chart for clinical review and are not monitored in real time.

5. Communications

With your consent, we send appointment reminders, clinical notifications, billing notices, and security alerts by email, SMS, and web push. Each notification dispatch is recorded for delivery/audit purposes using non-identifying metadata only (recipient id, channel, and outcome — never message contents).

6. How We Protect Your Information

We apply administrative, physical, and technical safeguards, including:

  • Encryption in transit using modern TLS.
  • Encryption at rest using AES-256.
  • Envelope encryption of clinical notes — each patient has a unique Data Encryption Key (DEK) wrapped by an organization-level Key Encryption Key (KEK) with AES-256-GCM.
  • Immutable audit trails recording who accessed what PHI and when, with append-only, tamper-resistant logs.
  • Access controls including role-based permissions, automatic session timeout, and multi-factor authentication.
  • Malware scanning of all uploaded files before they are made available.

7. Third-Party Service Providers

We share the minimum necessary information with vetted processors that support the Services — for example, payment processing (Stripe), transactional messaging (email/SMS/push providers), cloud storage and delivery (encrypted object storage), and downstream clinical/EHR and claims systems. Where these processors handle PHI, they are bound by Business Associate Agreements (BAAs) and applicable contractual safeguards.

8. Data Retention

We retain medical records and required HIPAA documentation for the period mandated by law (generally at least six years), after which records are securely destroyed or de-identified. Non-clinical records (e.g., contact inquiries, expired sessions) are retained only as long as needed.

9. Your HIPAA Rights

  • Access & copy / export. Inspect and obtain a copy of your records, including a machine-readable export of your data, from the patient portal.
  • Amend. Request correction of inaccurate or incomplete information.
  • Restrict. Request limits on certain uses or disclosures.
  • Accounting of disclosures. Request a list of certain disclosures of your PHI.
  • Confidential communications. Request that we contact you a certain way or at a certain location.
  • Revoke consent. Withdraw optional authorizations (such as remote monitoring) at any time.
  • Complain. File a complaint with us or with the U.S. Department of Health & Human Services, Office for Civil Rights (OCR), without retaliation.

10. Cookies & Tracking

We use only the cookies and local storage necessary to operate the Services securely (e.g., authentication and session protection). We do not use third-party advertising trackers on authenticated, PHI-bearing areas.

11. Children's Privacy

The portal is intended for use by adults or by a parent/guardian on behalf of a minor patient. We do not knowingly collect information from children except as part of authorized pediatric care.

12. Changes to This Notice

We may revise this notice. Material changes are posted with a new "Last updated" date, and you may be prompted to review and re-acknowledge. The current version always governs.

13. Contact Our Privacy Officer

For privacy questions, HIPAA requests, or to exercise your rights: HIPAA Privacy Officer, support@auraclinical.johnowolabiidogun.dev · +1 (904) 555-0199 · 4320 Deerwood Lake Pkwy, Suite 115, Jacksonville, FL 32216.

If you have any questions or require clarification regarding these terms, please contact our support team.

AuraClinical
AuraClinical

Providing Mobile Home Visits across Jacksonville and Duval County, alongside Telehealth Services across the entire state of Florida.

Manouchka Doreus, MSN, APRN, FNP-C Family Medicine
Florida Licensed APRN Florida Licensed APRN — Autonomous Practice License: APRN9433431 National Provider Identifier (NPI): 9876543210
DEA Registered (EPCS Authorized) DEA Registered — Authorized for EPCS
Quick Links
Pricing Reviews FAQ Pay
© 2026 AuraClinical. All rights reserved.
Terms of Service · Privacy Policy · Florida Licensed APRN DEA Registered (EPCS Authorized) HIPAA

Preview environment — AuraClinical is being tested and is not yet ready for launch. Do not enter real patient information.