Privacy Policy
Information We Collect
PatientTrac Surgery collects clinical documentation data entered by authorized healthcare providers, including surgical notes, assessments, medication records, and encounter-level clinical data. Patient identifiers are stored only within your organization's Supabase database instance and are never transmitted to third-party AI services.
How We Use Information
Clinical data is used solely to provide surgical documentation, workflow, and clinical decision support services to your organization. AI-assisted features process de-identified, encounter-level data only — patient names, dates of birth, MRNs, and other direct identifiers are stripped before any AI processing occurs.
Data Storage and Security
Data is stored in your organization's dedicated Supabase PostgreSQL instance with row-level security enabled. All data in transit is encrypted via TLS 1.2+. Access requires authenticated JWT tokens validated against your organization's identity provider.
Third-Party Services
PatientTrac Surgery uses Anthropic's Claude API for clinical decision support. AI calls are processed server-side through Netlify Functions; no PHI is transmitted directly from the browser to Anthropic. A Business Associate Agreement (BAA) with Anthropic is required before AI features may be used in clinical settings.
Data Retention
Clinical records are retained in accordance with your organization's retention policies and applicable state law. Typically, surgical records are retained for a minimum of 10 years per state medical board requirements.
Your Rights
Patients have rights regarding their protected health information under HIPAA, including rights of access, amendment, and accounting of disclosures. Contact your organization's Privacy Officer to exercise these rights.
Contact
For privacy-related inquiries, contact your organization's Privacy Officer or submit a request through your facility's standard HIPAA complaint process.