Home/Privacy Policy

Privacy Policy

How we protect and handle your healthcare data

1. Introduction

LumenMedicIQ is committed to protecting the privacy and security of patient health information (PHI) and organizational data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with HIPAA, state privacy laws, and international data protection regulations.

2. What Information We Collect

We collect the following types of information:

  • Patient Health Information: Medical records, clinical notes, diagnoses, medications, and treatment history
  • Organizational Data: Practice information, billing records, and administrative data
  • User Account Information: Names, email addresses, titles, and contact information
  • System Usage Data: Login activity, timestamps, and platform usage analytics
  • Integration Data: Data received from connected EHR systems and healthcare networks via FHIR R4 APIs

3. How We Use Your Information

We use collected information for:

  • Providing healthcare management and clinical support services
  • Processing claims and managing revenue cycles
  • Generating medical reports and analytics
  • Improving platform functionality and security
  • Complying with legal and regulatory requirements
  • Communicating service updates and important notifications

4. Sharing of Information

LumenMedicIQ does not sell patient health information. We may share information only in the following circumstances:

  • Healthcare Operations: With authorized healthcare providers and staff involved in patient care
  • Business Associates: With vendors who assist in delivering our services under business associate agreements
  • Legal Requirements: When required by law, court order, or regulatory agencies
  • Authorized Exchanges: With other healthcare entities when permitted by patients and in compliance with HIPAA and state laws

5. Data Security and Encryption

Your data is protected by industry-leading security measures:

  • AES-256 encryption for data in transit and at rest
  • Multi-factor authentication for account access
  • Role-based access controls and audit logging
  • Regular security assessments and penetration testing
  • Secure data backup and disaster recovery procedures
  • SOC 2 Type II compliance

6. Patient Rights

Under HIPAA and state privacy laws, patients have the right to:

  • Access their health information
  • Request corrections to their records
  • Request restrictions on use and disclosure
  • Receive an accounting of disclosures
  • Request confidential communications
  • Request a copy of their data in portable electronic format

7. Data Retention

We retain patient health information for as long as required by healthcare regulations and your organization's retention policies, typically 6-10 years after the last patient encounter. When data is no longer needed, it is securely destroyed or de-identified according to HIPAA standards.

8. International Data Transfers

Our servers are located in the United States. If you access our platform from outside the US, you consent to the transfer of your information to the United States in compliance with applicable data protection laws.

9. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of external sites. Please review their privacy policies before sharing any information.

10. Children's Privacy

LumenMedicIQ is not intended for use by individuals under 18 years old. We do not knowingly collect personal information from children. If we become aware of such collection, we will promptly delete the information.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy and updating the "Last Updated" date.

12. Contact Us

For privacy-related questions or to exercise your data rights, contact:

LumenMedicIQ Privacy Officer
Email: [email protected]
Phone: 1-800-LUMENMEDICIQ
Address: [Your Address]

13. Complaint Rights

You have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated. You can also file complaints with applicable state privacy authorities.

Last Updated: January 2026