Privacy Policy

CareBoarding Technology Platform Privacy Policy

Last Updated: 8th May 2025

Our Commitment to Privacy

CareBoarding Technology Platform ("CareBoarding") is committed to protecting the privacy and security of all information entrusted to us. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you:

  • Use our healthcare technology platform, including related mobile applications and online services
  • Interact with us as a business partner or service provider
  • Visit our website or contact us as a prospective customer

We may update this Privacy Policy from time to time. While we will provide reasonable notice when possible, we reserve the right to make changes without prior notice when necessary (e.g., to comply with legal requirements). For our customers, we will communicate changes through our platform and established communication channels.

For any privacy questions or concerns, please contact us at: privacy@careboarding.com

Customer Data Privacy

Overview

This section describes how we handle Customer Data - the information we collect, receive, use, store, share, and process on behalf of our customers as part of our services.

CareBoarding processes Customer Data under the direction and control of our customers. We do not own or control the personal information we process on their behalf. We maintain no direct relationships with individuals whose personal information is stored in our platform.

Our customers are responsible for complying with all applicable regulations and laws regarding notice, disclosure, and consent prior to transferring personal data to CareBoarding.

Protection of Personal Health Information

CareBoarding provides electronic health record solutions to healthcare providers who are subject to laws governing Protected Health Information (PHI). In Canada, provincial laws govern PHI handling. In the United States, HIPAA, HITECH, and related regulations govern PHI.

Healthcare providers using our platform are considered Covered Entities under HIPAA, and CareBoarding, as their service provider, is considered a Business Associate. We execute Business Associate Agreements (BAAs) with our US customers as required by HIPAA.

CareBoarding applies rigorous standards for safeguarding the confidentiality, integrity, and accessibility of PHI in all jurisdictions.

Security Measures

CareBoarding implements comprehensive security measures to protect all data, including:

  • Physical, administrative, and technical safeguards
  • SSL encryption for data transmission
  • Secure server environments with advanced firewalls
  • Unique username and password requirements
  • Regular security training for all staff
  • Confidentiality agreements with all employees and contractors

While these safeguards are designed to prevent unauthorized access and ensure appropriate use of personal information, no system can guarantee absolute security. In the event of a security threat or vulnerability, we will attempt to contact affected customers with recommended protective measures.

Our Compliance Journey

CareBoarding is actively working toward full HIPAA compliance for our US operations. Our comprehensive compliance program includes:

  • Implementation of all required administrative, physical, and technical safeguards
  • Staff training on HIPAA requirements and best practices
  • Regular risk assessments and vulnerability testing
  • Development of policies and procedures that meet or exceed HIPAA standards
  • Engagement with external HIPAA compliance experts to validate our approach

SOC 2 Compliance Initiative

In addition to our HIPAA compliance efforts, CareBoarding is actively pursuing SOC 2 Type II certification to demonstrate our commitment to security, availability, processing integrity, confidentiality, and privacy. Our SOC 2 compliance program includes:

  • Implementing robust security controls across our organization
  • Establishing comprehensive monitoring and auditing processes
  • Developing formal risk management procedures
  • Creating detailed documentation of all security policies and practices
  • Engaging with a reputable third-party auditor to assess our controls

CareBoarding applies rigorous standards for safeguarding the confidentiality, integrity, and accessibility of PHI in all jurisdictions, regardless of our current certification status.

Security Incident Response

All incidents involving suspected or actual unauthorized handling of personal information are directed to CareBoarding's Legal and Compliance team, which determines appropriate response procedures based on the severity and nature of the incident.

Incidents involving unauthorized handling of PHI will be managed according to relevant legislation and any applicable BAA. If CareBoarding determines that personal information has been misappropriated or wrongly acquired, we will promptly notify all affected customers.

Data Retention and Deletion

CareBoarding retains personal information:

  • As necessary for the purposes outlined in this policy
  • As required to manage and administer our services
  • As required to fulfill legal obligations
  • To resolve disputes
  • As expressly communicated at the time of collection

When customer accounts are terminated and all applicable retention periods have expired, we will securely delete or destroy personal information. If immediate deletion is not feasible, we will continue protecting such information with appropriate safeguards.

Collection and Permitted Uses

CareBoarding may collect the following types of personal information through our platform:

  • Patient demographic information
  • Patient medical history
  • Remote patient monitoring data
  • Healthcare intervention reports
  • Time and attendance data (including geolocation)
  • System information for troubleshooting purposes

CareBoarding uses personal information only for:

  • Optimizing and providing our services
  • Platform updates and improvements
  • Support and maintenance
  • Aggregated statistical analysis
  • Evaluating and improving our features and functionality

Our Commitment: No Selling of Data

UNDER NO CIRCUMSTANCES WILL CAREBOARDING SELL OR RENT PERSONAL INFORMATION TO THIRD PARTIES.

Information Sharing

CareBoarding will only share personal information with:

  • Service providers that facilitate our services (with appropriate data protection measures)
  • Law enforcement or government agencies when legally required
  • Persons you explicitly authorize through your use of our platform

We may share aggregated, non-personal statistical information with third parties.

Data Residency

Unless otherwise specified, CareBoarding hosts each customer's production database in the customer's country of residence. We may provide certain support services from our branch office in Nepal & India, and in such cases, we may access customer data for purposes such as:

  • Responding to support requests
  • Fixing software issues
  • Performing necessary back-end operations
  • Testing disaster recovery procedures

Website Privacy Practices

In addition to the above, we may use personal information collected through our website to:

  • Improve your browsing experience
  • Send you relevant communications and marketing materials (subject to your preferences)
  • Provide information about our services
  • Respond to your inquiries
  • Meet legal requirements

You may opt out of promotional communications at any time by following the unsubscribe instructions in each communication or by contacting us directly.

Definitions

  • Personal Information: Information that identifies an individual, including contact details, government identifiers, and other distinguishing information.
  • Protected Health Information (PHI): Information about an individual's health, including insurance and billing information.
  • Customer Data: Electronic health records and other information considered personal information under applicable law.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Email: admin@careboarding.com