(Including MyCareX, Intelligent Companion, and RideON patient/device referral app)
Effective Date: 11/01/2025
Last Updated: 11/01/2025
1. Introduction
This Privacy Policy describes how Global Health Information Technology (“we,” “our,” or “us”) collects, uses, shares, and safeguards information through our suite of connected healthcare products, including:
- NeoCareX — our Electronic Health Record (EHR) platform for healthcare organizations and providers;
- MyCareX — our Personal Health Record (PHR) and remote patient monitoring (RPM) app for individuals;
- MyCareX Intelligent Companion — our digital health and wellness assistant providing insights, summaries, and preventive care recommendations;
- RideON – our patient and device referral app that works with NeoCareX and other EHR systems.
Together, these platforms enable secure clinical data exchange, remote monitoring, and personalized wellness guidance. We comply with all applicable privacy and security laws, including the Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and, where applicable, the General Data Protection Regulation (GDPR).
2. Information We Collect
a. Personal Information
We may collect identifying information such as:
- Name, contact information, and demographic details
- User account credentials and authentication data
- Professional identifiers (for providers using NeoCareX)
b. Health and Medical Information
Depending on your use of our products, we may collect:
- Clinical data (diagnoses, medications, allergies, lab results, vital signs)
- Device-generated or manually entered readings (heart rate, blood pressure, glucose, activity, sleep)
- Health summaries, progress reports, and care plans
- Wellness preferences, goals, and lifestyle metrics provided through MyCareX or the Intelligent Companion
c. Technical and Usage Data
We automatically collect data to enhance service performance and reliability:
- Device type, operating system, browser, and IP address
- App usage logs, crash reports, and telemetry data
- Communication metadata (timestamps, system activity)
We use analytics tools in compliance with privacy regulations and do not use identifiers for marketing or advertising purposes.
3. How We Use Your Information
We use the collected information to:
- Deliver and maintain EHR, PHR, referral app, and wellness services across our ecosystem
- Enable secure data exchange using FHIR APIs, TEFCA–based exchanges, and mandatory electronic reporting mechanisms
- Provide personalized health summaries, insights, and recommendations through the Intelligent Companion
- Support clinical decision-making and care coordination
- Communicate with users regarding account activity, updates, or alerts
- Conduct analytics to improve service quality, accuracy, and user experience
- Comply with legal and regulatory requirements
We do not sell or use identifiable health data for advertising.
4. Data Sharing and Disclosure
We share data only as permitted under applicable law and under strict security controls:
- With healthcare providers and care teams through the NeoCareX EHR for coordinated care
- With authorized caregivers or family members (only when consented by the user) via MyCareX
- With public health agencies for authorized electronic reporting and TEFCA based exchanges
- With business associates and vendors who support hosting, analytics, or secure messaging — all bound by HIPAA-compliant Business Associate Agreements (BAAs)
- When required by law, regulation, or legal process
We may share de-identified or aggregated data for analytics, research, or product improvement, never in a form that identifies an individual.
5. Remote Patient Monitoring and AI-based Services
MyCareX and the Intelligent Companion collect and process health metrics from connected devices and third-party integrations (e.g., wearables, RPM services, or patient care records).
These services:
- Operate under HIPAA and applicable FDA remote monitoring guidance
- Provide users with personalized health summaries and insights generated by privacy-preserving AI models
- Do not make medical diagnoses or replace professional medical advice
- Use de-identified and encrypted data for algorithmic training and system improvement
Users maintain full control over device permissions and data-sharing preferences.
6. Data Security
We apply strong technical and organizational safeguards to protect data integrity, confidentiality, and availability, including:
- Encryption of all data at rest (AES-256) and in transit (TLS 1.2+)
- Role-based access controls and audit logs
- Multi-factor authentication and automatic session timeouts
- Continuous monitoring and third-party security testing
- HIPAA-compliant infrastructure with SOC 2 and HITRUST-certified partners
7. Data Retention and Deletion
We retain data only as long as necessary to provide our services or comply with legal and regulatory obligations. When data is no longer needed, it is securely deleted or de-identified following NIST 800-88 standards.
Users may request data export or deletion through the MyCareX app settings or by contacting our privacy officer.
8. Your Rights
Depending on your role and jurisdiction, you may have the right to:
- Access, correct, or delete your personal or health data
- Request data portability
- Restrict or object to processing in specific contexts
Patients should contact their healthcare provider for access to PHI maintained by providers using NeoCareX.
MyCareX users may manage or delete their PHR data directly within the app or by contacting support.
9. International Data Transfers
If your data is transferred outside your jurisdiction (e.g., from the EU to the US, or vice versa), GHEIT ensures adequate protection under recognized mechanisms such as Standard Contractual Clauses (SCCs) and compliance with GDPR standards.
10. Children’s Privacy
Our services are not intended for children under 13 (or 16 in the EU). Parental or guardian consent is required for any use of the MyCareX app by minors.
11. Updates to This Privacy Policy
We may revise this Privacy Policy periodically. Updates will be posted with a new “Effective Date,” and continued use of our products implies acceptance of the updated policy. Comments may be checked through an automated spam detection service.