Wound Logix Privacy Policy & HIPAA Notice of Privacy Practices

1. Introduction & Scope
Wound Logix (“we,” “our,” or “us”) is committed to protecting the privacy and security of your health and personal information. This Privacy Policy explains how we collect, use, share, and protect information through our clinical operations and our websites, including any digital portals or electronic health record systems powered by our partners such as Tebra, WoundZoom, and PRIA Healthcare.

This document serves as both:
– A Notice of Privacy Practices under the Health Insurance Portability and Accountability Act of 1996 (HIP AA) and the Health Information Technology for Economic and Clinical Health (HITE CH) Act, and

– A Website Privacy Policy describing how we handle data from visitors, patients, and business users interacting with our online services.

By using our services or website, you acknowledge that you have read and understood this Policy and consent to its terms, as permitted by applicable law.

2. Information We Collect

2.1 Protected Health Information (PHI)
Wound Logix collects and maintains Protected Health Information (PHI) as defined under 45 C.F.R §160.103. PHI includes any information relating to an individual’s physical or mental health condition, treatment, or payment when such information can identify the individual.

PHI may include patient names, addresses, contact details, diagnoses, treatment plans, billing information, and clinical imagery captured through WoundZoom systems.

2.2 Information Collected Electronically
When you interact with Wound Logix electronically, we and our authorized service providers may collect technical information such as IP address, device type, browser version, and access timestamps. No behavioral or cross-site tracking occurs.

2.3 Information from Other Sources
We may receive information from authorized healthcare providers, insurers, or third-party Business Associates including WoundZoom, Tebra, and PRIA Healthcare, used strictly for care coordination or billing.

2.4 Limitation of Collection
All information collected is limited to that which is necessary to fulfill operational, clinical, billing, or regulatory functions, consistent with the minimum necessary standard under 45 C.F.R §164.502(b).

3. Use and Disclosure of Information

3.1 Permitted Uses and Disclosures
Wound Logix may use or disclose PHI for Treatment, Payment, Health Care Operations, and as required by law, consistent with HIP AA and HITE CH.

3.2 Business Associates and Their Functions
I Business Associate I Purpose I Safeguards I
|————————–|————|—————-|

I WoundZoom, Inc. I EHR and imaging platform for clinical documentation and secure storage. I HIP AA BM; deidentification under 45 C.F.R §164.514(b). I

I Tebra Technologies, Inc. I Billing, scheduling, and patient-portal management. I HIP AA BM available at https: / /www.tebra.com/business-associate-agreement I

I PRIA Healthcare Management LLC I Prior authorization and reimbursement support. I HIP AA BM limiting use solely to payer communications. I

3.3 Prohibited Uses and Disclosures
PHI is not sold or used for marketing or commercial purposes.

3.4 Disclosures Requiring Authorization
Certain uses, such as marketing or psychotherapy notes, require written patient authorization per 45 C.F.R §164.508.

4. Data Security, Safeguards, and Breach Notification
Wound Logix maintains administrative, technical, and physical safeguards per HIP AA Security Rule ( 45 C.F.R. Part 164, Subpart C).

-Administrative: Workforce training, risk assessments, and vendor due diligence.
-Technical: MFA, encryption (AES-256, TLS 1.2+ ), OLP, and Purview information protection.
– Physical: Restricted access and secure disposal of PHI.

Systems are hosted within Microsoft 365 and Azure U.S. data centers (ISO 27001, SOC 2, HIP AA compliant). All PHI is encrypted at rest and in transit. Breach notifications will be issued per 45 C.F.R. §§164.400-414 within 60 days of discovery.

5. Patient Rights Under HIPAA
Patients have the following rights under HIP AA and HITE CH:
– Right to Access ( 45 C.F.R. § 164.524)
– Right to Amend ( 45 C.F.R. § 164.526)
– Right to Accounting of Disclosures ( 45 C.F.R. § 164.528)
– Right to Request Restrictions and Confidential Communications
– Right to Receive a Copy of this Notice
– Right to File a Complaint without retaliation

6. Website Privacy, Tracking, and Third-Party Systems
Wound Logix does not track or profile visitors. No behavioral cookies or cross-site analytics are used.

Third-party portals such as Tebra or WoundZoom maintain their own privacy practices. Wound Logix does not monitor or retain user data entered within those systems.

Third-Party Websites and Links
For convenience, our Site may contain links to third-party websites or resources not operated or controlled by Wound Logix. We are not responsible for their content, services, or privacy practices. Visiting external sites is at your own risk.

7. Data Integrity, Retention, and International Transfer
Wound Logix retains PHI and billing records for at least six (6) years or as required by law. Data integrity is ensured via access controls and audit logs.

All data are stored, processed, and backed up exclusively within the United States. No international data transfers occur. All Business Associates are contractually prohibited from offshore processing.

8. Enforcement, Policy Revisions, and Governing Law
Wound Logix enforces compliance through internal oversight and a designated Privacy Officer.

Non-Retaliation
No patient, employee, or individual shall face retaliation for reporting a privacy concern, filing a complaint, or participating in an investigation.

Revisions and Jurisdiction
This Policy may be amended with notice on our website. It is governed by the laws of the State of Arkansas and applicable federal statutes.

9. Contact Information and Effective Date
WoundLogix
Attn: Privacy Office
120 W Race Avenue, Suite 9
Searcy, Arkansas 72143
Email: my-privacy@wouldlgx.com