Intelliscape LLC ("we," "our," or "us") is committed to protecting the privacy and confidentiality of patient health information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal and health information when the BrainCompass App is used in hospital or clinical settings.
If you have questions or concerns about this policy, please contact us using the details below.
1. Purpose and Scope
This Privacy Policy applies to the use of the BrainCompass cognitive screening application (the "App") by healthcare professionals and clinical institutions. The App is intended for clinical assessment aid, monitoring, and documentation of patients' cognitive function.
This policy covers how we handle Protected Health Information (PHI) and other personally identifiable information collected through the App.
2. Information We Collect
a. Patient Information
- Name, date of birth, gender, and patient ID
- Clinical or diagnostic information entered by authorized healthcare staff
- Responses and performance data from cognitive tests (e.g., accuracy, completion time, error rates)
b. Clinician and Institutional Information
- Clinician name, role, and institutional affiliation
- User account credentials and activity logs (for audit and compliance)
c. Technical and Usage Data
- Device identifiers, IP addresses, and session logs
- Application performance and error reports
- Metadata for data synchronization and audit trail purposes
We do not collect unrelated personal data from patient devices unless specifically authorized.
3. How We Use the Information
We use collected information to:
- Deliver and manage cognitive screening assessments
- Generate clinical reports for patient records
- Support medical decision-making and care coordination
- Maintain audit logs for security and regulatory compliance
- Improve accuracy, reliability, and usability of the App
- Provide customer and technical support to clinical users
Anonymized or aggregated data may be used for:
- Research and validation of cognitive assessment tools
- Service quality improvement and performance benchmarking
All such data will be de-identified in accordance with HIPAA and GDPR standards.
4. Legal Basis for Processing
We process patient data under one or more of the following lawful bases:
- Provision of healthcare services (Article 9(2)(h) GDPR)
- Performance of a contract with the healthcare institution
- Compliance with legal obligations related to healthcare records and reporting
- Legitimate interests in maintaining and improving clinical tools, where permitted
- Patient or institutional consent, where required
5. Data Storage and Security
We implement administrative, technical, and physical safeguards consistent with HIPAA and international standards, including:
- End-to-end encryption during transmission and at rest
- Secure access controls and authentication
- Role-based permissions for healthcare staff
- Regular security audits and penetration testing
- Data backup and disaster recovery protocols
Data may be stored on HIPAA-compliant or GDPR-compliant servers depending on jurisdiction. We maintain audit logs of all data access and modification activities for compliance.
6. Data Retention
Patient data is retained only as long as required by:
- Applicable healthcare regulations
- Institutional record-keeping policies
- The duration necessary to provide the App's services
Upon termination of an institutional agreement, all identifiable data will be securely deleted or returned to the healthcare provider as per contract terms.
7. Data Sharing and Disclosure
We do not sell or rent any patient or clinician information.
We may share data only with:
- The authorized healthcare institution and its designated staff
- Service providers (e.g., secure cloud hosting or analytics vendors) under strict confidentiality and data protection agreements
- Regulatory authorities or public health agencies, if legally required
If data is shared for research or validation, it will be fully anonymized.
8. Your Rights Regarding Personal Data
Depending on jurisdiction, patients and clinicians may have the right to:
- Access their personal or health data
- Request correction of inaccurate data
- Request deletion (subject to clinical record-keeping laws)
- Restrict or object to processing in certain cases
- Request a copy of data in a portable format
Data Deletion Requests
If you wish to request deletion of your personal data, please submit a formal request through our Data Deletion Request Form.
Requests should be directed to the healthcare provider or data protection officer managing the App at the institution. Please note that some data may need to be retained to comply with legal and regulatory requirements.
9. International Data Transfers
If data is transferred outside the originating country (e.g., to secure cloud servers), we ensure compliance with applicable data protection laws using approved safeguards such as:
- Standard Contractual Clauses (for EEA data)
- HIPAA-compliant Business Associate Agreements (for U.S. entities)
10. Business Associate Relationship (HIPAA)
When operating in the United States, BrainCompass functions as a Business Associate under HIPAA, processing PHI on behalf of the covered entity (the healthcare provider or institution). A Business Associate Agreement (BAA) will be executed with each institution outlining the terms of data handling, use, and protection.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated to institutional partners and reflected within the App. The latest version will always be available at intelliscape.ai/privacy.html.
12. Contact Information
For questions about this Privacy Policy or data handling practices, please contact:
Intelliscape LLC
Email: privacy@intelliscape.ai
Phone: +1 (848) 353-1215
If you are a patient and wish to exercise your data rights, please contact your healthcare provider directly.