Last Updated: January 7th, 2025
1. Introduction
Welcome to TheraPulse (“we,” “our,” “us”). TheraPulse is an AI-powered session transcription service designed specifically for mental health professionals. Our mission is to enhance your practice by accurately transcribing your sessions, creating precise progress notes and summaries in just 60 seconds, and saving you up to 2 hours every day. We are committed to safeguarding your privacy and complying with all applicable data protection laws, including the Personal Health Information Protection Act (PHIPA) of Ontario, Canada, and the Health Insurance Portability and Accountability Act (HIPAA) of the United States.
This Privacy Policy outlines how we collect, use, disclose, and protect your personal health information (“PHI”) and ensures our compliance with PHIPA and HIPAA. By using TheraPulse, you agree to the practices described in this policy.
2. Definitions
To ensure clarity, the following definitions apply throughout this Privacy Policy:
- Personal Health Information (PHI): Identifying information about an individual in oral or recorded form related to their physical or mental health, provision of health care, payments for health care, or eligibility for health coverage.
- Health Information Custodian: Any person or organization, such as a health care practitioner or an institution providing health services, that has custody or control of PHI.
- Substitute Decision-Maker: A person authorized under PHIPA or HIPAA to consent on behalf of an individual who is incapable of doing so.
- AI Scribe: The AI-powered transcription service provided by TheraPulse.
- Business Associate Agreement (BAA): A legally binding document that outlines each party’s responsibilities when handling PHI.
3. Our Commitment to Privacy
At TheraPulse, we understand the sensitive nature of mental health information and are dedicated to protecting your PHI. We adhere strictly to PHIPA and HIPAA requirements to ensure confidentiality, integrity, and availability of your information.
4. Collection of Personal Health Information
4.1 Direct Collection
We collect PHI directly from mental health professionals (health information custodians) who use our AI Scribe service. The types of PHI collected include:
- Session audio recordings
- Transcribed progress notes and summaries
4.2 Limitation of Collection
We only collect PHI that is necessary for providing our transcription services. We do not store any audio recordings. Uploaded audio files are temporarily stored in memory and are immediately cleared after transcription.
5. Use of Personal Health Information
5.1 Purpose of Use
We use PHI solely for the purpose of:
- Transcribing session recordings into text
- Creating progress notes and summaries
5.2 No Unlawful Use
We do not use PHI for any unlawful purposes or in a manner inconsistent with PHIPA and HIPAA regulations.
6. Disclosure of Personal Health Information
6.1 To Authorized Parties Only
We may disclose PHI to:
- Cloud computing providers
- Data storage providers
- Large Language Model (LLM) providers
These providers are bound by BAAs, ensuring they comply with PHIPA and HIPAA standards. We do not disclose PHI to any other third parties without explicit consent from our clients.
6.2 Legal Requirements
We may disclose PHI when required by law, such as to comply with a court order or to protect against a significant risk of serious bodily harm.
7. Security of Personal Health Information
7.1 Administrative Safeguards
- Regular training for our staff on data privacy and security.
- Implementation of robust access controls to ensure only authorized personnel can access PHI.
7.2 Physical Safeguards
- Secure data centers with controlled physical access.
- Protection against unauthorized physical access to our servers and infrastructure.
7.3 Technical Safeguards
- Encryption of PHI during transmission and storage.
- Regular security assessments and vulnerability testing.
- Immediate deletion of audio files post-transcription to prevent unauthorized access.
8. Access to and Correction of Personal Health Information
8.1 Right of Access
Under PHIPA and HIPAA, clients have the right to access their PHI held by us. Clients can request access by submitting a written request to our support team.
8.2 Correction of Information
If you believe that your PHI is inaccurate or incomplete, you may request a correction by contacting us in writing. We will review your request and make the necessary corrections promptly.
9. Consent and Withdrawal of Consent
9.1 Obtaining Consent
We obtain consent from our clients before collecting, using, or disclosing PHI. Consent may be express or, in certain circumstances, implied.
9.2 Withdrawing Consent
Clients may withdraw their consent at any time by notifying us in writing. Withdrawal of consent does not affect the lawfulness of any collection, use, or disclosure before withdrawal.
10. Compliance with PHIPA and HIPAA
10.1 PHIPA Compliance
We comply with all provisions of PHIPA, including:
- Limiting collection to necessary PHI
- Ensuring PHI is accurate and up-to-date
- Protecting PHI against theft, loss, and unauthorized use or disclosure
- Providing individuals with access to their PHI and the ability to request corrections
10.2 HIPAA Compliance
We adhere to HIPAA’s Privacy and Security Rules, including:
- Maintaining the confidentiality, integrity, and availability of PHI
- Implementing required administrative, physical, and technical safeguards
- Ensuring business associates are compliant through BAAs
- Granting rights of access and correction to individuals
11. Data Retention and Disposal
11.1 Retention Period
PHI is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law.
11.2 Secure Disposal
When PHI is no longer needed, we ensure its secure disposal through methods that prevent unauthorized access or reconstruction.
12. Business Associate Agreements (BAA)
We have BAAs in place with all our business associates, including cloud computing, data storage, and LLM providers. These agreements ensure that our business associates are contractually obligated to comply with PHIPA and HIPAA requirements.
Upon request, we can enter into a BAA with our clients to further assure compliance and protection of PHI.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify clients of significant changes by email or through our website. Continued use of TheraPulse after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us:
- Email: [email protected]
- Mailing Address:
TheraPulse
945 McKinney St, Houston, Texas 77002
15. Your Rights Under PHIPA and HIPAA
Under PHIPA and HIPAA, you have the following rights concerning your PHI:
- Right to Access: You can request access to your PHI.
- Right to Correction: You can request corrections to your PHI.
- Right to Confidentiality: Your PHI is protected against unauthorized access and disclosure.
- Right to Complain: If you believe your privacy rights have been violated, you can file a complaint with our Privacy Officer or the relevant regulatory body.
16. Enforcement
Failure to comply with this Privacy Policy may result in sanctions under PHIPA, HIPAA, and other applicable laws. We take violations seriously and are committed to enforcing policies that protect your PHI.
17. Definitions of Terms Used
For your convenience, here are definitions of key terms used in this Privacy Policy. For more detailed definitions, please refer to section 2.
- PHIPA: Personal Health Information Protection Act of Ontario.
- HIPAA: Health Insurance Portability and Accountability Act of the United States.
- BAA: Business Associate Agreement.
- PHI: Personal Health Information.
- AI Scribe: TheraPulse’s AI-powered transcription service.
By using TheraPulse, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. Your trust is paramount, and we are dedicated to maintaining the highest standards of privacy and security for your PHI.