Privacy Policy

Nimbus Healthcare ("we," "our," or "us") operates Nimbus OS™, a digital health technology platform that provides software-as-a-service (SaaS) and healthcare services. This Privacy Policy describes how we collect, use, disclose, and protect your personal information and Protected Health Information (PHI) when you use our platform, services, or websites.

By using Nimbus OS™ or our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our services.

2.1 Protected Health Information (PHI)

As a healthcare technology platform, we collect and process PHI as defined by the Health Insurance Portability and Accountability Act (HIPAA), including:

• Patient medical records and health history
• Prescription and medication information
• Laboratory test results and diagnostic data
• Provider notes and clinical documentation
• Insurance and billing information
• Demographic information (name, date of birth, contact information)

2.2 Platform User Information

For providers, administrators, and other platform users, we collect:

• Name, email address, and professional credentials
• Organization and role information
• Account credentials and authentication data
• Usage data and platform activity logs

2.3 Technical Information

• Device information and IP addresses
• Browser type and version
• Cookies and similar tracking technologies
• Log files and system analytics

We use the information we collect for the following purposes:

• Healthcare Services: To provide, coordinate, and manage healthcare services, including prescription fulfillment, lab result delivery, and care coordination
• Platform Operations: To operate, maintain, and improve the Nimbus OS™ platform and services
• Treatment: To enable healthcare providers to deliver treatment and coordinate care
• Payment: To process payments, bill insurance, and manage financial transactions
• Healthcare Operations: For quality improvement, analytics, and operational purposes
• Compliance: To comply with legal obligations, including HIPAA, state regulations, and healthcare standards
• Communication: To send important updates, notifications, and respond to inquiries
• Security: To detect, prevent, and respond to security threats and fraud

4.1 Healthcare Providers

We share PHI with authorized healthcare providers, clinics, and medical professionals who are involved in your care and have a legitimate need for the information.

4.2 Pharmacy and Fulfillment

PHI is shared with our pharmacy network, including Lake Hills Pharmacy, for prescription fulfillment, compounding, and medication delivery.

4.3 Business Associates

We may share PHI with third-party service providers who act as Business Associates under HIPAA, including:

• Cloud hosting and infrastructure providers
• Payment processors and billing services
• Laboratory and diagnostic service providers
• Technology vendors and integration partners

All Business Associates are contractually required to maintain the confidentiality and security of PHI.

4.4 Legal Requirements

We may disclose information when required by law, including:

• Court orders, subpoenas, or legal process
• Public health reporting requirements
• Law enforcement requests (as permitted by law)
• Regulatory compliance and audits

Under HIPAA and applicable privacy laws, you have the following rights regarding your PHI:

• Right to Access: Request copies of your health information
• Right to Amend: Request corrections to inaccurate or incomplete information
• Right to an Accounting: Request a list of disclosures of your PHI
• Right to Request Restrictions: Request limitations on how we use or disclose your PHI
• Right to Request Confidential Communications: Request alternative methods of communication
• Right to File a Complaint: File a complaint if you believe your privacy rights have been violated

To exercise these rights, please contact us at support@nimbushealthcare.com or submit a written request to our Privacy Officer.

We implement comprehensive security measures to protect your information, including:

• Encryption of data at rest (AES-256) and in transit (TLS 1.3)
• Role-based and attribute-based access controls (RBAC/ABAC)
• Regular security audits and penetration testing
• 24/7 security monitoring and incident response
• Employee training and background checks
• Business Associate Agreements with all third-party vendors

For more details, please see our Security & Trust page.

We retain PHI and personal information in accordance with applicable laws and regulations, including state medical record retention requirements and HIPAA. Generally:

• Medical records are retained as required by state law (typically 6-10 years)
• Account information is retained while your account is active and for a reasonable period thereafter
• We may retain certain information for legal, regulatory, or business purposes

Our services are not intended for individuals under the age of 18. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: