WoundMatic Privacy Policy

Last Updated: 03/02/2026

1. INFORMATION WE COLLECT

A. Patient Data (Protected Health Information – PHI)

·        Patient identifiers (ID number, name where applicable)

·        Wound images

·        Wound measurements (area, depth, progression metrics)

·        Treatment notes

·        Medication and wound-care documentation

B. Provider Data

·        Name

·        Professional credentials

·        User ID

·        Login and activity logs

2. PURPOSE OF DATA COLLECTION

Data is collected and processed for:

·        Clinical wound assessment

·        Monitoring wound progression

·        Supporting medical treatment planning

·        Maintaining complete EMR records

·        Regulatory and medical documentation compliance

·        Healthcare operations and quality assurance

3. HIPAA & REGULATORY COMPLIANCE

WoundMatic operates in compliance with applicable healthcare and data protection laws, including:

·        Health Insurance Portability and Accountability Act (HIPAA)

·        HITECH Act

·        Applicable state medical privacy laws

Where required, Business Associate Agreements (BAAs) are maintained with covered entities.

4. DATA SECURITY MEASURES

We implement administrative, technical, and physical safeguards including:

·        Encryption in transit and at rest

·        Role-based access controls

·        Continuous security monitoring

·        Audit logs and activity tracking

·        Secure infrastructure hosting

5. DATA SHARING

We do not:

·        Sell patient data

·        Use PHI for marketing

·        Share PHI for non-clinical commercial purposes

Data may be disclosed only:

·        To authorized healthcare providers involved in patient care

·        To regulatory authorities when legally required

·        To contracted service providers under HIPAA-compliant agreements

6. PATIENT RIGHTS

Subject to applicable law, patients may:

·        Request access to their health information

·        Request correction of inaccuracies

·        Request restrictions on certain uses

·        Request deletion, where legally permissible

Requests must be submitted through the applicable healthcare provider or covered entity.

7. DATA RETENTION

Health records are retained in accordance with:

·        Federal healthcare requirements

·        State medical board regulations

·        Payer and accreditation standards

8. CHANGES TO PRIVACY POLICY

We may update this Privacy Policy periodically. Material changes will be communicated in accordance with regulatory requirements