AcesoAI | AI-Driven Healthcare Services & Digital Health Solutions

At ACESO AI, we are committed to the highest standards of data protection. This policy explains how we collect, use, and safeguard information across our website and the ACESO AI Platform.

HIPAA Compliance

For healthcare providers, our handling of Protected Health Information (PHI) is governed by the Health Insurance Portability and Accountability Act (HIPAA) and our signed Business Associate Agreement (BAA).

1. Information We Collect

Category	Types of Data	Source
User Account Data	Name, email, job title, hospital affiliation.	Directly from you.
Clinical Data (PHI)	Patient records, labs, nursing notes, ICD codes.	EHR Integration (Epic/Cerner).
Usage Data	IP address, browser type, clickstream patterns.	Automated cookies/logs.

2. How We Use Information

We use the data collected for specific, limited purposes:

Service Delivery: To generate clinical queries and documentation gap analysis.
AI Improvement: We may use de-identified data to train and improve our machine learning models, ensuring they remain accurate for clinical use. Once data is de-identified, it is no longer PHI.
Communication: To provide platform updates and security alerts to authorized users.

3. Data Disclosure & Sub-processors

We do not sell your personal or clinical data. Disclosure is limited to:

Cloud Infrastructure: Secure hosting via HIPAA-compliant partners (e.g., AWS/Azure).
Legal Requirement: When required by a valid subpoena or court order.
Authorized Personnel: Limited access by ACESO AI staff for technical support and maintenance under strict confidentiality.

4. Security Measures

We implement technical and organizational measures including, but not limited to:

Full AES-256 encryption at rest and TLS 1.2+ encryption in transit.
Granular audit logs recording every access to patient data.
Strict Role-Based Access Control (RBAC) to ensure users only see data necessary for their role.

5. Your Rights & HIPAA Access

As a healthcare provider user, you have the right to access, correct, or delete your account information. Regarding patient records, ACESO AI acts as a Business Associate; requests from patients to access their records should be directed to the healthcare provider (Covered Entity).

6. Data Retention

We retain account information for as long as your organization maintains an active subscription. Clinical data (PHI) is retained or destroyed in accordance with the timelines specified in our Business Associate Agreement with your hospital.

7. Contact Us

If you have questions about this Privacy Policy or wish to report a security concern, please contact our Privacy Officer:

Email: privacy@acesoai.com
Security: security@acesoai.com