Back to Home

Privacy Policy

HIPAA Notice of Privacy Practices

Last updated: March 1, 2026

1. About Signal Core Solutions

Signal Core Solutions ("we," "our," or "the Company") provides a precision medical review and utilization management platform ("the Platform") designed for hospitals and healthcare facilities. Our Platform assists clinical staff in performing utilization review by analyzing medical records using advanced algorithms to determine medical necessity for inpatient admissions.

2. Information We Collect

In the course of providing our services, we may collect and process the following categories of information:

Protected Health Information (PHI)

  • Patient names, dates of birth, and medical record numbers
  • Clinical notes, History & Physical (H&P) documents
  • Diagnosis codes, admission/discharge dates
  • Insurance/payor information
  • Physician names and ordering provider information

User Account Information

  • Names, email addresses, and role assignments of clinical staff
  • Authentication credentials (hashed passwords, OAuth tokens)
  • IP addresses and session logs for audit purposes

3. How We Protect Your Information

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS).

Encryption at Rest

All data stored in our databases is encrypted at rest using industry-standard encryption.

PHI De-identification

Clinical notes are scrubbed of personal identifiers before computational processing using the HIPAA Safe Harbor method.

Access Controls

Role-based access ensures users only see data from their assigned facilities.

Audit Logging

All access to PHI is logged, including who viewed, created, or modified records.

Session Security

Automatic session timeout after 30 minutes of inactivity.

4. How We Use Your Information

  • Clinical Review: To analyze medical records and provide utilization review recommendations.
  • Platform Operations: To authenticate users, manage facility assignments, and maintain system security.
  • Compliance: To maintain audit trails as required by HIPAA and applicable regulations.
  • Quality Improvement: To generate aggregate, de-identified metrics for facility performance analysis.

We do NOT sell, rent, or share Protected Health Information with third parties for marketing or any purpose unrelated to the services described above.

5. Third-Party Service Providers

We use the following third-party service providers to operate the Platform. Each provider is bound by a Business Associate Agreement (BAA) as required by HIPAA:

Cloud Database ProviderSecure storage of application data
Hosting ProviderApplication hosting and content delivery
Analysis ProviderClinical analysis engine (receives de-identified data only)
Authentication ProviderSecure user sign-in via Google/Microsoft SSO

6. Breach Notification

In the event of a breach of unsecured Protected Health Information, we will notify affected individuals, the covered entity (your facility), and the U.S. Department of Health and Human Services (HHS) in accordance with the HIPAA Breach Notification Rule (45 CFR §§ 164.400-414). Notification will be provided without unreasonable delay and no later than 60 calendar days from the discovery of the breach.

7. Data Retention

We retain clinical review records for a minimum of six (6) years from the date of creation, in accordance with HIPAA record retention requirements. Deleted records are soft-deleted (marked as inactive) and retained in our secure database for the required retention period before permanent deletion. Audit logs are retained indefinitely.

8. Your Rights

Under HIPAA, you have the right to:

  • Request access to your Protected Health Information
  • Request correction of inaccurate PHI
  • Request an accounting of disclosures of your PHI
  • Request restrictions on certain uses and disclosures
  • Receive notification of a breach of your unsecured PHI
  • File a complaint with HHS if you believe your privacy rights have been violated

9. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to report a privacy concern:

Signal Core Solutions — Privacy Officer

Email: privacy@signalcoresolutions.com

Return to Signal Core Solutions