Overview

Iris Health AI ("we," "our," or "us") is committed to protecting the privacy of patients, healthcare providers, and other users who interact with our platform. This Privacy Policy describes how we collect, use, and protect information in connection with our services.

What We Collect

Iris Health AI does not collect or store protected health information (PHI). Our platform uses system-generated anonymous identifiers to track educational content engagement. No personally identifiable patient information enters our platform.

Healthcare coordinators and providers may access our administrative interface to generate secure patient access links. We collect basic account information from healthcare provider organizations necessary to operate the platform.

How We Use Information

Anonymous engagement data is used solely to provide analytics to healthcare provider organizations regarding educational content access and completion patterns. This data cannot be used to identify individual patients.

Provider account information is used to operate, maintain, and improve our services and to communicate with authorized users about platform updates and support.

SMS Communications

Iris Health AI facilitates delivery of patient education via SMS on behalf of healthcare provider organizations. SMS messages contain only a secure tokenized link to educational content. No PHI is included in any SMS communication. Messages are sent following patient consent obtained by the healthcare coordinator at the time of scheduling. Patients may opt out of SMS communications at any time by replying STOP.

Data Security

Iris Health AI is hosted on HIPAA-compliant infrastructure. We implement appropriate technical and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction. Our platform architecture is designed to minimize data exposure by avoiding collection of PHI entirely.

Third Party Services

We use Twilio to facilitate SMS delivery. Twilio operates under its own privacy policy and terms of service. We use Aptible for secure application hosting. Neither service receives PHI through our platform.

Data Retention

Anonymous engagement data is retained for the duration of the applicable service agreement with the healthcare provider organization and deleted upon contract termination upon request.

Your Rights

Healthcare provider organizations may request deletion of their account data at any time by contacting us directly.

Contact Us

For questions about this Privacy Policy please contact:

Rebecca Lyon, MS. PA-C Founder & CEO Iris Health AI rebecca@irishealthai.com (254) 410-3586