1. Introduction

Welcome to NaviWell ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare navigation platform.

2. HIPAA Compliance

NaviWell is committed to full compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. We maintain appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of your protected health information (PHI).

2.1 Business Associate Agreements

We enter into Business Associate Agreements (BAAs) with all third-party service providers who may have access to PHI, ensuring they maintain the same level of protection for your health information.

3. Information We Collect

3.1 Personal Information

• Name and contact information (email, phone number)
• Account credentials and authentication data
• Professional credentials (for healthcare providers)

3.2 Health Information

• Symptoms and health concerns you share with our AI chat system
• Medical images you upload for analysis
• Medication information you search for
• Healthcare provider searches and preferences

3.3 Usage Information

• Device information and IP address
• Browser type and operating system
• Pages visited and features used
• Date and time of access

4. How We Use Your Information

4.1 Primary Purposes

• Healthcare Guidance: To provide AI-powered health triage and treatment recommendations
• Provider Matching: To help you find appropriate healthcare providers
• Medication Information: To identify medications and provide drug information
• Service Improvement: To enhance our platform's functionality and user experience

4.2 Provider Features

For verified healthcare providers, we use information to provide clinical decision support tools, including calculators, diagnostic frameworks, and charting assistance.

5. Information Sharing and Disclosure

5.1 We Do NOT Sell Your Information

We will never sell, rent, or trade your personal health information to third parties for marketing purposes.

5.2 Limited Disclosures

We may share your information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: With HIPAA-compliant vendors who assist in operating our platform (under BAAs)
• Legal Requirements: When required by law, court order, or to protect rights and safety
• Emergency Situations: To prevent serious harm or threat to health or safety

6. Data Security

6.1 Security Measures

We implement industry-standard security measures including:

• End-to-end encryption for data transmission
• Encrypted storage of all health information
• Multi-factor authentication for provider accounts
• Regular security audits and vulnerability assessments
• Access controls and audit logging
• Employee training on HIPAA compliance

6.2 Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations. Audit logs are maintained for a minimum of 3 years as required by HIPAA. You may request deletion of your account and associated data at any time, subject to legal retention requirements.

7. Your Rights

7.1 Access and Control

You have the right to:

• Access: Request a copy of your personal health information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Restriction: Request limitations on how we use your information
• Portability: Receive your information in a portable format
• Objection: Object to certain uses of your information

7.2 Breach Notification

In the event of a data breach involving your protected health information, we will notify you within 60 days as required by HIPAA, along with details of the breach and steps we are taking to address it.

8. Children's Privacy

NaviWell is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately.

9. Third-Party Services

9.1 External Links

Our platform may contain links to third-party websites or services (such as healthcare provider websites). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

9.2 NPI Registry

Provider search functionality uses the National Provider Identifier (NPI) Registry, a public database maintained by the Centers for Medicare & Medicaid Services (CMS).

10. International Users

NaviWell is based in the United States and complies with U.S. healthcare privacy laws. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of NaviWell after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: [email protected]
• Privacy Officer: Operational Excellence Advisors
• Address: [Your Business Address]

13. Complaints

If you believe your privacy rights have been violated, you have the right to file a complaint with:

• NaviWell Privacy Officer: [email protected]
• U.S. Department of Health and Human Services: HHS HIPAA Complaint Portal

You will not be retaliated against for filing a complaint.