HIPAA Notice of Privacy Practices
Our commitment to your health information
Fortivus Cares handles information that may include protected health information (PHI) — medical records, diagnoses, medication lists, and other health-related documents that you upload about your family members. We treat all of this information with the highest level of care and confidentiality.
How we use health-related information
We use health-related information you provide solely to:
- Provide the Fortivus Cares platform and Sage's guidance to you
- Generate organizational summaries, alerts, and prioritized action plans based on your situation
- Improve our platform's ability to serve caregiving families (using de-identified, aggregated data only)
We do not use health-related information for advertising, marketing, or sale to third parties — ever.
With whom we share health-related information
We do not share identifiable health-related information with third parties except:
- Service providers — technology vendors who help us operate the platform (such as cloud infrastructure providers) under strict data processing agreements
- Legal requirements — when required by law, court order, or government authority
- Safety — when necessary to prevent serious harm to you or others
- With your consent — when you explicitly authorize sharing with a specific third party
Your rights regarding your health information
You have the right to:
- Access and download all health-related information you have provided to Fortivus Cares
- Correct inaccurate information
- Request deletion of your health information
- Revoke access you have granted to other family members at any time
- Receive a copy of this notice in a format accessible to you
Security safeguards
Fortivus Cares is built on HIPAA-compliant infrastructure, including encrypted data storage, encrypted data transmission, multi-factor authentication, role-based access controls, and audit logging. We have executed Business Associate Agreements (BAAs) with our infrastructure providers where applicable.
Breach notification
In the unlikely event of a data breach involving your health information, we will notify you promptly in accordance with applicable law, and no later than 60 days after discovery of the breach.