Privacy Policy
Effective Date: March 20, 2025
Last Updated: March 20, 2025
Careswift is a Software-as-a-Service (SaaS) platform handling sensitive healthcare data for emergency medical services (EMS) providers. We are committed to protecting this data in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and industry standards like SOC 2. This Privacy Policy explains our data practices, including what information we collect, how we use and protect it, and your rights regarding that data. By using Careswift through your organization, you acknowledge these practices.
Information We Collect and Why
We limit our data collection to only what is necessary to deliver and improve the Careswift service, following HIPAA's "minimum necessary" standard. The types of information we collect include:
Protected Health Information (PHI)
Patient health and medical data input into Careswift by EMS providers. PHI is any individually identifiable health information (e.g. patient medical records, treatment details, billing information) that relates to an individual‘s health or healthcare payments. We collect PHI only to facilitate treatment, coordination of care, billing, and other healthcare operations via our platform. In accordance with HIPAA, we access and use only the minimum PHI required for these purposes.
Provider and Organization Information
Information about healthcare providers and EMS companies using our service. This includes provider names, titles, contact information, and EMS agency details necessary to manage user accounts and enable service functionality. We use this data to authenticate users and tailor the platform to your organization's needs.
Authentication Data
Account credentials such as usernames and hashed passwords. All user passwords are stored using strong one-way hash algorithms (never in plain text) to ensure security. This data allows authorized personnel to securely access the platform while preventing unauthorized access.
Usage Logs and Audit Trails
Careswift automatically records log data about how the service is used, including user actions (e.g. logins, data entries, record views or edits) and system events. These audit logs are essential for security and compliance, as HIPAA requires tracking any access, use, disclosure, modification, or deletion of PHI. Audit trails help us ensure only appropriate access to patient data and provide an evidentiary record for compliance purposes. We protect log data as rigorously as other sensitive information.
We do not collect any more data than necessary. We do not use tracking cookies or collect personal information for marketing purposes. All information gathered is for enabling the healthcare services our clients provide, maintaining the platform's security, or meeting our legal and compliance obligations.
Use of Data
Careswift uses the collected data solely to provide and support the services requested by our client organizations (the healthcare providers and EMS companies). Specifically, we use data to:
- Provide the core application functionality (e.g. allowing EMS personnel to document patient encounters, share information with hospitals, and manage operational data).
- Verify user identities and credentials to maintain secure access controls.
- Monitor system performance and security through logs and audits, detecting and preventing unauthorized access or anomalies.
- Support clients with customer service and technical assistance, which may involve accessing relevant PHI or logs in a controlled manner.
- Fulfill any legal requirements, such as responding to lawful requests or reporting obligations under HIPAA's Breach Notification Rule if a security incident occurs.
We do not use PHI or other sensitive data for any secondary purpose such as advertising, nor do we sell or rent your data to third parties. All uses of PHI are directly related to healthcare operations, payment, or treatment, consistent with HIPAA's permitted uses. If we ever need to use data for a new purpose outside of those allowed under this Policy or our agreements, we will obtain necessary authorization in compliance with HIPAA and other applicable laws.
Data Sharing and Third-Party Disclosures
No Unauthorized Sharing
Careswift does not disclose or share your organization's data or any PHI with third parties except in a few critical situations: (1) with your organization's explicit direction or consent, (2) as required to provide our cloud services (explained below), or (3) if required by law or regulation (such as a court order or government audit). We do not share personal or health data for marketing or any purpose unrelated to providing our services.
Business Associates and Subprocessors
When we do use third-party services, we ensure they are HIPAA-compliant and bound by strict privacy safeguards. Specifically, we utilize Microsoft Azure for cloud hosting and Auth0 (Okta) for secure user authentication. Both of these providers function as Business Associates under HIPAA, meaning they handle PHI on our behalf. In accordance with HIPAA requirements, we have executed Business Associate Agreements (BAAs) with these subprocessors to ensure they uphold the same protections for PHI. Our BAAs with Azure and Auth0 contractually require them to safeguard your data to HIPAA standards and prevent unauthorized use or disclosure.
Azure
Careswift is hosted on Microsoft Azure's cloud platform. Microsoft Azure is a HIPAA-eligible cloud service; Microsoft provides a signed BAA covering Azure services used for ePHI. All data stored in Azure is encrypted (details on encryption are in the Security section below). Azure's data centers and processes meet high security certifications, and Azure offers tools like isolated networks and hardware security modules to protect healthcare data. We only use Azure services that are in scope for HIPAA compliance, and we configure them following Microsoft's HIPAA implementation guidance.
Auth0 (Identity Management)
We use Auth0 (an Okta service) to manage user logins, single sign-on, and authentication flows. Auth0 is a secure identity platform that undergoes independent audits and is SOC 2 Type II certified. Auth0's role is limited to authentication and does not use your data for any other purposes.
Aside from these business associates, the only other times we would disclose data to an external party are if required by law (for example, to comply with a subpoena or a HIPAA investigation by HHS) or if you explicitly instruct us to share data with another party. In all cases, we will ensure any disclosure is done in compliance with HIPAA's Privacy Rule and only the minimum necessary information is shared.
Security Measures and Data Storage
Careswift takes extensive measures to secure your data, using a defense-in-depth approach that meets or exceeds HIPAA Security Rule and SOC 2 requirements. We maintain administrative, physical, and technical safeguards to protect ePHI (electronic PHI) against unauthorized access, breaches, or loss. Key security and storage measures include:
Encryption in Transit and At Rest
All data is encrypted both in transit and at rest. We use industry-standard TLS (Transport Layer Security) for all network communications to and from the platform, ensuring that PHI is encrypted while it travels over the internet. Within our cloud environment, data is also encrypted at rest using AES-256 encryption algorithms.
Key Management with HSM Protection
Encryption keys and secrets are managed through Azure Key Vault with Hardware Security Module (HSM) backing. Azure Key Vault's HSM provides a tamper-resistant, FIPS 140-2 Level 3 validated environment for key storage. By using HSMs, we ensure that cryptographic keys (used for decrypting sensitive data) are themselves protected by dedicated secure hardware.
Network Segmentation and Firewalls
We isolate our production network housing sensitive data from other networks and restrict access using multiple layers of firewalls. These network protections ensure that only legitimate traffic and authenticated users can reach the systems handling PHI.
Access Controls and Authentication
We enforce strict access controls to ensure only authorized personnel can view or modify sensitive data. Each user has a unique account (username/email and password or SSO credentials), and access is role-based, meaning users only get the minimum privileges needed for their job (principle of least privilege). Administrative access to the system by Careswift staff is extremely limited and granted only for those who need it to support the service. All access to production environments requires multi-factor authentication. Additionally, Auth0 integration provides secure authentication features such as password hashing, account lockout on repeated failures, and optional multi-factor authentication for user logins.
Activity Monitoring and Audit Logging
We continuously monitor our systems and maintain detailed audit logs of all data access and system activity. Our logging systems record who accessed which resources, what actions were taken, and when. This includes logs of user logins, patient record views/edits, and administrative actions. We record any access, use, disclosure, or alteration of PHI in these audit logs. The logs are protected from tampering and are reviewed regularly. We have automated alerts set up to detect suspicious activities, and our security team investigates any anomalies or potential incidents in real time.
Web and Application Security
The Careswift application itself is built following secure coding practices to prevent common vulnerabilities. We conduct regular vulnerability scans and penetration testing to identify and fix any security weaknesses. Our WAF and Azure's DDoS protection service provide additional safeguards against attacks, ensuring high availability and resilience of the platform. We also keep all software and infrastructure components updated with the latest security patches to minimize risks from known vulnerabilities.
Secure Logging & Monitoring Infrastructure
All logs (including application logs, security logs, and audit logs) are stored securely with access restricted to authorized personnel. Logs containing sensitive information are encrypted and access-controlled. We utilize a secure logging server and security information and event management (SIEM) tools to aggregate and analyze logs for any indications of security events. This centralized monitoring helps us detect potential breaches and respond swiftly. In the event of any security incident involving PHI, we will follow HIPAA and applicable laws to notify affected clients and individuals as necessary and will document the incident and our response.
SOC 2 Controls and Audits
In addition to HIPAA, Careswift aligns with SOC 2 Trust Services Criteria for Security, Confidentiality, and Privacy. We have implemented internal controls such as formal security policies, risk assessments, employee security training, incident response plans, and vendor management programs. Regular third-party audits and assessments (for SOC 2 compliance and/or independent security reviews) are performed to validate that our security measures are effective. This means our controls are not only designed well but are also operating effectively over time to protect your data.
Collectively, these measures ensure that data stored on Careswift is safeguarded with multiple layers of security. We strive to exceed the baseline requirements so that you can trust that patient information and other sensitive data remain confidential, available to you when needed, and intact (protected from unauthorized alteration). Our security program is continually improved as new threats emerge and as we expand our platform, maintaining compliance with HIPAA's Security Rule and the high standards of SOC 2.
User Rights, Access, and HIPAA Compliance
Careswift is designed to help our healthcare clients meet their own compliance obligations, so we build features and policies that support HIPAA requirements and respect user rights. We consider two categories of "users" whose data might be involved: (1) the healthcare providers/EMS staff using Careswift (enterprise users), and (2) the patients whose PHI is managed via Careswift. This section addresses how we protect the rights and privacy of both.
Access and Amendment Rights (Patients)
If you are a patient whose information is stored in Careswift by an EMS provider, please note that Careswift is a service provider to your healthcare provider and does not interact with patients directly. Under HIPAA, you have the right to request access to or copies of your medical records and to request corrections to any inaccurate or incomplete PHI. These requests should be directed to the EMS agency or healthcare provider that treated you. Careswift will assist our client in fulfilling these requests as needed, by providing the necessary data in a secure manner. We will not disclose patient data to any individual or entity unless instructed by our client or required by law. If a patient or authorized representative reaches out to us directly, we will coordinate with the relevant healthcare provider to ensure the proper handling of the request in accordance with HIPAA's Privacy Rule.
Account Access and Controls (Providers/Staff)
If you are an authorized user (e.g., an EMS employee or healthcare provider) with a Careswift account, your organization controls your access to the platform. You have the ability to access the data within Careswift that your role permits. We ensure that every user account is uniquely identifiable and tied to an individual. You are responsible for keeping your login credentials confidential and for following your organization's policies when using the system. Careswift provides administrators in your organization with tools to manage user access (such as adding/removing users or adjusting roles). If you need assistance with accessing your account or believe there is an issue with your permissions, you should contact your organization's Careswift administrator or IT department, who can work with us to resolve the issue.
Audit Logs and Accountability
As noted in the Security section, Careswift maintains extensive audit logs to provide accountability for all activities involving PHI. These logs support your organization's need to monitor access to patient records. If there is ever a question or investigation about who accessed or altered a record and when, we can supply detailed audit trail information. We also retain these logs for at least six years (see Data Retention below), so historical access information remains available for compliance audits or legal needs.
Privacy and Confidentiality
We treat all personal and health information as confidential. Our employees are trained on HIPAA obligations and are only allowed to access PHI on a need-to-know basis (for example, when helping troubleshoot an issue for a client, and even then under strict supervision). We have signed confidentiality agreements with our employees and require background checks and HIPAA training for any team members who may come into contact with sensitive data. We also implement measures to ensure data integrity – meaning we protect data from improper alteration or destruction. In practice, this involves regular data backups, integrity checks, and controls to prevent unauthorized data changes.
HIPAA and Legal Compliance
As a Business Associate under HIPAA, Careswift is directly subject to many HIPAA provisions. We comply with all applicable sections of the HIPAA Security, Privacy, and Breach Notification Rules. This includes maintaining written policies and procedures, conducting regular risk assessments, and applying the "addressable“ implementation specifications of the Security Rule where reasonable (or appropriate alternatives that achieve the same level of protection). We document our compliance efforts and can provide our client organizations with assurances or documentation (such as a HIPAA compliance checklist or aspects of our SOC 2 report) to help them satisfy their own regulatory requirements. In the event of a security breach involving PHI, we will follow HIPAA‘s breach notification requirements by informing the covered entity (our client) without unreasonable delay and no later than 60 days from discovery, so that any impacted individuals can be notified in a timely manner. We will also assist in any investigations by authorities like the U.S. Department of Health and Human Services (HHS).
In summary, we are committed to upholding the rights and privacy protections mandated by HIPAA. By using Careswift, your organization is able to leverage our compliance efforts (such as access controls, audit logging, and data protections) to help meet its own obligations to patients and regulators. If you have specific questions about how Careswift supports HIPAA compliance or about your data in the system, please contact your organization‘s compliance officer or reach out to us using the contact information below.
User Consent and Choice
Because Careswift is an enterprise platform provided to you by your employer or affiliated healthcare organization, usage of the service is typically a condition of your role rather than a personal consumer choice. In general, individual end-users (employees of our client organizations) do not independently sign up for Careswift or provide consent in the same way a consumer would for a public web service. Instead, your organization has entered into an agreement with Careswift and has authorized your account. This means that certain data collection and processing (as described in this Policy) is required to use the platform and cannot be opted out of on an individual basis, since it is necessary for patient care and operational purposes.
Under SOC 2 privacy principles and general privacy law, individuals normally have the right to consent or opt out of optional data collection. However, those principles recognize an exception when the data processing is legally or contractually required. In our context, the collection of EMS incident data and related PHI is mandated by healthcare operations and law (EMS providers are required to document patient care events), and employees are generally required to use the organization‘s chosen systems. Therefore, there is no ability for an individual user to refuse the basic data processing without foregoing use of the system entirely.
By using your organization‘s Careswift account, you implicitly consent to the processing of data as outlined in this Privacy Policy. The data we collect is strictly for the intended purpose of providing the Careswift service and supporting healthcare delivery. If for any reason an additional use of your data is proposed, we would seek explicit permission from the organization and, if necessary, from individuals, in accordance with applicable privacy laws.
No Direct Marketing or Unrelated Communications
We will not send you marketing emails or unrelated communications as a result of using Careswift. Any necessary communications will be service-related (e.g., maintenance notices, security alerts, or support responses) and, in many cases, will be directed to administrators at your organization rather than end-users. There is no advertising on the Careswift platform, and your information is never sold or shared with advertisers.
Organizational Control
Your organization may have its own policies regarding your use of Careswift, and they control your account. If you leave the organization or if your role changes, your organization's administrators can deactivate or modify your account. As an individual user, if you have concerns about the data collected or how it‘s used within Careswift, we encourage you to raise this with your organization's management or privacy officer. They can liaise with us to address any issues. Generally, because Careswift is a tool for healthcare operations, the data collected is considered business/medical data that your organization must collect by law, so an opt-out is not provided.
In summary, using Careswift is effectively part of your employment/affiliation requirements. We make the data processing terms clear to our client organizations in our contracts and to users via this Policy. If you do not agree with these terms, your recourse would typically be to stop using the service. Data is handled with the utmost care and exclusively for its intended purpose of improving patient care and EMS operations.
Data Retention and Deletion
We retain personal data, including PHI, only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Data retention is a critical aspect of HIPAA compliance and healthcare operations – records often need to be kept for a minimum period for continuity of care, compliance, and legal reasons. Our data retention and deletion practices are as follows:
Patient Health Information
PHI collected in Careswift is retained for the duration of the contract with the EMS provider or healthcare organization, and longer if required by law or our client's policies. HIPAA regulations mandate that certain documentation (like disclosures or authorizations) be retained for at least 6 years, and many state laws require medical records to be kept for a number of years (often 5-7 years, or longer for minors). We work with our clients to support their record retention requirements. By default, Careswift will not delete or purge PHI data as long as our client remains a customer, unless they specifically request deletion or archival in line with their retention schedule. This ensures that historical patient care records remain available for access when needed by the healthcare providers or for legal compliance.
Audit Logs
As part of our compliance efforts, we retain audit logs and security logs for a minimum of six (6) years. These logs provide a backward timeline of system access and are stored securely. After six years, we may delete or anonymize older logs, unless they are subject to an ongoing investigation, legal hold, or our client requests longer retention.
User and Account Data
Account-related data (such as user profiles, authentication data, and user activity history) is kept as long as the user's organization remains on our platform. If an individual user account is deactivated or removed by the organization, some data (e.g. the user's name on audit logs or records they created) will be retained to maintain the integrity of historical records. However, the account itself will be marked inactive and no longer accessible. If an organization terminates its use of Careswift, we will, upon request, assist in exporting their data and then securely delete or anonymize the data in our systems after a defined period, as described below.
Data Deletion and Disposal
When data is no longer needed and is eligible for deletion, we follow strict procedures to permanently remove it. For digital data, deletion involves either secure wiping of storage or cryptographic erasure (destroying encryption keys so that the data cannot be recovered). For any physical media, we use shredding or certified destruction services. Before deleting any PHI, we confirm that retention obligations have been met by both Careswift and our client. If a client leaves Careswift, we offer a grace period (as defined in our contract, typically 30-60 days) to retrieve their data. After that, we purge the client's data from our active systems and backups, except any data required to be retained for legal compliance. We document all data deletions as part of our record-keeping.
Backups
We maintain encrypted backups of the Careswift database and files to ensure resiliency and disaster recovery. These backups are stored securely and are only accessed for recovery purposes. Backup data may potentially retain information that has been deleted in the main system, but as part of our deletion process, we ensure that expired data is also pruned from backups within a reasonable timeframe. Our policy is to not retain backups longer than necessary – backup cycles are typically overwritten on a rolling basis in accordance with our disaster recovery plan. Any backup containing PHI is afforded the same protections as live data and is encrypted and access-controlled.
Retention for Legal Reasons
In certain cases, we may need to retain data beyond normal periods if required to comply with legal obligations or court orders, or to resolve disputes. For example, if a legal hold is placed due to litigation, we will preserve relevant data until the hold is lifted. We will also retain any data required to demonstrate our compliance with HIPAA (such as documentation of security audits, breach incident reports, BAA agreements) for at least six years or as long as required by law.
Once the applicable retention period is over, and data is no longer needed, we will dispose of it in a secure manner. After deletion, we may retain non-identifiable information (aggregated analytics that contain no personal data) to help us improve our services, but this data cannot be linked back to any individual or organization.
Your Options
Because data in Careswift is typically owned and managed by the client organization (the EMS or healthcare provider), any requests for early deletion or removal of specific data should be made through that organization. For instance, if a patient requests deletion of their data, the healthcare provider would determine how to handle that request and instruct us if needed. If an EMS company asks us to remove certain records, we will comply as long as it does not conflict with legal requirements. We always provide confirmation when data deletion is completed.
Our data retention practices are designed to ensure we meet the regulatory obligations (HIPAA and others) for keeping necessary records, while not holding data longer than needed. We aim to balance privacy and compliance. If you have questions about how long a particular type of data is kept, or need assistance with a data deletion request, please contact us or your organization's administrator.
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or features of the service. If we make material changes, we will notify our client organizations (and, where appropriate, end-users) through the appropriate channels – for example, via email or an in-app notification. The "Last Updated" date at the top will always indicate when the latest changes were made. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.
If we ever propose to use personal data in a manner materially different from what is stated in this Policy, we will obtain the necessary consent or provide an opportunity to opt out (if applicable) before such use.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled in Careswift, please contact us:
Careswift Privacy Team
Email: [email protected]
You may also contact your EMS provider or healthcare organization's privacy or compliance officer for questions about the data they manage in Careswift. We are committed to working with our clients and users to promptly address any issues or inquiries related to privacy.
Thank you for trusting Careswift with your sensitive data. We take that trust seriously and are dedicated to maintaining the highest standards of privacy and security in our service.