Privacy Policy

Our Commitment to Privacy

At Mirava Health, Inc. ("Mirava," "we," "us," or "our"), privacy is not an afterthought. It's foundational to everything we build. As a healthcare technology company serving patients, providers, and caregivers across the full continuum of care, we understand the profound responsibility that comes with handling health information.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you interact with our platforms, services, and research partnerships. We believe transparency builds trust, and trust enables better care.

HIPAA Compliance & Protected Health Information

Mirava Health is a HIPAA-covered entity and business associate. When we handle Protected Health Information (PHI) on behalf of healthcare providers, we do so in strict compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

What is PHI?

PHI includes any individually identifiable health information that relates to:

• Your past, present, or future physical or mental health condition
• Healthcare services provided to you
• Payment for healthcare services

Your HIPAA Rights

Under HIPAA, you have the right to:

• Access: Request copies of your health information
• Amend: Request corrections to your health information
• Accounting: Receive a list of disclosures we've made
• Restrict: Request limits on how we use or share your information
• Confidential Communications: Request communication through specific means
• Complaint: File a complaint if you believe your rights have been violated

Information We Collect

1. Health Information

When you or your healthcare provider use our platforms, we may collect:

• Medical history, symptoms, diagnoses, and treatment plans
• Medication lists and pharmacy information
• Lab results, vital signs, and clinical observations
• Care coordination notes and provider communications
• Insurance and payment information
• Caregiver and family contact information (with consent)

2. Account Information

To provide our services, we collect:

• Name, email address, phone number
• Date of birth and demographic information
• Login credentials (passwords are encrypted)
• Profile preferences and settings

3. Technical Information

Our systems automatically collect:

• Device type, operating system, browser type
• IP address and general location (city/state level)
• Usage patterns, feature interactions, session duration
• Error logs and performance metrics

4. Research Data

If you participate in research partnerships:

• De-identified aggregate health trends
• Survey responses and feedback
• Outcome measurements (always with explicit consent)

How We Use Your Information

Treatment & Care Coordination

We use your information to:

• Enable communication between your care team members
• Coordinate appointments, prescriptions, and referrals
• Facilitate caregiver support and family involvement
• Provide telehealth and remote monitoring capabilities
• Generate care plans and health summaries

Platform Operations

• Authenticate your identity and secure your account
• Provide customer support and respond to inquiries
• Detect and prevent fraud, abuse, or security incidents
• Improve platform performance and fix technical issues
• Comply with legal obligations and enforce our terms

Research & Population Health (with consent)

• Conduct de-identified research to improve care delivery
• Identify health trends and outcome patterns
• Develop new features based on user needs
• Contribute to public health initiatives

When We Share Information

We share your information only as necessary for your care and as permitted by law:

Your Care Team

• Healthcare providers directly involved in your care
• Authorized caregivers and family members (with your consent)
• Pharmacies, labs, and imaging centers as needed

Business Associates

We work with trusted third-party vendors who help us provide our services. All business associates sign HIPAA-compliant agreements and are required to protect your information. These include:

• Cloud infrastructure providers (data hosting, storage)
• Payment processors and billing services
• Analytics and security monitoring tools
• Customer support platforms

Legal Requirements

We may disclose information when required by law:

• Court orders, subpoenas, or legal proceedings
• Public health reporting (e.g., infectious diseases)
• Law enforcement investigations
• Prevention of serious harm or safety threats

How We Protect Your Information

Security is embedded in our architecture, not bolted on afterward:

Technical Safeguards

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based permissions ensure users only see what they need
• Authentication: Multi-factor authentication for sensitive accounts
• Monitoring: 24/7 security monitoring and intrusion detection
• Audit Logs: Comprehensive logging of all access and changes

Organizational Safeguards

• Regular security training for all employees
• Background checks for personnel with data access
• Incident response plans and disaster recovery procedures
• Third-party security audits and penetration testing
• HIPAA compliance assessments

Data Minimization

We collect only what's necessary and retain it only as long as needed for treatment, legal compliance, or as otherwise permitted by law.

Your Rights & Choices

Access & Portability

Request a copy of your health information in a common electronic format. We'll respond within 30 days.

Correction

If you believe information in your record is incorrect, you can request amendments. We'll review and update as appropriate.

Deletion

Request deletion of your account and associated data, subject to legal retention requirements (e.g., HIPAA mandates we keep certain records for 6 years).

Opt-Out

• Marketing communications (unsubscribe links in all emails)
• Research participation (does not affect your care)
• Certain data sharing (may limit functionality)

State Privacy Rights

Residents of California, Virginia, Colorado, and other states with comprehensive privacy laws have additional rights, including:

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of sales (we don't sell data)
• Right to non-discrimination for exercising privacy rights

Children's Privacy

Our services support pediatric care, but we do not knowingly collect information directly from children under 13 without parental consent. When we provide services for minors:

• Parents/guardians must create and manage accounts
• We comply with COPPA (Children's Online Privacy Protection Act)
• We obtain parental consent for research participation

International Data Transfers

Mirava Health is based in the United States. If you access our services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. We comply with applicable data protection frameworks, including GDPR requirements for European users.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on our website
• In-platform notifications

Continued use after changes indicates acceptance of the updated policy.

Contact Us

Filing a HIPAA Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with:

You will not be penalized or retaliated against for filing a complaint.