P
PPHrisk

Privacy Policy

Last updated: June 5, 2026. Effective: June 5, 2026.

Plain-English summary: PPHrisk is a clinical decision-support tool. Patient health information (PHI) read from an EHR via SMART-on-FHIR stays in your browser. We never store patient names, MRNs, dates of birth, or addresses on our servers. The only data stored in our cloud database is de-identified risk-assessment metadata (e.g., "Bed 7", risk tier, framework used) used to generate compliance reports for the team. We do not run advertising trackers, sell data, or share information with third parties beyond what is necessary to operate the service.

1. Who we are

PPHrisk is operated by Epigenuity LLC, a Delaware limited liability company with offices in Tucson, Arizona. We can be reached at privacy@pphrisk.com.

2. Scope of this policy

This policy describes how Epigenuity handles personal information collected through the PPHrisk service at pphrisk.com and its sub-pages. It applies to clinicians using the calculator and team features, as well as visitors to the marketing site. It does not apply to information you choose to share separately by email, phone, or in person.

3. Types of information processed

3a. Protected Health Information (PHI) read from an EHR

When PPHrisk is launched from a SMART-on-FHIR–capable EHR (Epic, Cerner / Oracle Health), the EHR provides PPHrisk with a short-lived access token scoped to a single patient. PPHrisk uses that token to read the patient's chart data — specifically: name, date of birth, conditions, observations, medication statements, medication requests, and procedures.

All PHI is processed in your browser and is never transmitted to or stored on any Epigenuity-controlled server. The access token lives only in your browser's session storage and is destroyed when the tab is closed.

3b. Locally stored assessment records (your device only)

PPHrisk's "local roster" feature stores risk assessments you save — including any free-text labels and notes you enter — in your browser's local storage. This data is on your device only; we do not have access to it. You can clear it any time by signing out, clearing site data in your browser, or using the in-app delete control.

3c. De-identified team-feed records (in our database)

When you sign in with a whitelisted institutional email and save an assessment, a copy is also sent to our Supabase-hosted database. The copy contains:

We do not collect patient names, MRNs, dates of birth, addresses, phone numbers, or any other direct or indirect identifier. If you accidentally enter PHI in the label or notes field, please contact privacy@pphrisk.com and we will delete the record.

3d. Simulation-drill records

For users with team access, drill logs (date, scenario type, scenario description, participant counts, role categories, debrief notes, action items) are stored in the same de-identified database. Drill records do not contain patient information.

3e. Account information

When you sign in, we store your email address (used as the account identifier) and any optional profile fields you provide (display name, title, organization name, NPI). Authentication is provided by Supabase Auth via magic-link or one-time code.

3f. Operational logs

Our hosting provider (Vercel) records standard HTTP request logs, including IP address, request path, response code, and user agent, for operational and security purposes. These logs are retained for up to 30 days. We do not use them for marketing or profiling.

3g. Analytics

We currently do not use third-party analytics, advertising trackers, fingerprinting scripts, or cross-site tracking cookies. If we add privacy-respecting aggregate analytics (e.g., Plausible or similar) in the future, we will update this policy and disclose them here.

4. How we use information

We do not use information to advertise, profile, profile-share, or sell.

5. Legal basis (HIPAA posture)

When PPHrisk is launched from a covered entity's EHR, the PHI it reads is processed within the covered entity's own system boundary — PPHrisk acts as an extension of the user's browser session and does not exfiltrate PHI to a downstream system. We believe this read-only, transient, session-bound use is consistent with HIPAA's minimum necessary standard for treatment, payment, and healthcare operations (TPO), and does not in itself create a business associate relationship.

For team-feed records, only de-identified information is transmitted to Epigenuity-controlled systems. If a covered entity prefers to establish a Business Associate Agreement with Epigenuity covering this de-identified data flow, we will execute the covered entity's standard form. Contact privacy@pphrisk.com.

6. Data sharing

We share information only with:

We do not sell information to any party. We do not share information for advertising. We do not engage in cross-context behavioral advertising as defined by the California Privacy Rights Act.

7. Data retention

8. Your rights

You may request access, correction, or deletion of your account or de-identified records at any time by emailing privacy@pphrisk.com. We will respond within 30 days. California, Colorado, Connecticut, Virginia, and similar-state residents have additional rights under their respective privacy laws; this email address is the channel for all such requests.

9. Security

We implement the following safeguards:

See our Security Disclosure page for vulnerability reporting and technical details.

10. Children's privacy

PPHrisk is a clinical tool for use by healthcare professionals only. It is not directed to children, and we do not knowingly collect information from anyone under 18. If you believe we have inadvertently collected such information, contact us at privacy@pphrisk.com and we will delete it.

11. International users

PPHrisk is hosted in the United States. If you access it from outside the U.S., your information will be processed in the U.S. By using the service, you consent to that processing.

12. Changes to this policy

If we materially change this policy, we will update the "Last updated" date at the top and, for signed-in users with attached email addresses, send a notification. Continued use after the effective date constitutes acceptance of the change.

13. Contact

Epigenuity LLC
Attention: Privacy Officer
Tucson, Arizona
privacy@pphrisk.com

PPHrisk is a product of Epigenuity LLC. This privacy policy is provided for informational purposes; it does not create a contract, and it is not a substitute for legal advice.