Privacy Policy

1. Introduction

SleepDx ("we," "our," or "us"), a division of Florida Lung & Sleep Associates, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our home sleep testing platform and services.

2. Information We Collect

Personal Information

We may collect the following personal information:

• Name, email address, phone number
• Practice name and address (for healthcare providers)
• Professional credentials and license information
• Billing and payment information

Protected Health Information (PHI)

For patients undergoing sleep studies, we collect:

• Date of birth, gender, and demographic information
• Sleep study data (SpO2, heart rate, motion data)
• Diagnostic results (AHI, ODI, TST)
• Medical history relevant to sleep disorders

Technical Information

• IP address and device identifiers
• Browser type and operating system
• Usage data and access logs

3. How We Use Your Information

We use collected information to:

• Provide and maintain our sleep testing services
• Process sleep study data and generate diagnostic reports
• Communicate with healthcare providers and patients
• Process payments and manage billing
• Improve our services and develop new features
• Comply with legal and regulatory requirements
• Send important service updates and notifications

4. How We Share Your Information

We may share your information with:

• Healthcare Providers: Sleep study results are shared with the ordering practice
• Service Partners: EnsoData (AI scoring), Impilo Health (device fulfillment), and cloud service providers
• Interpreting Physicians: Board-certified sleep specialists who review and interpret studies
• Legal Requirements: When required by law, subpoena, or regulatory authority

We do not sell your personal information to third parties for marketing purposes.

5. HIPAA Compliance

As a healthcare service provider, we comply with the Health Insurance Portability and Accountability Act (HIPAA). This includes:

• Implementing administrative, physical, and technical safeguards
• Maintaining Business Associate Agreements with all partners handling PHI
• Providing patients with rights to access, amend, and request restrictions on their PHI
• Training all personnel on HIPAA requirements

6. Data Security

We implement industry-standard security measures:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication for platform access
• Regular security audits and vulnerability assessments
• HIPAA-compliant cloud infrastructure (Microsoft Azure)

7. Data Retention

We retain personal and health information for as long as necessary to provide our services and comply with legal requirements. Medical records are retained in accordance with applicable state and federal regulations, typically for a minimum of 7 years for adult patients.

8. Your Rights

Depending on your location, you may have the right to:

• Access your personal information
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Opt out of marketing communications
• Request a copy of your health records

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children without parental consent.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: