TortFlowAI, Inc. ("TortFlow", "we", "us," or "our") provides this Individual Access Service Data Privacy & Security Notice (this "Notice") pursuant to the Trusted Exchange Framework and Common Agreement ("TEFCA") in order to inform you of how your identifiable information is used, shared and protected by us in connection with our offered Services (as defined in the next section).
Before you may use the Services, and before we may collect, use or share your identifiable information, you must review and consent to the terms of this Notice. Our obligations under this Notice shall continue for so long as we maintain your identifiable information.
You may revoke your consent at any time by contacting us at support@tortflow.ai.
Our services help you retrieve your medical records from one or more qualified health network(s) and make them available to your authorized attorney(s) for the purposes of qualifying for and participating in select Mass Tort Litigations ("Services").
We collect and use your Identifiable Information to:
We will not access, exchange, use, and/or disclose your identifiable information to assert any type of claim against you.
We do not sell your identifiable information. We share your identifiable information to provide the Services by retrieving your medical records from the associated health networks and sharing them with your authorized attorney(s).
Disclosures through TEFCA are in accordance with the permitted and required uses and disclosures specified in the Common Agreement and applicable U.S. Department of Health and Human Services guidance.
We will not share your identifiable information through TEFCA until and unless you consent to such sharing.
We use a cloud services provider to store your data. We use commercially reasonable efforts to protect identifiable information from unauthorized or illegal access, modification, use, or destruction.
When third parties are given access to identifiable information, we will take appropriate contractual, technical and organizational measures designed to ensure that identifiable information is processed only to the extent that such processing is necessary, consistent with this Notice and in accordance with applicable law.
We also require that any third parties who are given access to identifiable information use measures to maintain the security and confidentiality of such information which are no less protective than our obligations under this Policy.
TortFlow will act in conformance with this Notice and will protect the security of the information it holds in accordance with the applicable Framework Agreement.
We encrypt your data automatically when stored and when transmitted.
In order to qualify to use the Services, we may ask for access to other device data or applications, such as your phone's camera, photos, or contacts in order to connect to a government identification/authentication application. This may require the use of your phone's camera for biometric validation of your identity.
You can decide whether to continue to share your identifiable information with your authorized attorneys through your user portal. The Services allow you to access or request deletion of the data we have about you.
We typically retain your Identifiable Information for as long as you interact with us in order to provide the Services. We may also retain identifiable information or deidentified data for a period of time after our relationship ends due to ongoing business needs to retain it.
Relevant factors impacting our retention periods include:
We review our retention policies on an annual basis and routinely purge information when the retention period has been met.
When your account is deactivated or terminated, whether at your direction or by us, the data, including your identifiable information, is retained and used until you request deletion through the manual request process described above.
We will deidentify your data when your account is deactivated or terminated and it may be used consistent with this Notice.
Any policy changes that are applicable to this Notice will be posted, and consumers can find such changes on our website at https://www.tortflow.ai/data-and-security-notice.
We will provide notice to you (unless prohibited by applicable law) within three (3) business days of:
TortFlow follows appropriate regulations relating to data breaches and will notify you if your identifiable information is, or is reasonably believed to be, affected by a data breach.
We are subject to HIPAA as a Business Associate, not a Covered Entity. We will follow our obligations as a Business Associate under HIPAA regarding your breach notification.
TORTFLOW DOES NOT PROVIDE BIDIRECTIONAL SERVICES. YOU WILL HAVE THE ABILITY TO REQUEST ACCESS TO YOUR HEALTH INFORMATION VIA TEFCA EXCHANGE. YOU WILL NOT BE ABLE TO USE TORTFLOW TO SHARE YOUR HEALTH INFORMATION WITH OTHER PARTICIPANTS IN TEFCA.
TortFlow is not a Covered Entity and is not subject to the Health Insurance Portability and Accountability Act (HIPAA Rules), as a matter of law. We are a business associate of Covered Entities.