Back to home

Clinic Privacy Notice

How we handle PHI and patient information for clinic customers.

Effective June 7, 2026 · Amino Stack IQ · 915 Cimarron Circle, Bradenton, FL 34209, USA

Template document. This is a tailored draft prepared for Amino Stack IQ. Review with qualified counsel before relying on it for any production use.

This Clinic Privacy Notice describes how Amino Stack IQ processes Protected Health Information ("PHI") and other patient information uploaded to or generated within the Clinic Portal. Amino Stack IQ acts as a Business Associate of the Clinic, which is the Covered Entity under HIPAA.

1. Categories of patient information

  • Demographics, contact details, and identifiers (MRN, account IDs).
  • Clinical intake data, history, vitals, labs, and provider notes.
  • Protocol selections, prescriptions, and treatment plans.
  • Consent and acknowledgement records.
  • Communications generated through the platform.

2. Purposes of processing

  • To enable Clinic Users to deliver care, manage protocols, and document encounters.
  • To operate the platform (authentication, audit, backup, fraud prevention).
  • To support compliance and legal obligations.

3. PHI safeguards

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Row-level security and least-privilege roles on every PHI table.
  • Audit logs of administrative and PHI-relevant events (default 7-year retention).
  • Annual workforce training and background checks for personnel with PHI access.

4. Sub-processors

We engage a limited set of sub-processors for hosting, database, email delivery, and observability. A current list is available from support@aminostackiq.com. Each is bound by a written contract that includes confidentiality and security obligations consistent with HIPAA.

5. Patient rights

Patients may exercise their rights of access, amendment, accounting of disclosures, and restriction through their Clinic. The Clinic may initiate Data Subject Access Requests ("DSAR") at /clinic/dsar. Amino Stack IQ assists Clinics in fulfilling verified requests per the BAA.

6. Breach notification

Without unreasonable delay, and in any event within the timelines required by HIPAA, Amino Stack IQ will notify affected Clinics of any Breach of Unsecured PHI.

7. Retention & deletion

Patient data is retained per Clinic configuration and applicable law. Upon termination, Clinics may export data for thirty (30) days, after which we delete or de-identify per the BAA.

8. AI features

Where AI assistance is offered (e.g., protocol suggestions, summarization), prompts and outputs containing PHI are processed under BAA-covered configurations. PHI is not used to train third-party foundation models.

9. Contact

Privacy Officer, Amino Stack IQ, 915 Cimarron Circle, Bradenton, FL 34209, USA. Email: support@aminostackiq.com.