This Addendum supplements the Privacy Policy and applies to data processed for organizations using the Org Portal. The underlying Clinic Privacy Notice governs PHI for each member Clinic.
1. Organization-level data
- Organization profile (legal name, address, billing contact).
- Org Admin accounts and audit metadata.
- Brand and cobranding assets uploaded by the organization.
- Aggregate / de-identified reporting across member Clinics.
2. PHI access at the organization level
Org Admins do not, by default, have access to identifiable PHI. Where a Clinic expressly grants access (e.g., for shared service teams), such access is logged and subject to the BAA and the Clinic Privacy Notice.
3. Aggregate & de-identified reporting
Reporting available to organizations is aggregated or de-identified per HIPAA Expert Determination or Safe Harbor methods. Re-identification is prohibited.
4. Sub-processors
Same sub-processor list as the Privacy Policy; available on request.
5. Retention
Organization-level data is retained for the term of the agreement plus a reasonable period for legal and audit purposes.
6. Contact
Privacy Officer, Amino Stack IQ, 915 Cimarron Circle, Bradenton, FL 34209, USA. Email: support@aminostackiq.com.