Effective Date: March 28, 2025
Organization: Seba Health Technologies, Inc.
Product: Simms AI
Seba Health Technologies, Inc. (“we,” “our,” or “us”) is committed to protecting the privacy and security of individuals’ Protected Health Information (PHI). This Privacy Policy and Notice of Privacy Practices describes how we collect, use, disclose, and safeguard PHI through our product, Simms AI. It also informs you of your rights and our legal duties under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
1. Introduction
We operate as a Covered Entity for any PHI we create, receive, or maintain while delivering healthcare-related services through Simms AI. In some cases, if we provide services on behalf of other healthcare providers, we may act as a Business Associate under a Business Associate Agreement (BAA). Regardless of our role, we are committed to adhering to HIPAA’s Privacy, Security, and Breach Notification rules.
2. Who We Are
Seba Health Technologies, Inc. is the entity behind Simms AI. Our role under HIPAA depends on whether we are providing direct healthcare services (Covered Entity) or supporting other providers (Business Associate). In all cases, we follow HIPAA requirements to protect PHI.
3. Information We Collect and Maintain
Protected Health Information (PHI)
- Audio Recordings / Transcriptions: Uploaded by healthcare professionals or patients for the purpose of generating summaries, transcriptions, or other medical documentation within Simms AI.
- Identifiable Health Data: May include patient names, medical history, diagnoses, prescriptions, and other data necessary for care coordination or documentation.
User Account and Access Information
Includes usernames, emails, and related account credentials for clinicians or patients accessing Simms AI’s portal.
Usage and Log Data
We collect system logs, IP addresses, and usage metrics to monitor performance, security, and user activity related to the Simms AI platform.
4. How We Use and Disclose PHI
We may only use and disclose PHI as permitted or required by HIPAA and other applicable laws:
Treatment, Payment, and Healthcare Operations
- Treatment: To assist healthcare providers with patient care by generating transcriptions, summaries, or clinical documentation.
- Operations: For quality assessment, improving platform performance, auditing, and overall administration of Simms AI.
Business Associates
We may disclose PHI to our subcontractors who perform services on our behalf (e.g., cloud hosting, analytics) under a valid BAA ensuring they protect PHI in compliance with HIPAA.
Required by Law
We may disclose PHI when required to do so by state or federal law, court orders, or law enforcement requests where applicable.
Other Uses
We do not sell PHI or use it for marketing activities without explicit authorization where required. We do not disclose PHI to third parties for purposes outside of HIPAA’s allowances without obtaining necessary authorizations.
5. Your Rights Regarding PHI
As an individual whose PHI is processed by Simms AI on behalf of healthcare providers (or directly if you are our patient/user):
Right to Inspect and Obtain a Copy
You have the right to access your PHI. Please contact your healthcare provider or Seba Health Technologies, Inc. directly for instructions on how to request a copy.
Right to Request Amendment
If you believe your PHI is incorrect or incomplete, you can request an amendment. We will respond according to HIPAA guidelines.
Right to an Accounting of Disclosures
You can request an accounting of certain disclosures of your PHI we have made in the previous six (6) years. Exceptions and limitations may apply.
Right to Request Restrictions
You may request that we limit how we use or disclose your PHI. We will consider your request but are not always legally required to agree to it.
Right to Confidential Communications
You may request that we communicate with you about PHI via alternative means (e.g., an alternate email) or at alternative locations.
Right to Receive a Copy of This Notice
You can request a paper or electronic copy of this Privacy Policy and Notice of Privacy Practices at any time.
6. Safeguards and Security Measures
Technical Safeguards
- Encryption of data in transit (HTTPS/TLS) and at rest (Azure SQL TDE, Blob Storage encryption).
- Access controls enforced by Azure AD B2C and session-based authentication within Simms AI.
Administrative Safeguards
- Internal policies for workforce training, access authorizations, and termination procedures.
- Periodic risk assessments and audits to evaluate our compliance with HIPAA Security Rules.
Physical Safeguards
- Reliance on Microsoft Azure’s data center security for cloud-hosted infrastructure.
- Secure office equipment and device encryption on any local machines that may handle ePHI.
7. Data Retention
PHI generated or processed by Simms AI is retained for as long as necessary to fulfill the purposes outlined in this Policy, in accordance with legal, contractual, or regulatory obligations. We regularly assess retention periods and securely delete or de-identify data when it is no longer needed.
8. Changes to This Policy
We reserve the right to update or modify this Privacy Policy and Notice of Privacy Practices at any time to reflect changes in our practices or regulatory requirements. If we make any significant changes, we will notify users through the Simms AI platform or via email. The “Effective Date” at the top of this document indicates when it was last revised.
9. Questions or Complaints
If you have any questions about this Notice or if you believe your privacy rights have been violated, you may contact us:
Seba Health Technologies, Inc.
Attn: Privacy Officer (Sebastian Cano-Besquet)
quickening@quickeningai.net
You also have the right to file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights if you believe we have violated your privacy rights. We will not retaliate against you for filing a complaint.
10. Acknowledgment
By using Simms AI or providing PHI to Seba Health Technologies, Inc., you acknowledge receipt of this Privacy Policy and Notice of Privacy Practices. We take seriously our obligation to protect your data and will comply with HIPAA and other applicable privacy laws in doing so.