Clarity Schedule

Privacy Policy

Last updated: December 28, 2024

1. Introduction

Clarity Schedule ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our nurse scheduling software platform and related services (the "Service").

As a healthcare technology provider, we understand the critical importance of protecting health information and maintaining compliance with applicable privacy regulations, including the Health Insurance Portability and Accountability Act (HIPAA).

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Account Information: Name, email address, phone number, job title, and organization details
  • Professional Information: Nursing credentials, certifications, specializations, and work preferences
  • Scheduling Data: Work schedules, availability, time-off requests, and shift assignments
  • Usage Information: How you interact with our Service, including features used and time spent
  • Communication Data: Messages sent through our platform and support interactions

2.2 Protected Health Information (PHI)

In the course of providing our Service to healthcare organizations, we may process Protected Health Information (PHI) as defined by HIPAA. This may include:

  • Patient census and acuity data for staffing optimization
  • Information necessary for nurse-patient assignments
  • Data integrated from Electronic Health Record (EHR) systems

2.3 Technical Information

  • Device Information: IP address, browser type, operating system, and device identifiers
  • Log Data: Access times, pages viewed, and actions taken within the Service
  • Location Data: General location information for shift verification (when enabled)
  • Cookies and Analytics: Data collected through cookies and similar technologies

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

  • Provide and maintain our nurse scheduling platform
  • Process scheduling requests and optimize staff assignments
  • Enable communication between healthcare team members
  • Integrate with EHR and HRIS systems as configured
  • Provide mobile application functionality

3.2 Analytics and Improvement

  • Analyze usage patterns to improve our Service
  • Generate workforce analytics and reporting
  • Develop AI-powered predictive staffing capabilities
  • Monitor system performance and security

3.3 Communication and Support

  • Respond to customer service requests
  • Send important service updates and notifications
  • Provide technical support and troubleshooting
  • Communicate about new features and improvements

4. HIPAA Compliance and Healthcare Data Protection

Clarity Schedule is designed to comply with HIPAA requirements when processing Protected Health Information (PHI). We serve as a Business Associate to covered healthcare entities and implement appropriate safeguards including:

  • Administrative Safeguards: Designated privacy and security officers, workforce training, and access management
  • Physical Safeguards: Secure data centers, workstation controls, and media protection
  • Technical Safeguards: Encryption, access controls, audit logs, and transmission security

Healthcare organizations using our Service may be required to execute a Business Associate Agreement (BAA) with us to ensure proper handling of PHI in accordance with HIPAA requirements.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Within Your Organization

Information is shared with authorized users within your healthcare organization as necessary for scheduling, workforce management, and operational purposes.

5.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Service, including:

  • Cloud hosting and infrastructure providers
  • Analytics and monitoring services
  • Customer support platforms
  • Payment processing services

All service providers are contractually required to maintain appropriate security measures and use information only for specified purposes.

5.3 Integration Partners

With your organization's authorization, we may integrate with:

  • Electronic Health Record (EHR) systems
  • Human Resources Information Systems (HRIS)
  • Payroll and timekeeping systems
  • Other healthcare technology platforms

5.4 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or to protect our rights, property, or safety.

6. Data Security

We implement comprehensive security measures to protect your information, including:

  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Multi-factor authentication and role-based access permissions
  • Network Security: Firewalls, intrusion detection, and secure network architecture
  • Regular Audits: Security assessments and vulnerability testing
  • Incident Response: Procedures for detecting and responding to security incidents
  • Employee Training: Regular security awareness training for all personnel

Our infrastructure is hosted on secure, HIPAA-compliant cloud platforms with appropriate certifications and compliance attestations.

7. Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

  • Account Data: Retained while your account is active and for a reasonable period after termination
  • Scheduling Data: Retained according to your organization's data retention policies
  • PHI: Retained in accordance with HIPAA requirements and Business Associate Agreement terms
  • Log Data: Typically retained for 12-24 months for security and operational purposes

Upon termination of service, we provide a reasonable period for data export before secure deletion.

8. Your Rights and Choices

Depending on your location and applicable laws, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request a copy of your data in a portable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to certain types of processing

To exercise these rights, please contact us using the information provided in Section 12. We will respond to your request within the timeframe required by applicable law.

9. Cookies and Analytics

We use cookies and similar technologies to enhance your experience and analyze usage patterns:

9.1 Types of Cookies

  • Essential Cookies: Required for basic functionality and security
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use our Service

9.2 Google Analytics

We use Google Analytics (GA4) to analyze website usage and improve our Service. Google Analytics may collect information about your device, browser, and usage patterns. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Our Google Analytics tracking ID is: G-RH6ZN6683H

10. International Data Transfers

Your information may be processed and stored in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by applicable regulatory bodies
  • Other legally recognized transfer mechanisms

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Providing notice through our Service

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes acceptance of the changes.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Clarity Schedule Privacy Team

Email: privacy@clarityschedule.com

Website: https://clarityschedule.com

Address: [Company Address]

Phone: [Phone Number]

Data Protection Officer:

Email: dpo@clarityschedule.com

13. Regulatory Compliance

Clarity Schedule is committed to compliance with applicable privacy and data protection regulations, including:

  • HIPAA: Health Insurance Portability and Accountability Act (United States)
  • GDPR: General Data Protection Regulation (European Union)
  • CCPA: California Consumer Privacy Act (California, United States)
  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
  • State Privacy Laws: Various state-level privacy regulations

We regularly review and update our practices to maintain compliance with evolving regulatory requirements in the jurisdictions where we operate.