Privacy Policy

Last Updated: November 1, 2025

IAOM ("IAOM," "we," "our," "us") provides artificial-intelligence tools for clinical documentation, medical scribing, and CPT/ICD-10 coding assistance ("Services"). We are committed to protecting the privacy and security of all users and their data. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the rights and responsibilities of all parties.

By accessing or using IAOM, including our web application, extension, mobile interfaces, APIs, and related services ("Platform"), you agree to the terms in this Privacy Policy.

1. Information We Collect

We only collect information necessary to deliver, secure, and improve the IAOM Platform.

1.1 User Information

We may collect:

  • Name, email address, phone number
  • Organization or clinic details
  • Login credentials and authentication data
  • Payment information and subscription details (Payment details are processed by third-party processors; IAOM does not store full credit card numbers.)

1.2 Clinical Encounter Information (PHI / Sensitive Data)

If you use IAOM to process patient encounters, we may collect:

  • Audio recordings
  • Transcripts
  • Notes, summaries, and structured documentation
  • Provider-generated or AI-generated diagnostic codes
  • Other clinical metadata

1.3 Technical & Device Information

We may collect:

  • Browser type, device type, OS information
  • Log data (timestamps, IP address, performance data)
  • Interaction data for debugging and improving the Platform

1.4 Automatically Generated Data

To improve accuracy and performance, IAOM may generate:

  • Model outputs (summaries, draft notes, code suggestions)
  • Anonymized performance metrics
  • System-level logs for security monitoring

2. How We Use Information

IAOM uses collected data exclusively to provide and enhance the Platform.

IAOM uses data for:

  • Creating clinical documentation, summaries, notes, and coding assistance
  • Improving transcription accuracy and model performance
  • Debugging, monitoring, and securing system operations
  • User support, training, and troubleshooting
  • Compliance with legal, regulatory, and security frameworks

IAOM does not:

  • Sell, rent, trade, or monetize personal data or PHI
  • Use PHI to train general AI models
  • Access your data for marketing unless explicitly permitted

3. Data Sharing & Disclosure

We do not share identifiable data except where necessary to deliver the service or comply with the law.

We may share data with:

  • Sub-processors (e.g., secure cloud hosting, payment processors). All sub-processors are bound by confidentiality, security, and HIPAA-aligned obligations.
  • Your organization if you are using IAOM under a clinic or enterprise account.
  • Regulators or law enforcement only when required by law or legal process.

We never sell or license PHI or user data to third parties.

4. Data Security

We implement industry-leading administrative, technical, and physical safeguards to protect all data processed on IAOM.

Security measures include:

  • End-to-end encryption in transit (TLS 1.2+) and at rest
  • Zero-trust access control and role-based permissions
  • Encrypted API communication
  • Audit logs and real-time threat detection
  • Secure data isolation between clinics and organizations
  • Periodic security audits and penetration testing

If applicable to your plan, IAOM will enter a Business Associate Agreement (BAA) to comply with HIPAA obligations.

5. Data Retention & Deletion

We retain data only for as long as necessary to provide the Services or comply with legal requirements.

Users may request deletion of their data at any time, subject to legal and regulatory limitations.

Upon contract termination, we securely delete or return data in accordance with HIPAA, NIST, and industry standards.

6. User Responsibilities

Users agree:

  • Not to submit data they are not authorized to submit
  • To comply with all applicable privacy, medical, legal, and professional regulations
  • To ensure any PHI submitted is permitted by their clinic or governing policies
  • To notify IAOM immediately of any suspected unauthorized access

7. Children's Privacy

IAOM does not target or provide services to minors under 18. Any incidental PHI involving minors must be entered only by authorized healthcare professionals.

8. International Data Transfers

If users access the Platform from outside the United States, data may be processed in the United States or other jurisdictions with equivalent safeguards.

9. Changes to the Privacy Policy

We may update this Privacy Policy periodically. Updated versions will be posted with a "Last Updated" date. Continued use of IAOM constitutes acceptance of revisions.

10. Contact Information

For questions, privacy requests, or data rights inquiries, contact:

IAOM AI

Email: william@iaomai.net

← Back to About