2. Scope

This Privacy Policy applies to all users of LFNConnect, including organizations and their authorized staff. If your access is provided through your organization, that organization may serve as the Covered Entity or data controller, and LFN is also a Covered Entity under HIPAA. Your organization’s privacy practices and agreements may also apply.

3. Information We Collect

We collect only the data that is necessary to provide the app’s features and services and to ensure the app operates properly. Data may be entered by you or provided by your organization (tenant). We do not request Contacts, Photos, Camera, or precise Location permissions.

3.1 Information you or your organization provide

• Account and profile data: name, email, phone (optional), organization name, and role/access level.
• Operational data: hospital names, unit names, phone numbers, addresses, and location coordinates; dispatch and contact information; follow-up request details; supply requests; administrative routing settings.
• Care-related data: where enabled by your organization, the app may receive limited PHI such as patient weight, condition, and transport details necessary to facilitate emergency response.
• Communications data: messages, notes, or comments you submit through the app.

3.2 Device and technical data

• Device identifiers (UUID) generated by the app for device registration and CloudKit synching, app version, build number, logs required for app functionality and troubleshooting.
• Push notification token (if enabled).
• No collection of HealthKit data, photos, contacts, or GPS location beyond what your organization configures.

3.3 Permissions we request

• Bluetooth – hardware button support to discover/connect with support BLE hardware buttons for transport request workflows.
• Microphone – speech-to-text input (stored only if included in your communications).
• Notifications – operational alerts (e.g., sync and device-related notifications).
• Network access – to synchronize data with iCloud/CloudKit, send emails via your tenant-configured provider (SMTP or Microsoft Graph), and fetch configuration.

We use collected information solely to:

• Enable emergency communication, dispatch, and transport workflows.
• Facilitate secure communication between organizations, hospitals, and providers.
• Support compliance, auditing, and security monitoring.
• Improve app reliability and performance.
• Provide and improve core functionality of the app.

5. Where your data is processed and stored

• iCloud/CloudKit (Apple): Tenant-specific data, configuration, and device registration are stored in your iCloud private databases using CloudKit and Apple’s CKSyncEngine.
• Email providers: Outbound emails are sent via the tenant’s configured method:
• • Microsoft Graph (using your organization’s Microsoft tenant credentials you configure), or
• • SMTP (using tenant-provided secure SMTP credentials)
• On-device: Some settings and caches are stored locally (e.g., @AppStorage, UserDefaults) to improve performance and usability.

6. Data sharing and disclosure

We disclose data only as necessary:

• To your organization (tenant): for operational and clinical workflows.
• To service providers: as specified further below. Apple iCloud/CloudKit, email providers (e.g., Microsoft Graph or tenant-configured SMTP). All providers are bound by confidentiality and security obligations.
• For legal reasons: to comply with subpoenas, lawful requests, or to protect patient safety.
• As required under HIPAA: PHI is shared only for treatment, payment, and healthcare operations unless authorized by the patient or required by law.

7. HIPAA Compliance

LFNConnect is designed for operational communication and is designed to support HIPAA compliance:

• LFN is a healthcare provider who receives PHI for the purposes of treating your organization’s patients.
• PHI is encrypted in transit and at rest, and access is restricted by tenant-level controls.
• PHI is never used for marketing, data mining, or non-operational analytics.

8.  State Privacy Rights

Residents of the United States may have certain rights under applicable federal and state privacy laws, which may include:

• Right to Know: You may request details about the personal information collected, used, or disclosed.
• Right to Access and Correction: You may request copies of your personal information or corrections if inaccurate.
• Right to Deletion: You may request deletion of personal data, subject to retention requirements under HIPAA or other laws.
• Right to Restrict Processing: You may request limitations on how your personal information is used.
• Right to Non-Discrimination: You will not face discrimination for exercising your privacy rights.
• Right to Data Portability: You may request a copy of your personal data in a user-friendly format.
• Right to Opt Out: You may opt out of the sale of personal data, targeted advertising, or certain automated decision-making.

9. Data retention

Specific Retention Periods:

• Active tenant data: Retained while your organization maintains an active LFNConnect deployment or as required by law.
• PHI and operational records: Retained for minimum periods required by HIPAA (6 years from creation date or last effective date) and applicable state healthcare record retention laws.
• Cashed data: stored locally until deleted by the user or organization.
• Technical logs and diagnostics: Retained for 90 days unless needed for ongoing security or operational analysis.
• Device registration data: Retained until device is deregistered or tenant account is terminated.
• Email delivery logs: Governed by your organization’s email provider retention settings (Microsoft Graph or SMTP provider policies).

10.  Security Safeguards

We implement administrative, physical, and technical safeguards to protect personal data and PHI, including:

• Apple’s iCloud/CloudKit with Apple’s security and encryption.  
• Encryption of all PHI in transit and at rest.
• Role-based access controls and tenant scoping.
• Secure transport protocols (TLS/SSL).
• Rate limiting and validation to reduce misuse.
• Incident response and breach notification procedures consistent with HIPAA and state law.

Security Incident Response: If we discover a security incident involving personal information or PHI:

• HIPAA-Covered Incidents: We will notify the relevant Covered Entity (your organization) without unreasonable delay and no later than 60 days after discovery, as required by HIPAA.
• State Law Incidents: We will comply with incident response and breach notification requirements consistent with applicable state law. 
• Individual Notification: Affected individuals will be notified directly by LFN or through your organization, depending on the controller relationship and applicable law requirements.

11. Children’s privacy

LFNConnect is intended for organizational use by authorized personnel only and is not directed to children under 13. We do not knowingly collect data from children. If you believe we have collected personal data from a child, contact us.

12. International Data Transfers

Data may be stored and processed in the following locations:

• Apple iCloud/CloudKit: Data is stored in Apple’s data centers, which may include locations in the United States and other countries where Apple operates, subject to Apple’s privacy and security standards.
• Email Providers: Microsoft Graph data is processed according to your organization’s Microsoft tenant location settings; SMTP data is processed according to your organization’s configured email provider location.

Safeguards for International Transfers:

• All transfers comply with HIPAA’s requirements for cross-border PHI transfers.
• Data is encrypted in transit and at rest using industry-standard encryption.
• Third-party providers are bound by contractual data protection obligations equivalent to those required under applicable privacy laws.
• Your organization maintains control over data location settings where configurable through Microsoft Graph or SMTP provider selection.
  
  

13. App Store Privacy “Data Types”

For App Store Connect, the app’s privacy details include data used only for app functionality and not for tracking:

• Data linked to you (for app functionality and account management):
  • Contact Info: name, email, phone (provided by you or your tenant).
  • Identifiers: device UUID (app-generated), user/tenant IDs.
  • User Content: comments or request notes you submit.
  • Diagnostics/Crash Data: basic logs needed for troubleshooting (if applicable).
• Data not linked to you:
  • None collected for tracking or advertising.
  • Tracking: None.

Note: Exact disclosures may vary by tenant configuration (e.g., if features like optional patient info are enabled by your organization). We do not collect HealthKit data

14. Changes to this policy

We may update this Privacy Policy from time to time. The revised version will be posted with an updated effective date. Continued use of the app after changes become effective constitutes acceptance.

15. Contact us:

For questions about this Privacy Policy, your rights, or our data practices:

Privacy-Related Inquiries:

• Email: info@lifeflight.org
• Mail: Privacy Officer, Life Flight Network, 22285 Yellow Gate Lane, Suite 102, Aurora, OR 97002

General Contact:

• Website: www.lifeflight.org
• Email: info@lifeflight.org

How to Submit Privacy Requests:

• If you are an end user: Contact your organization first, as they may be the primary data controller for your information.
• If your organization cannot assist or you need to contact LFN directly, use the privacy contact information above.
• We will respond to privacy requests within 30 days of receipt, or as required by applicable state law.