Privacy Policy

Introduction

Nurse Charting Pro ("we," "our," or "us") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

Information We Collect

Personal Information

We may collect the following types of personal information:

• User Profile Data: Name, nursing unit, professional credentials
• Contact Information: Email address (if provided for support)
• Usage Data: App interaction patterns, feature usage statistics

Health Information (PHI)

As a healthcare documentation application, we process Protected Health Information (PHI) including:

• Patient identifiers (room numbers, medical record references)
• Clinical observations and assessments
• Nursing narratives and documentation
• Vital signs and patient status information

Technical Information

• Device information (model, operating system, unique identifiers)
• Log data (timestamps, error reports, performance metrics)
• Security events (authentication attempts, data access logs)

How We Use Your Information

We use the collected information for:

• Service Delivery: Providing patient rounding and documentation features
• Data Security: Maintaining audit trails and security monitoring
• Improvement: Analyzing usage patterns to enhance functionality
• Support: Responding to user inquiries and technical issues
• Compliance: Meeting HIPAA and healthcare regulatory requirements

Data Storage and Security

Local Storage

Patient data is primarily stored locally on your device using encrypted storage mechanisms. This design ensures data availability even without internet connectivity and minimizes data transmission risks.

Encryption

• Data at rest: AES-256 encryption for all stored PHI
• Data in transit: TLS 1.3 for any network communications
• Secure key management using platform-native security features

Access Controls

• Device-level authentication required for app access
• Automatic session timeouts for inactive periods
• Audit logging of all data access and modifications

Data Sharing and Disclosure

We Do Not Sell Your Data

We will never sell, rent, or trade your personal information or PHI to third parties for marketing purposes.

Limited Sharing Scenarios

We may share information only in these circumstances:

• Healthcare Operations: With your healthcare facility as part of normal operations
• Legal Requirements: When required by law or valid legal process
• Emergency Situations: To prevent serious harm or protect patient safety
• Service Providers: With vendors who assist in app operations (under strict BAAs)

Your Rights and Choices

You have the right to:

• Access: Request copies of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Export: Receive your data in a portable format
• Restriction: Limit how we use your information

Data Retention

We retain information only as long as necessary for the purposes outlined in this policy or as required by law. Healthcare documentation may be subject to retention requirements ranging from 3-7 years depending on jurisdiction and record type.

Children's Privacy

Nurse Charting Pro is designed for use by healthcare professionals and is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

HIPAA Compliance

As a business associate under HIPAA, we maintain compliance with all applicable regulations including:

• Privacy Rule (45 CFR Part 160 and Part 164, Subparts A and E)
• Security Rule (45 CFR Part 164, Subpart C)
• Breach Notification Rule (45 CFR Part 164, Subpart D)

EHR Integrations (SMART on FHIR)

Nurse Charting Pro offers optional integrations with third-party electronic health record (EHR) systems that support the SMART on FHIR standard. Currently supported systems are Epic and Oracle Health (Cerner). These integrations are strictly opt-in and only activate when a nurse taps Send to EHR inside the app.

First-use disclosure

Before the first time a nurse sends a narrative to an EHR, the app displays an in-app consent modal that explains what will be transmitted, where it will go, and that the nurse is responsible for ensuring the transmission is permitted under their facility's documentation and disclosure policy. The nurse must actively acknowledge the disclosure before the OAuth flow begins. The acknowledgment is remembered across shifts as a user preference; nurses can reset it at any time from Settings → Reset EHR Consent.

What data is sent

• Only the narrative you author in the app is transmitted, packaged as a FHIR DocumentReference resource. Neither your EHR username nor password is ever seen, stored, or transmitted by Nurse Charting Pro.
• The narrative goes directly from your device to the EHR you selected. Once it leaves your device, the receiving EHR's privacy and security policies govern how the data is handled.
• Nurse Charting Pro does not store, log, or retain the contents of narratives transmitted to an EHR on its servers. We act as a conduit, not a processor.

Authentication and authority

Authentication uses the SMART on FHIR OAuth 2.0 authorization code flow with PKCE, executed via the system browser (SFAuthenticationSession on iOS, Custom Tabs on Android). The nurse authenticates as themselves against the EHR's own identity provider. The EHR — not Nurse Charting Pro — enforces the nurse's permissions and controls which patient charts the nurse is authorized to write to.

OAuth token lifecycle

• OAuth access tokens and refresh tokens are held only in memory (Redux state) for the duration of the active session.
• Tokens are destroyed at end of shift along with the app's existing crypto-shredding of all clinical data. They are never persisted to disk and do not survive app restarts.
• The one-time consent acknowledgment flag is persisted as a user preference (separate from OAuth tokens) so that nurses are not re-prompted on every shift.

Role of the Nurse Charting Pro backend

A lightweight HTTPS proxy hosted at nursechartingpro.com/api/fhir/token and nursechartingpro.com/api/fhir/document handles only the OAuth token exchange (so EHR client secrets never ship in the mobile bundle) and the forwarding of DocumentReference create requests. The proxy does not log PHI, does not store PHI, and does not retain request bodies. For public-client PKCE flows, the device communicates directly with the EHR and the proxy is not involved at all.

Analytics

Analytics events related to EHR usage (for example, fhir_exported and ccda_exported) contain only hashed, anonymous chart identifiers. No patient data, no narrative text, and no EHR-identifying details are ever transmitted to our analytics provider.

C-CDA export

The C-CDA export feature produces an XML file on the device and surfaces it through the system share sheet. It does not transmit data to any server — the nurse can save, email, or AirDrop the file at their discretion. No authentication is required.

Website Analytics

Our marketing website (nursechartingpro.com) uses Vercel Analytics, a privacy-friendly, cookie-free analytics service provided by Vercel Inc. Vercel Analytics collects anonymous, aggregated data including page views, web vitals, referrer, and approximate geographic location inferred from IP address. No cookies are set and no personally identifiable information is stored. IP addresses are used only for geo-inference and are not retained. For more information, see Vercel's Analytics Privacy Policy.

International Data Transfers

Your data is processed and stored within the United States. If you access our services from outside the U.S., you acknowledge that your information will be transferred to and processed in the U.S.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated through:

• In-app notifications
• Email notifications (if contact information provided)
• Updated version number and "Last Updated" date

Continued use of Nurse Charting Pro after policy updates constitutes acceptance of the revised terms.

Contact Us

For privacy-related questions, concerns, or requests, please contact:

• Website: https://nursechartingpro.com
• Email: privacy@nursechartingpro.com
• Privacy Officer: Available upon request

State-Specific Rights

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to access your personal information
• Right to equal service and price

Other States

Residents of Virginia, Colorado, Connecticut, and other states with privacy laws may have similar rights. Contact us to exercise your rights under applicable state law.