Early Access Preview — Enterprise release coming soon. Contact us to schedule a live demo.

Privacy Policy

Last Updated: January 1, 2025

Your Privacy is Our Priority

Median is committed to protecting your privacy and personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with HIPAA and GDPR regulations.

1. Information We Collect

We collect information necessary to provide healthcare services and platform functionality:

  • Protected Health Information (PHI) including medical records, diagnoses, treatments, and prescriptions
  • Personal identifiers (name, date of birth, address, phone, email)
  • Insurance information and payment details
  • Technical data (IP address, browser type, device information)
  • Usage data (features accessed, time spent, interaction patterns)

2. How We Use Your Information

  • Treatment: To provide, coordinate, and manage healthcare services
  • Payment: To process billing and insurance claims
  • Healthcare Operations: Quality improvement, training, and compliance activities
  • Platform Functionality: To provide, maintain, and improve our services
  • Communication: To send important notifications and updates

3. Data Sharing and Disclosure

We only share your information when necessary and permitted by law:

  • With your healthcare providers for treatment purposes
  • With your insurance company for payment processing
  • With Business Associates under signed BAAs (HIPAA-compliant vendors)
  • As required by law (court orders, regulatory requirements)
  • In emergencies to protect health and safety

4. Your Privacy Rights

Under HIPAA (US)

  • • Right to access your medical records
  • • Right to request corrections
  • • Right to accounting of disclosures
  • • Right to request restrictions
  • • Right to confidential communications

Under GDPR (EU/Global)

  • • Right to access your data
  • • Right to rectification
  • • Right to erasure (right to be forgotten)
  • • Right to data portability
  • • Right to object to processing

5. Data Security

We implement industry-leading security measures including AES-256 encryption, multi-factor authentication, regular security audits, and SOC 2 Type II compliance. For detailed information, see our Security & Compliance page.

6. Data Retention

We retain your information as required by law: minimum 7 years for US HIPAA compliance. You may request deletion after these periods, subject to legal obligations and regulatory requirements.

7. Data Storage and Security

All patient data is stored in HIPAA-compliant data centers within the United States (AWS US-East and US-West regions). We employ end-to-end encryption, regular security audits, and comprehensive backup procedures to ensure data integrity and availability.

8. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Officer / Data Protection Officer

Email: privacy@lydianmedi.com

This Privacy Policy is provided in accordance with HIPAA § 164.520 and GDPR Articles 12-14.