Privacy Policy

1 Information We Collect

Account Information

When your organization registers for the eLabs platform, we collect:

• User credentials — username and a securely hashed password (we never store plaintext passwords)
• User profile — full name, assigned role (Administrator, Lab Administrator, Lab Technician, User), and associated laboratory
• Session data — login timestamps, IP addresses, and browser identifiers for audit and security purposes

Protected Health Information (PHI)

When you upload lab requisitions for processing, our AI engine extracts:

• Patient demographics — name, date of birth, gender, phone number, address
• Medical record numbers (MRN) and accession numbers
• Ordering physician details — name, NPI, facility
• Insurance information — carrier name, policy and group numbers
• Ordered laboratory tests and diagnosis codes (ICD-10)

Usage & Technical Data

• Pages visited, features used, and processing statistics
• File upload metadata (filenames, sizes, timestamps — not file contents beyond processing)
• Error logs and system performance metrics
• Browser type, operating system, and device information

2 How We Use Your Information

We use collected information exclusively for:

• Core service delivery — AI-powered processing of lab requisitions into verified electronic lab orders
• Order transmission — secure delivery of validated orders to your Laboratory Information System
• Fax automation — automated distribution of lab results to referring physicians
• WhatsApp order intake — processing requisition images received via WhatsApp integration
• Duplicate detection — preventing duplicate order submissions through daily order tracking
• Quality assurance — Lab order field validation, audit trails, and processing statistics
• Account administration — role-based access control, user management, and session security
• Platform improvement — anonymized, aggregated analytics to improve AI accuracy and system reliability

3 Data Storage & Security

We implement multiple layers of protection for all data on the eLabs platform:

• Encryption in transit — all connections use TLS 1.2+ (256-bit SSL) encryption
• Encryption at rest — uploaded files and processed orders are encrypted on disk
• Secure transmission — lab orders are delivered via encrypted secure connections to your LIS
• Password security — user passwords are hashed using industry-standard scrypt algorithms; minimum 8-character policy enforced
• Access control — role-based permissions restrict data access by user role (Administrator, Lab Administrator, Lab Technician, User)
• Session management — server-side sessions with automatic timeout and secure cookie handling
• Audit logging — all data access, modifications, and order processing events are logged with timestamps and user identification
• Rate limiting — automated brute-force protection with account lockout after failed login attempts

4 Data Retention

We retain data according to the following policies:

• Processed lab orders — retained in the output directory for the duration needed for lab transmission and verification, then subject to automated cleanup
• Processing history — processing records (timestamps, filenames, success/failure status) are retained for reporting and audit purposes
• Uploaded requisitions — original upload files are processed and may be retained for reprocessing needs; organizations can request deletion
• Daily order tracking — duplicate-detection records are automatically cleared at midnight (MST) each day
• Session data — server sessions expire according to configured timeout policies
• Audit logs — retained in accordance with HIPAA minimum retention requirements (6 years)

5 Information Sharing

We share information only in the following limited circumstances:

• Laboratory Information Systems — validated lab orders are transmitted to your designated LIS via encrypted connections you configure
• Referring physicians — lab results may be faxed to physicians as part of the automated fax distribution service
• AI processing — requisition images are processed through our AI extraction engine; data is not retained by AI services beyond the processing request
• Legal obligations — we may disclose information if required by law, court order, or to protect the rights and safety of our users

6 Multi-Laboratory Data Isolation

The eLabs platform supports multiple laboratory organizations. Each laboratory operates within an isolated environment:

• Separate test compendiums, provider directories, insurance mappings, and client lists
• Users are assigned to a specific lab and can only access data within their lab's scope
• Administrators manage their own lab's configuration without visibility into other laboratories
• Secure credentials are stored per-lab and used exclusively for that lab's order transmission

7 Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate personal information
• Deletion — request deletion of your personal information, subject to legal retention requirements
• Data portability — receive your data in a structured, machine-readable format
• Restriction — request that we limit processing of your information in certain circumstances

To exercise any of these rights, contact us at support@tech-healthcare.com.

8 Cookies & Session Technology

The eLabs platform uses server-side sessions to maintain your authenticated state. We use:

• Session cookies — essential cookies required for login and navigation (no tracking cookies)
• Slider captcha — security verification on the login page to prevent automated attacks

We do not use third-party advertising cookies, analytics trackers, or social media pixels within the authenticated eLabs portal.

9 Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify registered users of material changes via the platform. The "Last Updated" date at the top of this page indicates the most recent revision.

10 Contact Us