1. Scope

This Privacy Policy applies to all components of Infosys, including:

• Local Windows-based installations
• Web and mobile extensions
• Data selectively synchronized to HostGator-hosted databases

It does not apply to any third-party services outside our control.

2. Information We Collect

Infosys is designed with privacy in mind. We minimize the amount of data transmitted and stored externally:

• Operational Metadata: Such as queue length, wait times, device metrics, alarm status.
• User Credentials: Facility codes, usernames, and hashed passwords.
• Login and Usage Activity: Timestamps, device identifiers, and module usage logs.

Important: Protected Health Information (PHI) is never transmitted or stored outside of facility-controlled infrastructure.

3. How We Use Information

• To enable core functionalities of Infosys applications.
• To ensure synchronization between local installations, web, and mobile platforms.
• To maintain secure authentication and access control.
• To generate audit logs for compliance and accountability.
• To monitor performance and troubleshoot technical issues.

4. Data Storage and Security

• Local data is stored on facility-controlled Windows PCs and shared drives.
• Web and mobile data is hosted on a HostGator shared platform with database encryption at rest.
• All communications use TLS 1.3 encryption.
• Administrative access to hosted services requires multi-factor authentication (MFA).
• Access is role-based, with automatic session timeouts and account lockouts after repeated failed attempts.

5. Sharing of Information

Infosys does not sell, rent, or trade any user or patient information. Information may only be shared in the following circumstances:

• With authorized facility administrators for operational purposes.
• As required by law, regulation, or legal process.
• To investigate or prevent unauthorized access or misuse of the system.

6. Data Retention

• Local PC data retention depends on facility policy; some modules purge or archive automatically.
• Web/mobile account data is retained indefinitely until user accounts are deactivated.
• Audit and system logs are retained indefinitely unless restricted by facility IT policy.

7. Breach Notification

In the event of a security incident involving PHI:

• We will notify the affected healthcare facility within 72 hours of confirmed detection.
• Notification will include incident details, scope of impact, remediation steps, and recommendations for mitigation.
• We will cooperate fully with the facility’s privacy and compliance officers to meet HIPAA breach notification requirements.

8. Compliance

• Infosys complies with HIPAA privacy and security safeguards.
• A Business Associate Agreement (BAA) will be signed with covered entities as required.
• While no formal HITECH certification has been completed, safeguards align with industry best practices.

9. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The effective date at the top of this page will be updated accordingly. Continued use of Infosys indicates acceptance of these changes.

10. Contact Information

If you have any questions or concerns regarding this Privacy Policy, please contact us at:

Email: ianglenn.tiu@infosysbyigtsoft.com

Website: https://infosysbyigtsoft.com