Account Deletion Policy
Requesting Account Deletion
To initiate the process of permanently deleting your account, please contact the administrator of your company's space within Noted. Here are the steps your administrator should follow:
- Set your status to "Rejected": This action indicates that your account is no longer active and should be removed from the system.
- Account Deletion: Once you are off the billing period, your administrator will proceed to delete your account.
Data Retention for Compliance
Please note that while your account will be permanently removed from our services, we are required to retain certain information for compliance and auditing purposes as we are a HIPAA-compliant solution:
- Username
- Full Name
This data will be automatically deleted once the compliant retention period has passed, in accordance with HIPAA regulations.
Security Measures
We employ stringent security measures to ensure the protection of your data during the account deletion process:
- Role-based access controls to ensure only authorized personnel can initiate account deletions.
- End-to-end encryption for all data during storage and transmission.
- Regular vulnerability assessments and penetration testing to safeguard against unauthorized access.
Breach Notification
In the unlikely event of a data breach involving your information:
- We will notify affected Covered Entities within 60 calendar days of discovery.
- We will provide detailed information on the breach's nature, affected data, mitigation steps taken, and recommendations for further actions.
Administrative Safeguards
- Workforce training on HIPAA compliance is conducted regularly for all employees handling PHI.
- Policies are in place for incident response, risk management, and reporting unauthorized disclosures.
Physical Safeguards
- Data centers hosting PHI are secured with controlled access systems, surveillance cameras, and environmental protections against disasters.
Technical Safeguards
- Systems include audit controls to log access to ePHI.
- Unique user IDs are assigned to track system activity effectively.
- Transmission security protocols prevent interception of ePHI during data transfers.
Limitations of Liability
While we take extensive measures to ensure HIPAA compliance:
- The Company is responsible for ensuring proper use of the Service in compliance with applicable laws.
- We are not liable for breaches caused by user negligence or failure to follow security protocols.
Termination
Upon termination:
- All access to PHI will be revoked immediately.
- We will return or securely destroy all PHI as specified in the BAA unless otherwise required by law.
Amendments
We reserve the right to update this Account Deletion Policy as necessary to comply with changes in laws or regulations or to improve our Service. Users will be notified of significant changes via email or platform notifications.