Privacy Policy

DAPP Inc. d/b/a Atlas HLTH ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Atlas HLTH platform (the "Service").

This policy applies to all users of the Service, including patients, clinicians, and administrative users. For patients, this policy supplements our Notice of Privacy Practices (NPP), which describes your rights under HIPAA.

2.1 Patient Information

When you use the patient portal or are referred through the platform, we may collect:

• Name, date of birth, and contact information
• Referral and care coordination records
• Clinical assessment data (ATLAS TRIAGE results, PHQ-9, GAD-7 scores)
• Consent records (HIPAA NPP acknowledgment, 42 CFR Part 2 consent)
• Satisfaction survey responses

2.2 Clinician and Staff Information

For clinicians and administrative users, we collect:

• Name, email address, and professional credentials
• Account activity and audit logs
• Provider network information and scheduling data

2.3 Technical Information

We automatically collect certain technical information, including:

• IP address and device information
• Browser type and operating system
• Pages visited and actions taken within the Service
• Session timestamps and duration

We use collected information to:

• Facilitate behavioral health referrals and care coordination
• Conduct clinical assessments and generate triage recommendations
• Communicate with patients and care teams about referral status
• Maintain audit logs for HIPAA compliance and security monitoring
• Improve the accuracy and effectiveness of our routing algorithms
• Send appointment reminders and care coordination notifications
• Comply with applicable legal and regulatory requirements

We do not sell your personal or health information to third parties.

4.1 With Your Care Team

We share your health information with the behavioral health providers to whom you are referred, and with your referring clinician or organization, for treatment and care coordination purposes.

4.2 Business Associates

We may share information with third-party service providers (Business Associates) who assist us in operating the Service, such as cloud infrastructure providers and communication services. All Business Associates are required to maintain the confidentiality and security of PHI under signed Business Associate Agreements (BAAs).

4.3 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or when we believe disclosure is necessary to protect the rights, property, or safety of the Company, our users, or the public.

4.4 Substance Use Disorder Records

Records related to substance use disorder treatment are subject to additional protections under 42 CFR Part 2 and will not be disclosed without your explicit written consent, except as required by law.

We implement industry-standard security measures to protect your information, including:

• 256-bit TLS encryption for all data in transit
• Encryption at rest for all stored PHI
• Role-based access controls and multi-factor authentication
• Comprehensive audit logging of all PHI access events
• Regular security assessments and penetration testing
• Incident response procedures compliant with HIPAA Breach Notification Rule

We retain patient health information for a minimum of 7 years from the date of last service, or longer as required by applicable state law. Audit logs are retained for a minimum of 6 years. You may request deletion of your non-PHI account data by contacting us at [email protected].

As a patient, you have the right to:

• Access: Request a copy of your health records
• Amendment: Request corrections to inaccurate information
• Accounting of Disclosures: Request a list of disclosures of your PHI
• Restriction: Request restrictions on certain uses and disclosures
• Confidential Communications: Request that we communicate with you through alternative means
• Complaint: File a complaint with the U.S. Department of Health and Human Services

To exercise these rights, contact our Privacy Officer at [email protected].

The Service uses session cookies for authentication and localStorage for user preferences (including consent acknowledgment). We do not use third-party advertising cookies or tracking pixels. You may disable cookies in your browser settings, but this may affect the functionality of the Service.

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have collected information from a child under 13, please contact us immediately at [email protected].

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the effective date and, where appropriate, through in-app notifications. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

For privacy-related questions, requests, or complaints: