Home  /  Privacy Policy

Legal

Privacy Policy

How we protect the privacy and security of the information entrusted to us by our customers, business partners, and visitors.

Last updated: January 1, 2025

Introduction

Stratum Care is a technology company based in the United States. We provide a cloud-based Software-as-a-Service (SaaS) platform (the “Stratum Care platform”) to empower long-term healthcare organizations to deliver high-quality care to the individuals they serve in their homes or care communities.

At Stratum Care, privacy is very important to us. This Privacy Policy (this “Policy”) sets out the key elements of how we address the privacy and security of information entrusted to us by our customers through their access and use of the Stratum Care platform, as well as the privacy of information entrusted to us by business partners, prospects, and others who seek information and/or contact us via stratum.care (the “Site”). The Site can be used and accessed by the public as a source of general information about Stratum Care. Our customers and business partners also can access the Stratum Care platform via the Site.

We are committed to protecting your privacy and complying with applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), where applicable. As privacy laws and practices evolve, we will amend this Policy from time to time. While we will endeavor to give reasonable notice of such changes, we do reserve the right, where necessary, to do so without prior notice.

What is considered private?

Information that is used by a government authority, financial institution, or insurance carrier to distinguish a person from other individuals (e.g., social security number, social insurance number, credit card information, or insurance policy number) is private. Such information can be used to identify an individual (e.g., a person who works at a healthcare facility, or a resident or patient in a healthcare facility). Certain information may be used to contact a person directly (e.g., an email address, home mailing address, or telephone number). Depending on the jurisdiction, the above identifiers are considered to be Personal Information (“PI”), Personally Identifiable Information (“PII”), Sensitive Personal Information (“SPI”), or a similar term, and it is private. An individual’s business contact information and business title generally are exempt from privacy laws. Information about an individual’s health, including insurance and billing information, is also considered — depending on the jurisdiction — to be PI, Protected Health Information (“PHI”), Personal Health Information (also known as “PHI”), Individually Identifiable Health Information (“IIHI”), or a similar term, and it also is private.

This Policy also will apply to non-personal information if such information can be used in combination with other Personal Information or non-personal information to identify an individual.

Please be aware that this Policy only covers information manually submitted to, or automatically collected by, us through use of the Site and/or the Stratum Care platform. If you contact or exchange information with another Stratum Care customer or business partner in person or through a means other than through the Site or Stratum Care platform, such activity is not covered by this Policy. Additionally, if you are not a customer or a business partner of Stratum Care by way of written agreement, and are contacting us out of interest in the Stratum Care platform, a business partnership, or a job opportunity, please be aware that the information that you share with us is not covered by this Policy, unless required by law.

Personal Information collected

Personal Information can be collected in two ways. The first is through direct submission, referred to in this document as “Manual Submission,” and the second is by way of “Automatic Submission” triggered by any interaction with the Site through a computer, point-of-care station, mobile device, or tablet.

Manual Submission

Personal Information can be submitted to us directly when you communicate with us offline (in person or by telephone), via email, or via the Site (by entering data or uploading files), or when you authorize Stratum Care to access, retrieve, and/or import Personal Information from another user or third party on your behalf. Additionally, if you become a customer of Stratum Care, you will be required to register by submitting Personal Information via the Stratum Care platform, email, or offline. This could include name, email address, mailing address, telephone number(s), and other contact and billing information.

Automatic Submission

Whenever your computer, mobile device, or tablet visits, logs in, or otherwise interacts with the Site, we gather data from your device and the operating software of your device transmits a “request” to us. That request includes non-personal information that is necessary to identify and route the information your device is requesting. This communication is necessary for all website and Internet services. We also use cookies (sometimes referred to as “web beacons” or “server logs”). Cookies are files that web browsers place on a computer’s hard drive that tell us whether customers or visitors have been to the Site previously, and they often include an anonymous unique identifier.

Data collected using cookies can include:

  • Date and time a “request” is transmitted through the Site
  • The model of the device making the request
  • The type and version of the operating software running on the device
  • The web browser used on the device and making the request
  • IP address and geographic location
  • Search terms used
  • URLs visited
  • Information about some of the cookies that are installed on your computer, mobile device, or tablet
  • Internet service provider
  • Previous activity on the Site

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser. For greater clarification, while our data collection practices won’t be altered, they also won’t be applied in situations where you have prevented the tracking from occurring.

How we use the Personal Information collected

Stratum Care collects Personal Information as necessary to communicate with you and/or to provide the software solutions on the Stratum Care platform. Some Personal Information (but not PHI) also may be collected for marketing and sales purposes (e.g., if you complete a form to register for a webinar or download content). Personal Information and non-personal information may be used for the following reasons:

  • To register customer accounts.
  • To contact customers to discuss their experience using the Stratum Care platform, current and future needs as a customer, or to communicate future enhancements.
  • To inform customers of promotions or special events which might benefit them.
  • To contact a prospective customer.
  • To operate, maintain, manage, and administer the Stratum Care platform, including processing registrations and diagnosing technical problems.
  • To respond to questions and communications.
  • To make service or administrative announcements about unscheduled downtime or new features, services, products, functionality, terms, or other aspects of the platform.
  • To perform audits, research, measurements, and analyses to maintain, administer, support, enhance, and protect the platform, including determining usage trends and measuring the effectiveness of content, features, or services.
  • To create new features, products, or services.
  • To save user preferences and preserve session settings and activities.
  • To provide limited auto-fill functionality for frequent users.
  • To analyze various features and content of the platform.
  • To comply with legal and regulatory obligations.

Consent and authorization

By visiting the Site, you are consenting to the use of your Personal Information for the aforementioned purposes. On occasion, we may request additional consent in connection with the use or sharing of Personal Information for a purpose not stated in this Policy or because the law requires such consent.

If you are a customer or business partner of Stratum Care, we will never use your Personal Information in a manner not otherwise provided for in our written contracts with you, authorization forms you provide to us, or this Policy.

Protected Health Information (PHI)

Stratum Care customers are health care providers and subject to laws and regulations governing the use and disclosure of PHI. In the United States, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”), along with the regulations adopted under those statutes, and similar state laws (where those laws are more stringent than HIPAA) govern the handling of PHI. Other laws may apply with respect to specific customers, as set forth in our contracts with those customers.

Health care providers are considered to be Covered Entities under HIPAA and are subject to its rules regarding PHI. If a provider delegates some of its work to a third party, and that party must access PHI in order to perform the work, then such party is considered by HIPAA to be a Business Associate and is subject to the same rules regarding the protection of PHI as the Covered Entity. To enforce protection, HIPAA requires Covered Entities to execute a “Business Associate Agreement” (“BAA”) with each of its Business Associates. Our U.S.-based customers are required to sign a BAA with Stratum Care. As a Business Associate, Stratum Care is required to use reasonable and appropriate measures to safeguard the confidentiality, integrity, and accessibility of PHI that is stored and processed on behalf of Covered Entities.

Sharing your Personal Information

Third-party websites, software, and services

The Site may contain links to third-party websites, software, and services. Customers and visitors who access a linked website via the Site may be disclosing Personal Information. It is the responsibility of the user to keep Personal Information private and confidential. The Stratum Care platform is securely hosted on Amazon Web Services (AWS) cloud, which is used to securely store data, ensuring high availability and reliability. Additionally, we allow third parties to offer services to our customers through integration with the Stratum Care platform (“Connected Services”). Customers’ use of Connected Services is optional. Customers that choose to use a Connected Service acknowledge and authorize the transmission of Personal Information to a third party. We are not responsible for, nor can we control, the privacy practices of third parties. A third party’s use, storage, and sharing of your Personal Information is subject to its own privacy policies and not this Policy.

Business reorganizations or new management

There are two situations where we may need to share your Personal Information with a third party as a result of a business reorganization. The first concerns the acquisition of Stratum Care by a third party, and the second concerns the acquisition of our customers. A reorganization involves a sale, merger, transfer, exchange, or other disposition of all or part of a business. If such a transaction occurs, be aware that your Personal Information may be made available to the acquiring party. If the reorganization concerns one of our customers, Stratum Care requires the parties participating in the sale to show written evidence of the completed transaction, or some alternate form of written authorization (by both the buyer and the seller), to transfer Personal Information hosted by the platform from the seller to the buyer. A change in management of a customer facility could involve similar authorization requirements. We will not disclose your Personal Information to a party without sufficient and proper authorization from you, unless required by law.

Legal procedures

We may need to preserve, use, or disclose your Personal Information in response to a court order, subpoena, search warrant, judicial proceeding, or other legal process, if we have a good faith belief that the law requires us to do so, or to otherwise protect our rights. Some legal procedures may prohibit or prevent us from notifying users or other individuals identified in such procedures, or may compel us to take measures otherwise in violation of this Policy or a written agreement you have with us. Personal Information preserved as a result of legal procedures can be maintained for as long as we have a good faith belief that it is necessary and appropriate under the circumstances.

Security, threats, and breach notification

Stratum Care has physical, administrative, and technical security measures in place to protect against the loss, misuse, unauthorized access, and alteration of data and Personal Information under our direct control. When services on the platform are accessed using current browser technology, Transport Layer Security (TLS/SSL) technology protects information using both server authentication and data encryption to help ensure that data is safe, secure, and available only to you. We also implement an advanced security methodology based on dynamic data and encoded session identifications, and host the platform in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Unique usernames and passwords are required and must be entered each time a customer logs in.

  • Role-based access control: Only customer-assigned admins can access restricted data within their agency. They cannot access data from other agencies.
  • Data encryption: All data is encrypted both in transit and at rest using industry-standard encryption protocols.
  • No ads or third-party monetization: We do not serve ads or share data for advertising or monetization purposes.
  • Regular security audits: We conduct periodic security audits and monitoring to detect and prevent unauthorized access, breaches, or vulnerabilities.
  • User authentication: Multi-factor authentication (MFA) and strong password policies are enforced to protect account access.
  • Audit logs: All user interactions are logged to maintain transparency and detect unauthorized activity.

Stratum Care is committed to educating our staff about the protection of Personal Information and the importance of compliance with relevant privacy legislation and company policies. Employees and contractors are required to sign confidentiality agreements. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Personal Information; however, it is important to remember that no system can guarantee 100% security at all times. In the event that we detect a threat to security or a security vulnerability, we may attempt to contact you to recommend protective measures. Incidents of suspected or actual unauthorized handling of Personal Information are always directed to our Legal & Compliance team, which is responsible for determining escalation and response procedures, depending on the severity and nature of the incident. Incidents involving unauthorized handling of PHI will be governed by relevant legislation and, where applicable, the provisions of a BAA or similar agreement with a customer. If Stratum Care determines that Personal Information has been misappropriated or otherwise wrongly acquired, we will report such misappropriation or acquisition to you promptly.

Openness, transparency, and access to Personal Information

Upon written request by an authorized individual, Stratum Care will allow access to any PHI collected and stored about such individual, unless providing access could reasonably be expected to interfere with the administration or enforcement of the law, or it is impracticable or impossible for Stratum Care to retrieve the PHI. However, Stratum Care will first direct the individual to the applicable customer with the request that the customer provide such access, as the majority of our contracts make the customer the appropriate party to respond to access requests. When provided with reliable evidence of an error in PHI data, Stratum Care will correct any inaccurate PHI, unless to do so would interfere with the administration or enforcement of the law. Please note that any deletions performed by Stratum Care to correct an error in PHI will only be “soft” deletes (i.e., the data will no longer be viewable from the front end of the platform). If customers or their users need to update or change their Personal Information stored by us, they may do so by editing the organization or user record via the Stratum Care platform.

Retention and deletion

Stratum Care will retain Personal Information as necessary for the purposes outlined in this Policy; for as long as a customer account remains active; as required to manage and administer the platform; as required to carry out legal responsibilities (e.g., legal holds and other legal procedures); to resolve a dispute (including enforcement of a contract); or as communicated to you at the time of collection. After all applicable retention periods have expired, Stratum Care will delete or destroy your Personal Information in a manner designed to ensure that it cannot be reconstructed or read. If, at any time, it is not feasible for us to delete or destroy your Personal Information, Stratum Care will continue using the same safeguards of protection and security outlined in this Policy for as long as it cannot be destroyed.

Opt-out policy

We offer our customers using the Stratum Care platform a means to choose how we may use the information they provide to us. If, at any time, you change your mind about (i) our use of Personal Information submitted via the platform; (ii) receiving notices from us; (iii) receiving marketing or sales notices from us; or (iv) sharing your non-personal information with third parties (as described in this Policy), send us a request specifying your choice or change of permission by contacting us. Please note that, if you choose to impose certain restrictions on our use of your Personal Information, you may no longer be able to use the Stratum Care platform. If complying with your request would result in termination of your use of the platform, we will make that clear to you and confirm that this is what you want before proceeding.

Other

Children’s privacy

Stratum Care is not directed to children, and we do not knowingly collect personal information from children under 18. If we find out that a child under 18 has given us personal information, we will take steps to delete that information. If you believe that a child under the age of 18 has given us personal information, please contact us.

Changes

We may update this Privacy Policy from time to time to reflect, for example, changes to our practices or for other operational, statutory, regulatory, or legal reasons.

Contact us

Please do not include any PHI in your message to us.

If you believe your Personal Information has been used in a way that is inconsistent with this Policy or your specified preferences, or if you have further questions related to our privacy practices, please contact us at info@stratum.care.