Privacy & PHI Handling

Effective on first launch · Updated as the app changes.

PocketRounder is an inpatient charge-capture tool intended for use by licensed clinicians and their authorized staff. It is designed to handle Protected Health Information (PHI) consistent with the HIPAA Privacy and Security Rules. This page describes how PHI flows through the app and what your rights are.

What we collect

PocketRounder stores the PHI you enter directly:

Patient name, date of birth, and sex
Medical record number (MRN)
Hospital location, room, and insurance carrier
Diagnosis codes (ICD-10) and procedure codes (CPT)
Provider attribution, encounter dates, billing status, and clinical notes

The app collects no telemetry, no analytics, no crash reports, and no advertising identifiers.

Where it lives

Data is stored only on this device, in a SQLite database protected by iOS Data Protection (NSFileProtectionComplete). The database is excluded from iCloud backup. The Anthropic API key, if entered, is stored in the iOS Keychain.

No data is transmitted to Anthropic, Apple iCloud, or any third party unless cloud OCR is explicitly enabled — which is currently disabled until a Business Associate Agreement (BAA) is in place with a covered backend.

Who has access

Only the device owner, authenticated by Face ID, Touch ID, or device passcode, can open the app and view PHI. The app re-locks after a configurable idle interval (Settings → Security → Auto-lock).

Patient rights (HIPAA)

Access — patients may request their records. Use the Export tab to produce a CSV.
Amendment — patients may request corrections. Edit fields in the patient detail view.
Deletion — patients may request deletion. Swipe-trailing on the patient list deletes the record. The deletion is logged in the audit log.
Audit — every patient access, edit, export, or copy is recorded in the Audit Log (Settings → Security → Audit Log).

Data retention

Your clinic's HIPAA retention policy applies — typically six or more years for clinical and billing records. Configure auto-purge under Settings → Data Retention. The audit log is retained until manually wiped or the app is fully reset.

Breach response

If this device is lost, stolen, or compromised:

Use Find My iPhone to remote-wipe immediately.
Notify the clinic's Privacy Officer within 24 hours.
Report to HHS OCR within 60 days if PHI was exposed.
Notify affected individuals per the HIPAA Breach Notification Rule.

Third parties & BAAs

Apple iOS — data stays on device; iCloud backup is disabled for this app's database.
Cloud OCR (Anthropic Claude Vision) — DISABLED pending a signed BAA. Re-enabling will require routing through a BAA-covered backend, not direct device-to-Anthropic calls.
Billing systems — when CSVs are exported, send only to BAA-covered destinations (your biller's secure portal, encrypted clinic email, or HIPAA-compliant fax). Personal email and consumer cloud storage are not HIPAA-compliant channels.

What this app does not do

No analytics SDKs (Firebase, Mixpanel, Sentry, etc.)
No CloudKit or iCloud Drive sync
No background uploads
No iOS Universal Clipboard sharing of PHI (clipboard items are local-only and expire after 60 seconds)
No third-party fonts or webview content

Contact

For privacy questions or to report a suspected breach:

Privacy Officer: Ilyas Colombowala, MD — ilyas@colombowala.com · 832-478-5067
Security Officer: Ilyas Colombowala, MD — ilyas@colombowala.com · 832-478-5067
App contact: ilyas@colombowala.com

This policy is provided as a template for clinics deploying PocketRounder and should be customized for your covered entity and reviewed by your compliance counsel before production use. PocketRounder is a tool — HIPAA compliance is a property of the people, policies, and infrastructure around it.