Health Data Disclosure
Purpose of This Disclosure
This document explains what health information myCARI accesses when you connect your healthcare provider accounts. This disclosure is required by Epic and other healthcare providers who participate in patient data sharing programs.
When you connect myCARI to your healthcare provider through FHIR (Fast Healthcare Interoperability Resources) standards, we access specific types of health data to provide you with a comprehensive view of your health information and enable care coordination with your authorized care team members.
What Health Data We Access
Patient Information
| Data Type | What It Includes | Why We Need It |
|---|---|---|
| Demographics | Name, date of birth, gender, address, phone number, email, emergency contacts | To identify you accurately and enable care team communication |
| Patient ID | Medical record numbers, patient identifiers from each connected provider | To link your records across different healthcare systems |
Medical Records
| Data Type | What It Includes | Why We Need It |
|---|---|---|
| Conditions | Active diagnoses, past medical history, problem lists | To display your health conditions and track changes over time |
| Medications | Current prescriptions, dosages, frequencies, prescribing providers | To help you track medications and set reminders |
| Allergies | Drug allergies, food allergies, environmental allergies, reactions | To display critical safety information to you and your care team |
| Immunizations | Vaccination history, dates administered, vaccine types | To maintain your immunization records in one place |
| Lab Results | Blood tests, urine tests, pathology results, reference ranges | To display results and track trends over time |
| Vital Signs | Blood pressure, heart rate, weight, height, temperature, oxygen saturation | To track your vital signs and identify trends |
| Procedures | Surgeries, medical procedures, dates performed | To maintain a complete procedural history |
| Clinical Notes | Visit summaries, discharge summaries, progress notes | To provide context about your care and provider recommendations |
Care Information
| Data Type | What It Includes | Why We Need It |
|---|---|---|
| Encounters | Office visits, hospital stays, emergency visits, telehealth appointments | To show your visit history and care timeline |
| Care Team | Your doctors, specialists, and other healthcare providers | To help coordinate care among your providers |
| Appointments | Upcoming and past appointment information | To help you track and manage your healthcare appointments |
How We Use Your Data
Primary Uses
- Display: Show your health information in a unified, easy-to-understand format within the myCARI app
- Sync: Keep your health data synchronized across your connected healthcare providers
- Reminders: Send medication reminders and appointment notifications based on your preferences
- Insights: Generate personalized health insights and trends from your data using AI
- Sharing: Enable you to share specific health information with care team members you authorize
We Do NOT
- Sell your health data to any third party
- Share your data with advertisers
- Use your data for marketing purposes without your explicit consent
- Share your data with insurance companies
- Share your data with employers
- Make treatment decisions - we only provide information to support you and your healthcare providers
- Share your data with any third parties except as required by law or as you explicitly authorize
Data Storage
| Aspect | Details |
|---|---|
| Location | United States (Google Cloud Platform) |
| Encryption | AES-256 at rest, TLS 1.3 in transit |
| Compliance | HIPAA compliant infrastructure and practices |
| Retention | Data retained while your account is active, plus 30 days after account deletion |
| Backups | Encrypted backups retained for 90 days for disaster recovery |
Who Can See Your Data
| Who | What They Can See | How They Get Access |
|---|---|---|
| You | All of your health data | By logging into your myCARI account |
| Care Team Members | Only what you explicitly share with them | You invite them and set their permission level |
| MLPipes Staff | Limited access for technical support only, with audit logging | Only when necessary to resolve issues you report |
| No One Else | Your data is never shared with other parties | We do not sell, rent, or share your data |
Care Team Permission Levels
| Permission Level | What They Can See | Typical Use |
|---|---|---|
| Basic View | Medications, allergies, and conditions only | Family members helping with basic care coordination |
| Full View | All health data including lab results and clinical notes | Primary caregivers who need complete health picture |
| Professional Caregiver | Full view plus ability to add notes and observations | Healthcare professionals involved in your care |
Your Control Over Data
You Can Always
- View: See all the health data we have stored about you
- Disconnect: Remove any healthcare provider connection at any time
- Remove: Remove any care team member's access instantly
- Delete: Request complete deletion of your account and all associated data
- Export: Download your health data in standard formats (PDF, JSON, FHIR)
How to Disconnect a Healthcare Provider
- Open myCARI and go to Settings
- Select "Connected Accounts" or "Healthcare Providers"
- Find the provider you want to disconnect
- Tap "Disconnect" and confirm your choice
What Happens When You Disconnect
- We immediately stop accessing new data from that provider
- Previously imported data remains in your myCARI account unless you choose to delete it
- You can delete the imported data separately if desired
- You can reconnect at any time by going through the authorization process again
Data Refresh
| Refresh Type | Frequency | Description |
|---|---|---|
| App Open | Each time you open the app | Quick sync to check for new data |
| Background Sync | Every 4-6 hours | Automatic updates when the app is not in use |
| Manual Refresh | On demand | Pull down on any screen to force a refresh |
| Initial Import | One time | Full historical data import when you first connect a provider |
Provider-Specific Information
Epic MyChart
When you connect to a healthcare provider that uses Epic MyChart:
- Consent Screen: You will see Epic's authorization screen listing what data myCARI can access
- Re-authorization: Epic connections typically require re-authorization every 12 months
- Revoke Access: You can also revoke myCARI's access directly in your MyChart account under "Manage Apps" or similar settings
Other Providers
myCARI supports connections to many healthcare providers using various electronic health record systems, including:
- Cerner (now Oracle Health)
- athenahealth
- Allscripts
- NextGen Healthcare
- eClinicalWorks
- And many others
Each provider may have slightly different authorization processes and data availability. The specific data we can access depends on what each provider makes available through their patient access API.
Questions?
If you have questions about how we access or use your health data, please contact us:
Privacy Inquiries: privacy@mlpipes.ai
General Support: support@mlpipes.ai
Mailing Address:
MLPipes LLC
5725 S Valley View Blvd Ste 5 PMB 471045
Las Vegas, Nevada 89118-3122 US