Liberaite Platform

Privacy Policy

Effective Date: May 23, 2026

This Privacy Policy (“Policy”) describes how Premonition Health (“Premonition Health,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with the Liberaite platform (“Platform”). By using the Platform, you acknowledge that you have read and understand this Policy.

1. Scope

This Policy applies to:

  • Clinic Users — authorized staff of independent medical practices using the clinic-facing plane of the Platform;
  • Patient Users — individuals accessing the patient portal to view health records and communicate with their care team.

This Policy does not apply to third-party services linked from or integrated with the Platform, which are governed by their own privacy policies.

2. Information We Collect

2.1 Information You Provide

Account and Identity Information. When you register or are provisioned as a user, we collect your name, email address, professional role (for Clinic Users), and authentication credentials.

Clinical and Health Information (PHI). Clinic Users enter clinical data on behalf of patients, including diagnoses, medications, encounter notes, prescriptions, and billing records. Patient Users may view this data and may additionally submit secure messages, patient-authored problem notes, and document upload requests.

Communications. Secure messages sent through the Platform are stored as part of the clinical record.

2.2 Information Collected Automatically

When you use the Platform, we automatically collect:

  • Log data, including IP address, browser type, operating system, and pages accessed;
  • Session activity and audit logs, which record user actions on clinical records for compliance and security purposes;
  • Device identifiers when accessing the Platform via a registered office device.

2.3 Information from Third Parties

We may receive information from integrated third-party services including practice management bridges, identity verification services, and electronic fax/SMS providers, as required to deliver the Platform’s functionality.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Platform and its clinical features;
  • Authenticate users and enforce role-based access controls;
  • Enable clinical workflows including encounter documentation, prescription management, billing, scheduling, and pharmacy dispensing;
  • Facilitate patient-provider communications and patient access to health records;
  • Maintain audit logs required by HIPAA and applicable regulations;
  • Detect security incidents, investigate fraud, and enforce this Policy and our Terms of Use;
  • Improve the Platform using aggregated, de-identified data in accordance with HIPAA de-identification standards (45 C.F.R. § 164.514);
  • Comply with applicable legal obligations.

4. PHI and HIPAA Compliance

Premonition Health acts as a Business Associate to Clinics that are Covered Entities under HIPAA. Our use and disclosure of PHI is governed by our Business Associate Agreement (“BAA”) with each Clinic and by applicable law. Key PHI practices:

  • PHI is stored in encrypted databases hosted on Google Cloud Platform (GCP) within the United States;
  • All PHI transmitted between the Platform and users is encrypted in transit using TLS;
  • Access to PHI is limited to users with an authorized role and a legitimate need to access that data;
  • PHI is never transmitted to third-party artificial intelligence services without appropriate safeguards, explicit per-clinic opt-in, a signed Business Associate Agreement with the AI provider, and payload audit logging;
  • Patients may revoke consent to data sharing at any time; revocation stops future PHI sharing but does not alter or delete existing clinical records held by the Clinic;
  • Confidential records are flagged with explicit audit-logged action; all flagging actions are recorded.

5. Patient Rights

Patient Users have the following rights with respect to their health information, subject to applicable law and the policies of their Clinic:

  • Access. You may view your health information through the patient portal, including active medications, conditions, visit summaries, and documents.
  • Correction. You may submit demographic edit requests or corrections, which enter a Clinic staff review workflow.
  • Patient-Authored Notes. You may attach notes to your own problem list entries, which are displayed to your care team and clearly attributed as patient-authored.
  • Delegate Access. You may request that a family member or caregiver receive read access to your chart. Delegation requires Clinic approval. You may self-revoke delegate access at any time without staff involvement.
  • Consent Revocation. You may revoke consent to data forwarding at any time. Revocation stops the forwarding of your PHI but does not modify or delete the underlying clinical record.
  • HIPAA Rights. You retain all rights afforded to you under HIPAA, including the right to request an accounting of disclosures, to request restrictions, and to file a complaint with the U.S. Department of Health and Human Services.

To exercise these rights, contact your Clinic directly or reach us at privacy@premonition.health.

6. How We Share Your Information

We do not sell your personal information or PHI. We may share information in the following circumstances:

  • With Your Clinic. Clinic staff authorized by the Clinic can access your health information as part of your care.
  • Service Providers. We share information with third-party service providers that help us operate the Platform, including cloud infrastructure, identity management, email delivery, and fax/SMS communications providers, under appropriate data processing and Business Associate agreements.
  • Practice Management Integrations. If your Clinic uses a practice management bridge (e.g., a billing or scheduling system), data necessary for those workflows may be shared with that system in accordance with your Clinic’s configuration.
  • Legal Compliance. We may disclose information when required by law, regulation, court order, or to respond to lawful requests from public authorities.
  • Business Transfers. In the event of a merger, acquisition, or sale of all or substantially all of our assets, user information may be transferred, subject to HIPAA requirements and appropriate notice.

7. Data Retention

We retain PHI and clinical records in accordance with our BAA with each Clinic and applicable federal and state record-retention laws. Audit logs are retained for a minimum of six (6) years in accordance with HIPAA requirements. Non-clinical account information is retained for as long as your account is active or as needed to provide services. Upon termination of a Clinic’s subscription, Premonition Health will facilitate secure data export and deletion in accordance with the applicable agreement.

8. Security

Premonition Health implements administrative, physical, and technical safeguards designed to protect your information, including:

  • Encryption of all data in transit (TLS) and at rest;
  • Role-based access controls enforced at both the API and database level;
  • Comprehensive audit logging of all access to clinical records;
  • Multi-factor authentication for administrative access;
  • Regular security reviews and vulnerability assessments;
  • PHI sanitization before any data is transmitted to external services.

No method of electronic transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a breach affecting PHI, we will notify affected Clinics in accordance with HIPAA breach notification requirements (45 C.F.R. §§ 164.400–414).

9. Cookies and Tracking Technologies

The Platform uses session cookies and local browser storage solely to maintain authenticated sessions and user preferences (such as display settings). We do not use advertising cookies or third-party behavioral tracking technologies. We do not display advertising.

10. Children’s Privacy

The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 independently of their healthcare relationship with a Clinic. PHI belonging to minors is handled in accordance with HIPAA and applicable state law governing minors’ health privacy rights.

11. State-Specific Privacy Rights

Depending on your state of residence, you may have additional privacy rights. For example, California residents may have rights under the California Consumer Privacy Act (CCPA), to the extent it applies to health information not otherwise exempt under HIPAA. Kansas residents and residents of other states with health data privacy laws are encouraged to contact us to understand how those laws interact with our practices. To inquire about state-specific rights, contact us at privacy@premonition.health.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify Clinics of material changes via the Platform or email. The effective date at the top of this Policy reflects when it was last revised. Continued use of the Platform after an update constitutes acceptance of the revised Policy.

13. Text Messaging (SMS) Program & Consent

Premonition Health offers SMS text messaging to patients who opt in. Participation is voluntary and is never a condition of receiving care. This section describes how consent is obtained, what messages we send, and how we handle text-messaging data.

13.1 How patients opt in

Patients provide express consent to receive text messages through one or more of the following methods:

  • Patient portal (per-channel opt-in). Within the Premonition Health patient portal, a patient confirms (verifies) their mobile number and must explicitly enable “Receive text messages” for that number. SMS consent and email consent are separate, independent choices. The setting is off by default, is not required to receive care, and each opt-in is recorded with a timestamp in the patient’s record.
  • In person at intake. During new-patient onboarding, patients may consent to text messaging on signed intake paperwork.
  • Verbally. Patients may provide verbal consent to clinic staff, which is recorded in the patient’s record.

At the point of opt-in, patients are shown the following disclosure: “By providing your mobile number and enabling text messages, you agree to receive text messages from Premonition Health. Message & data rates may apply. Message frequency varies. Reply STOP to opt out, HELP for help. See our Privacy Policy and SMS Terms.”

13.2 Types of messages

Patients who opt in may receive: appointment reminders, lab-result availability notifications, billing and payment notices, membership and account updates, and two-way care-coordination and support messages.

13.3 Message frequency, rates, and opt-out

  • Message frequency varies.
  • Message and data rates may apply.
  • Reply STOP to any message to opt out at any time. Reply HELP for help, or call (316) 789-6049.

13.4 Text-messaging data and third parties

Text-messaging originator opt-in data and consent are not shared with any third parties or affiliates for marketing or promotional purposes. No mobile information is sold. We share data only with the service providers that help us deliver these messages (for example, our SMS/telecommunications provider) under appropriate agreements, and as otherwise described in this Policy.

14. Contact Us

For privacy-related questions, requests, or complaints, please contact:

Privacy Officer, Premonition Health
Email: privacy@premonition.health
Website: https://premonition.health

For HIPAA-specific complaints, you also have the right to contact the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr.