By checking the “Terms of Use” and “Privacy Notice” boxes or continuing to use the Platform, your healthcare organization, clinic, or authorized staff (“Organization” or “You”) confirm and consent to the following:

​

1. Patient Consent Responsibility

• We confirm that we have obtained (or will obtain) valid patient consent before sharing their health information with HEAL Access, in accordance with applicable privacy and healthcare laws.

​

2. Patient Data Processing

• We consent to HEAL Access processing patient health information (PHI/PII) on our behalf, solely in accordance with our documented instructions and applicable privacy and healthcare laws.

​

3. Organizational Data Processing

• We consent to HEAL Access processing organizational data, including staff account information, login activity, system usage analytics, billing and administrative records, and audit logs, for the purpose of delivering, securing, and supporting the Platform.

​

4. AI-Powered Tools (Scope & Responsibility)

• We consent to HEAL Access using AI-powered tools to generate summaries and insights.

• We acknowledge that all AI outputs are advisory only and that clinical judgment and patient care decisions remain our full responsibility.

​

5. Patient-Controlled AI Conversations

• We understand that patient AI conversations and searches are private and will not be shared with our Organization unless patients explicitly choose to share them within the Platform.

​

6. Subprocessor Awareness

• We consent to HEAL Access using trusted third-party service providers (e.g., AWS, Microsoft, and others listed in the Data Processing Agreement) to deliver Platform services, under contractual safeguards ensuring equivalent privacy and security obligations.

​

7. Data Residency

• We consent to HEAL Access storing patient data in the AWS region selected by us, unless another supported region is formally requested in writing.

​

8. Cross-Border Technical Support

• We consent to HEAL Access technical staff outside the selected region accessing data only when necessary for support, maintenance, or emergency troubleshooting.

• Such access will be strictly controlled, encrypted, logged, and will not involve persistent storage of patient or organizational data outside the authorized region.

​

9. Audit & Monitoring

• We consent to HEAL Access maintaining access, usage, and security logs for the purposes of compliance verification, system integrity, and audit readiness.

​

10. Account Deletion & Data Retention

• We acknowledge that if our Organization discontinues use of the Platform, associated patient accounts will be deleted in accordance with our contractual data retention and transition procedures.

• No patient or organizational data will be retained beyond legally or contractually required retention periods.

​

11. Authority to Consent

• The individual providing this consent on behalf of our Organization is authorized to do so and acknowledges that this consent is binding on the Organization.

​

12. Reference to Full Terms

• We have reviewed and understood the applicable agreements including the Data Processing Agreement (DPA), Business Associate Agreement (BAA) (if applicable), Master Services Agreement (MSA), and Service Level Agreement (SLA) which collectively define the rights, responsibilities, and protections applicable to this consent.