Effective: June 10, 2026
This statement explains how RoundSmarter LLC (operating as “Round
Smarter”) handles information when our platform is used by healthcare
providers in skilled nursing and long-term acute care settings.
Round Smarter is a
HIPAA Business Associate
Round Smarter is a Business Associate as defined by the Health
Insurance Portability and Accountability Act (HIPAA). We do not have a
direct treatment relationship with patients. We provide our platform to
healthcare organizations (the Covered Entities) under written Business
Associate Agreements (BAAs) that govern how we may use and disclose
Protected Health Information (PHI) on their behalf.
If you are a patient with questions about your health information,
please contact the healthcare organization that treats you. Your
provider can route privacy-rights requests to us through our BAA
process.
Information We Process
Round Smarter processes the following categories of information on
behalf of the healthcare organizations that contract with us:
- Clinical data retrieved from PointClickCare via
authenticated server-to-server API calls — including patient
demographics, diagnoses, medications, vitals, progress notes, laboratory
and imaging reports, allergies, coverage, nutrition orders, care plans,
and admit/discharge/transfer events. - Provider-generated content created within Round
Smarter — clinical briefs, SOAP notes, and structured note
metadata. - Provider account information for authorized users
of the platform — name, NPI, email, facility assignments, and
authentication records.
Microphone and Audio
Recordings
The Round Smarter mobile app can record short clinical audio during
rounding when a provider chooses to start a recording. Microphone access
is used solely for this purpose; the app does not record in the
background or without an explicit provider action. Recordings are
uploaded to our HIPAA-compliant environment over TLS and processed into
provider-reviewed clinical documentation. A recording is deleted from
the device once it has been successfully uploaded and persisted
server-side, and the server-side audio is retained only as long as
needed to produce and confirm the resulting documentation, after which
it is deleted. Audio is treated as PHI; it is never used for advertising
and never sold.
How We Store and Protect
Information
- All clinical data is stored in a HIPAA-compliant environment on
Google Cloud Platform. - Data at rest is encrypted using AES-256. Data in transit is
encrypted using TLS 1.2 or higher. - All API traffic between Round Smarter and PointClickCare requires
mutual TLS authentication using a client certificate. - Access is restricted to authenticated providers, scoped to the
facilities they are assigned to. - We maintain audit logs of read access to PHI.
- Round Smarter operates under Business Associate Agreements with the
Covered Entities it serves and with its own subprocessors where
applicable.
Retention
Clinical data retrieved from PointClickCare is held under a 90-day
rolling retention window per (patient, data type). A record’s
last_confirmed_at timestamp is refreshed each time
PointClickCare re-emits the same record through a polling cycle or
webhook event. Records not refreshed within 90 days are deleted by a
daily sweep job. AI-derived clinical summaries follow the same 90-day
window.
When a patient is discharged or a facility off-boards from Round
Smarter, retained data for the affected scope is purged ahead of the
normal sweep.
How We Use Information
We use the information described above strictly to operate the Round
Smarter platform on behalf of the Covered Entities we serve — generating
clinical briefs and AI-assisted documentation, retrieving the clinical
data those tasks require, and providing the authenticated user interface
that displays them. We do not sell PHI. We do not use PHI for
advertising. Aggregate, fully de-identified statistics derived from
platform operation may be used for system improvement and quality
monitoring; nothing released externally identifies any individual.
Sharing
We do not share PHI outside of:
- The Covered Entity that contracted with us
- PointClickCare, when writing back a provider-signed progress note to
the patient’s chart in PointClickCare at the provider’s explicit
instruction - Subprocessors operating under BAAs to deliver the platform (e.g.,
cloud infrastructure, language-model inference for clinical brief
generation, transcription) - Disclosures required by law or by the BAA between Round Smarter and
the Covered Entity
Provider Rights and
Account Information
Authorized providers using Round Smarter may request a copy of their
account information, request correction of inaccurate account
information, or close their account by emailing admin@roundsmarter.com.
Requests related to PHI are handled through the Covered Entity, per the
governing BAA.
Security Incidents
In the event of a security incident affecting PHI, Round Smarter will
notify the affected Covered Entity in accordance with the terms of the
governing BAA and applicable law.
Children
Round Smarter is a professional tool intended solely for licensed
healthcare providers and authorized facility staff. It is not directed
to, or intended for use by, children, and we do not knowingly collect
personal information directly from anyone under the age of 16. Any
information about minors that appears in the platform is patient clinical
data processed on behalf of a Covered Entity under a BAA — not
information collected from a child user.
Contact
For privacy questions or to report a privacy concern, contact:
Email: admin@roundsmarter.com (subject
line: “Privacy”)
Updates to This Statement
We may update this statement as our practices evolve. Material
changes will be reflected in the effective date at the top of this page
and communicated to the Covered Entities we serve through the BAA
process.
Round Smarter — RoundSmarter LLC Effective: June 10, 2026