This policy outlines how MD Ally manages information collected, processed, stored, and transmitted through our technology platform and operational workflows.
1. PURPOSE
The purpose of this policy is to outline the general practices used to safeguard sensitive information, manage data throughout its lifecycle, and support compliance with applicable privacy, security, and regulatory requirements. These practices support the secure operation of MD Ally’s services used by healthcare providers, public safety agencies, and community partners.
MD Ally handles several categories of information as part of its operations, including protected health information, operational records, and system-generated data. This policy describes how those types of information may be handled within the organization’s systems and infrastructure.
This policy operates alongside other privacy, security, and compliance practices that govern the protection of information within MD Ally’s systems.
2. SCOPE
This policy applies to information that is created, received, stored, transmitted, or processed through MD Ally’s systems and services.
This policy applies to data handled by MD Ally personnel, systems, and authorized technology environments used to support telehealth operations, care coordination services, operational monitoring, and platform administration.
This includes information managed through:
• application platforms used to deliver MD Ally’s services
• operational support systems and internal tools
• infrastructure environments used to host and manage system components
• data used to support monitoring, troubleshooting, and system reliability
This policy applies to employees, contractors, and authorized personnel who interact with MD Ally systems or handle information processed through our platform.
3. DATA CLASSIFICATION
MD Ally manages different categories of information that may require varying levels of protection depending on sensitivity and operational use.
Information handled within MD Ally’s systems may include:
Protected Health Information (PHI)
Information related to an individual’s health condition, healthcare services, or payment for healthcare services that may identify a patient.
Operational Information
Information generated through operational workflows such as encounter documentation, referral coordination, and system activity logs.
System and Technical Data
Information generated through platform operations including system logs, monitoring data, and infrastructure activity used to maintain system performance and security oversight.
Data classification practices help guide how information is accessed, stored, transmitted, and protected within MD Ally’s environment.
4. DATA COLLECTION AND PROCESSING
Information handled within MD Ally’s systems is collected and processed to support telehealth services, operational workflows, system administration, and program coordination.
Data may be collected during patient interactions, operational intake processes, documentation workflows, and system-generated activity logs.
Information collected through these processes may be used to support activities such as:
• clinical documentation and encounter records
• coordination of follow-up services and referrals
• operational monitoring and troubleshooting
• quality review and program evaluation
• system security monitoring
Data processing occurs within technology environments designed to support secure handling of sensitive healthcare and operational information.
5. DATA STORAGE AND INFRASTRUCTURE ENVIRONMENT
Information handled within MD Ally systems is stored within secure infrastructure environments designed to support the protection of sensitive data.
MD Ally’s platform operates within cloud infrastructure environments that provide network security protections, system segmentation, and infrastructure monitoring capabilities.
Data may be stored in application databases, secure storage systems, or other infrastructure components necessary to support platform operations.
Security controls within the infrastructure environment may include access controls, network protections, monitoring systems, and encryption mechanisms designed to support the confidentiality and integrity of stored information.
These infrastructure protections support the secure operation of MD Ally services used by healthcare and public safety partners.
6. DATA ACCESS CONTROLS
Access to information within MD Ally systems is governed by role-based access controls designed to limit access to authorized personnel based on operational responsibilities.
Personnel may be granted system access based on job function and operational need. Access privileges may be modified when roles change or when personnel no longer require access to perform their responsibilities.
Authentication controls help verify user identity before granting access to system resources.
Access management practices are designed to reduce the risk of unauthorized access to sensitive information while allowing authorized personnel to perform operational duties within our platform.
7. DATA TRANSMISSION AND PROTECTION
Information transmitted through MD Ally systems is protected through technical safeguards designed to support secure communication between system components and users.
Data transmitted across networks may be protected through encrypted communication protocols designed to prevent unauthorized interception or alteration of information during transmission.
Secure communication mechanisms are used when transmitting information between application systems, infrastructure environments, and authorized users.
These protections help support the confidentiality and integrity of information as it moves across technology environments used by MD Ally’s platform.
8. DATA RETENTION PRACTICES
MD Ally retains information for periods that support operational needs, contractual obligations, regulatory requirements, and system functionality.
Retention practices may vary depending on the type of data involved and the operational purpose for which the information was collected.
Certain records associated with healthcare services or operational workflows may be retained to support continuity of care, program administration, and compliance requirements.
System-generated data such as logs and monitoring records may also be retained for periods necessary to support system performance monitoring, security oversight, and operational troubleshooting.
Data retention practices are periodically reviewed as part of the organization’s broader compliance and operational governance activities.
9. DATA DELETION AND DISPOSAL
When information is no longer required for operational, regulatory, or contractual purposes, it may be removed from active systems or securely deleted according to internal procedures.
Data disposal practices are designed to reduce the risk of unauthorized access to information that is no longer needed for system operations.
Secure deletion practices may include removal of records from active databases, removal of stored files from infrastructure environments, or controlled destruction of media containing sensitive information when applicable.
These practices support responsible management of data throughout its lifecycle within MD Ally’s systems.
10. SECURITY MONITORING AND AUDIT LOGGING
System activity within MD Ally’s platform may be monitored and logged to support operational oversight and security monitoring.
Logging practices may capture system events such as user access activity, system configuration changes, and actions performed within application environments.
Audit logs provide visibility into system activity and may support investigation of operational issues, security events, or system performance concerns.
Monitoring and logging practices support ongoing security oversight and operational reliability of our platform environment.
11. DATA HANDLING IN AI-SUPPORTED WORKFLOWS
Certain operational workflows within MD Ally services may be supported by artificial intelligence technologies that assist with documentation, information organization, and workflow efficiency.
When AI-supported tools are used within MD Ally systems, they operate within the same infrastructure environment, access controls, and security protections that govern the broader platform.
AI-supported capabilities may assist with organizing information collected during operational workflows or generating summaries that support documentation processes.
Information processed through these tools remains subject to the same privacy, security, and access control practices applied to other information within MD Ally systems.
Clinical interpretation of patient information and care decisions remain under human oversight and are not determined solely by automated systems.
12. POLICY REVIEW AND GOVERNANCE
This policy may be reviewed periodically as part of MD Ally’s broader governance, security, and compliance practices.
Policy reviews may occur when operational practices evolve, regulatory requirements change, or system architecture is updated.
Updates to the policy help maintain alignment with the organization’s privacy, security, and operational governance practices that support the protection of sensitive information handled through MD Ally services.