Privacy Policy

Effective date: June 3, 2026 · Last updated: June 3, 2026

Relationship to the practice's HIPAA Notice of Privacy Practices — Meeta Singh MD PC is a HIPAA covered entity. Your protected health information is governed primarily by the practice's Notice of Privacy Practices (NPP), which controls if anything here conflicts with it. This Privacy Policy explains, in plain language, how the Platform specifically handles your information. It supplements — it does not replace — the NPP.

1. Scope

This Policy covers information collected through the Platform: your account details, journal entries, sleep-ring trend data displayed to you, assessment responses (for PSS patients), and released PSS reports. It does not cover information you provide outside the Platform or records held in the practice's EHR, which are governed by the NPP.

2. Information we collect

Account information: name, contact details, login credentials, and authentication factors.
Journal entries: the reflections you write each evening. These are read as written; no automated AI analysis is applied to them.
Assessment responses (PSS patients): answers to the standardized sleep questionnaires and their scores.
Sleep-ring data: monitoring data ingested from your device via a third-party monitoring service, used to display your trends.
Technical and access logs: information needed for security and HIPAA audit requirements, such as login times and records of who accessed what data.

3. How we use your information

To provide your care and operate the practice as your healthcare provider.
To display your journal, trends, assessments, and — for PSS patients — your released report.
To assist the physician in drafting PSS reports using AI tools, with every report reviewed and approved by the physician before release. AI is not applied to journal entries or to non-PSS programs.
To secure the Platform, maintain audit logs, and meet our legal and regulatory obligations.

4. AI processing, plainly stated

AI is used in exactly one place: helping draft Predictive Sleep Screening reports, which the physician then reviews, edits, and approves. AI inference runs within the practice's HIPAA-covered cloud environment under a Business Associate Agreement. Your journal entries are never processed by AI. The Insomnia Treatment and Sleep Apnea Treatment programs receive no AI-generated output.

5. How we share information

We do not sell your information, and we do not use it for advertising. We share it only as follows:

With our service providers ("business associates"): cloud hosting and AI infrastructure, the sleep-monitoring service, and secure email — each under a Business Associate Agreement that limits use to supporting your care.
With your referring physician: if you were referred, that physician may receive read-only access scoped only to their own referred patients, and a notification when a PSS report is released.
As required by law: when compelled by valid legal process or to meet legal and regulatory obligations.
With your direction: to anyone you authorize in writing.

6. Security

The Platform is hosted in a HIPAA-eligible cloud environment with encryption of data in transit and at rest, role-based access controls, multi-factor authentication, and audit logging of access to your information. No system is perfectly secure, but we apply safeguards appropriate to the sensitivity of the information involved.

7. Your rights

Consistent with HIPAA, applicable state law, and the practice's NPP, you may request to access or receive a copy of your information, request corrections, ask how your information has been disclosed, and raise concerns about its handling. To exercise these rights, contact us using the details below.

8. Data retention

We retain Platform information as long as needed for your care and as required by law and professional record-retention rules — at least seven (7) years, consistent with Michigan medical-record retention requirements. When information is no longer required, it is disposed of securely.

9. Breach notification

If a breach of unsecured protected health information affecting you occurs, we will notify you as required by the HIPAA Breach Notification Rule and applicable Michigan law.

10. Children

The Platform is intended for adult patients (or accounts supervised by a parent or guardian).

11. Changes to this Policy

We may update this Policy. Material changes will be communicated through the Platform or your contact method on file, and the "Last updated" date will change. The current version always governs.

12. Contact

Privacy questions or to exercise your rights: Richard Klein, VP Operations (Privacy Officer) — ops@meetasinghmd.com · 313.720.0141 · 31350 Telegraph Rd, Ste 201, Bingham Farms, MI 48025. For matters governed by the practice's Notice of Privacy Practices, contact the practice's Privacy Officer named in the NPP.