Terms & Conditions and Privacy Notice

1. About this application

Chronic Care Dashboard (the “App”) is a patient-facing web application that connects to your electronic health record using the SMART on FHIR standard. After you sign in with your health system account (e.g., Epic), the App displays your demographics, medications, laboratory results, and vital signs to help you view and manage a chronic condition. The App is provided for educational and informational purposes only.

2. Not medical advice

The App is not a medical device and does not provide medical advice, diagnosis, or treatment. Information shown may be incomplete, delayed, or inaccurate. Always consult a qualified healthcare professional regarding any medical questions or decisions. Never disregard professional medical advice because of something you saw in the App.

3. Authentication and access

You access your data by authenticating directly with your health system through a secure OAuth2 authorization flow (with PKCE). The App never sees or stores your username or password. You grant the App read-only access to specific data categories, and you can revoke that access at any time through your health system or by logging out.

4. How your data is used

• The App requests read-only access and displays only the data of the patient who is signed in.
• Your health data is processed in your browser for your current session only. It is held in memory to render the dashboard and is not stored in any database or server, and is not sold or shared with third parties.
• Access tokens are kept in your browser’s session storage and are cleared when you log out or close the browser tab.
• We do not use your health data for advertising or analytics profiling.

5. Your choices and rights

You may stop using the App and clear your session at any time using the “Log out” button. Consistent with privacy principles such as HIPAA and GDPR, the App minimizes data use, limits access to the authenticated patient, and does not retain your data after your session ends. To exercise rights over data held in your medical record itself (such as access or correction), contact your healthcare provider, who is the custodian of that record.

6. Security

The App uses industry-standard authorization (OAuth2 / SMART on FHIR with PKCE) and is intended to be served over HTTPS. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Use the App only on devices and networks you trust.

7. Disclaimer of warranties

The App is provided “as is” and “as available,” without warranties of any kind, express or implied, including fitness for a particular purpose, accuracy, or non-infringement.

8. Limitation of liability

To the maximum extent permitted by law, the provider of the App shall not be liable for any indirect, incidental, special, or consequential damages arising from your use of, or inability to use, the App.

9. Changes to these terms

We may update these Terms & Conditions from time to time. Material changes will be reflected by updating the “Last updated” date above. Continued use of the App after changes take effect constitutes acceptance of the revised terms.

10. Contact

For questions about these terms or the App’s privacy practices, contact the app operator at the email address provided in your app registration. For questions about your medical record, contact your healthcare provider.