Notice of Privacy Practices

Effective: May 2026. This notice describes how LabApps may use and disclose protected health information (“PHI”) when we create, receive, maintain, or transmit PHI in connection with the LabApps platform. If you receive laboratory or healthcare services from a customer organization that uses LabApps, that organization may also provide its own Notice of Privacy Practices—follow their notice for care-specific questions.

Our commitment

We understand that health information is sensitive. When PHI is processed through LabApps, we handle it in accordance with applicable law, our agreements with customer organizations (including Business Associate Agreements where required), and the practices described below.

How we may use and disclose PHI

We may use and disclose PHI to:

• Provide and operate the platform for authorized users of subscribing organizations (for example accessioning, results, compliance, pathology, or client services workflows enabled for that customer);
• Support customers with troubleshooting, configuration, and service quality, under access controls and contractual limits;
• Maintain security and integrity of systems hosted on Microsoft Azure and related infrastructure (monitoring, backup, disaster recovery, and fraud prevention);
• Comply with law, including responses to lawful requests, public health activities where permitted, and oversight by regulators;
• De-identify or aggregate information where permitted and appropriate for analytics or product improvement, subject to agreement and law.

We do not use or disclose PHI for marketing unrelated to the service without appropriate authorization where required.

Azure and subprocessors

PHI and related files may be stored or processed using Microsoft Azure services (for example managed databases, application hosting, and secure file storage such as Azure Blob or Azure File Share). Some features may invoke Azure AI services when enabled by the customer. Subprocessors are bound by contractual safeguards consistent with HIPAA requirements when we act as a business associate.

Your rights regarding PHI

When applicable law grants you rights as an individual, you may have the right to:

• Access a copy of PHI about you in a designated record set, subject to exceptions;
• Request amendment of PHI you believe is incorrect or incomplete;
• Receive an accounting of certain disclosures of PHI;
• Request restrictions on uses or disclosures in limited circumstances;
• Request confidential communications by alternative means or at alternative locations, where reasonable;
• Obtain a paper copy of this notice upon request;
• File a complaint if you believe your privacy rights have been violated.

For PHI maintained by your healthcare provider or laboratory, direct many requests to that organization. For requests relating to PHI processed by LabApps as described in this notice, contact us using the information below and we will coordinate with the covered entity as appropriate.

Our responsibilities

• Maintain the privacy of PHI as required by law and agreement;
• Provide this notice and inform you of material changes;
• Follow the terms of this notice currently in effect;
• Mitigate, to the extent practicable, harmful effects of certain uses or disclosures we become aware of.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

LabApps privacy contact: support@labapps.io
Subject line: “Privacy Practices”

Changes to this notice

We reserve the right to change this notice. The revised notice will be posted at this URL with an updated effective date. Material changes may also be communicated through your organization or account channels where required.

See also our Privacy Policy and Security pages. For a BAA or enterprise privacy review, use our contact form.