1. Who We Are
Shomer Health is an AI-powered after-hours clinical triage platform operating under an existing Tennessee limited liability company, doing business as Shomer Health, located in Spring Hill, Tennessee. We provide after-hours patient triage services to Direct Primary Care and independent medical practices.
For questions about this Privacy Policy, contact us at contact@shomer.health.
2. Information We Collect
We collect the following categories of information in connection with our service:
- Patient contact information: Phone numbers used to contact the Shomer Health SMS triage line.
- Symptom and health information: Descriptions of symptoms, health concerns, and related information provided by patients via SMS during triage interactions.
- Interaction data: The content of SMS conversations between patients and the Shomer Health AI triage assistant, including timestamps and triage classifications.
- Provider information: Contact information and practice details for healthcare providers who subscribe to the Shomer Health platform.
- Website usage data: Standard web analytics including pages visited, time on site, and browser information when visiting shomer.health.
3. How We Use Your Information
We use collected information solely for the following purposes:
- To provide AI-powered clinical triage routing on behalf of your Direct Primary Care provider
- To generate the Morning Clinical Digest delivered to your provider each morning
- To escalate urgent or emergency situations to appropriate resources including 911, 988, or Poison Control
- To maintain records of overnight patient interactions for provider clinical review
- To improve the accuracy and safety of our triage system
- To comply with applicable legal and regulatory requirements
We do not sell, rent, or share your personal or health information with third parties for marketing or commercial purposes.
4. HIPAA Compliance
Patient health information collected through the Shomer Health SMS triage service is treated as Protected Health Information (PHI) under HIPAA and is handled in accordance with all applicable requirements of HIPAA and the HITECH Act.
Your Direct Primary Care provider is the Covered Entity under HIPAA. Shomer Health serves as their Business Associate. Your provider's HIPAA Notice of Privacy Practices governs the use of your health information at the practice level.
5. Data Storage and Security
All patient interaction data is stored on Amazon Web Services infrastructure in the United States. We implement the following security measures:
- AES-256 encryption at rest for all patient data using customer-managed AWS KMS keys
- TLS 1.2+ encryption for all data in transit
- Role-based access controls limiting data access to authorized systems only
- AWS CloudTrail audit logging of all data access events
- Automatic data expiration — patient interaction records are automatically deleted after 90 days
- Point-in-time recovery enabled for database backup
6. Data Retention
Patient interaction records are retained for 90 days from the date of the interaction and then automatically deleted. Conversation session history is retained for 24 hours only. Provider account information is retained for the duration of the provider's subscription and for a reasonable period thereafter as required by law.
7. SMS Communication
By texting the Shomer Health triage number provided by your healthcare provider, you consent to receive SMS responses from the Shomer Health AI triage assistant. Message and data rates may apply depending on your mobile carrier.
You may opt out of SMS communications at any time by replying STOP to any message. Reply HELP for assistance. Opting out will discontinue after-hours triage communications for your phone number.
Shomer Health does not send unsolicited marketing or promotional SMS messages. All outbound messages are direct responses to patient-initiated contact.
8. AI and Automated Processing
Shomer Health uses artificial intelligence to process patient messages and provide triage routing. Patients interacting with the Shomer Health SMS line are communicating with an AI assistant, not a human physician or clinical staff member. The AI assistant identifies itself as such in all interactions.
The AI assistant does not diagnose conditions, prescribe medications, or provide medical advice. It collects symptom information and routes patients to appropriate care. All clinical decisions remain the sole responsibility of the licensed provider.
9. Third-Party Service Providers
We use the following third-party service providers who may process data on our behalf:
- Amazon Web Services (AWS): Cloud infrastructure and data storage. BAA executed.
- Twilio: SMS delivery infrastructure. BAA in process.
- Anthropic (via AWS Bedrock): AI language model processing. Covered under AWS BAA and Zero Data Retention agreements.
All third-party providers with access to PHI are required to execute Business Associate Agreements and maintain HIPAA-compliant security practices.
10. Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information:
- The right to access information we hold about you
- The right to request correction of inaccurate information
- The right to request deletion of your information
- The right to opt out of SMS communications by replying STOP
For HIPAA-specific rights regarding your Protected Health Information, please contact your Direct Primary Care provider directly as they are the Covered Entity responsible for your health records.
11. Children's Privacy
The Shomer Health platform is a healthcare service used by patients of all ages under the supervision of a licensed healthcare provider. We do not knowingly collect personal information from children under 13 independent of a provider relationship. If you believe we have inadvertently collected such information, please contact us immediately at contact@shomer.health.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top of this page. Continued use of the Shomer Health service after changes become effective constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us: