Transparent retention, secure archiving, and auditable deletion β designed to support HIPAA (United States) and PHIPA (Canada) expectations for healthcare delivery records.
NoazRX is committed to protecting the confidentiality, integrity, and availability of personal and health-related information. This policy explains how long data is retained, how it is secured, and when it is archived or permanently deleted, in alignment with applicable healthcare privacy requirements.
This policy is designed to align with the HIPAA Privacy Rule and HIPAA Security Rule.
When operational access is no longer required, records are moved to a restricted compliance archive that is not accessible via APIs or the front end. After legal retention periods, archived data is permanently deleted or cryptographically destroyed. Archival and disposal actions are logged with timestamp, reason, and policy version.
This policy is designed to align with PHIPA and applicable pharmacy delivery record expectations.
PHI is accessible only on a need-to-know basis and is removed from operational systems once not required for service delivery. Archived PHI is stored in a restricted compliance archive that cannot be accessed by drivers, pharmacies, or general platform users. When no longer required, PHI is securely destroyed in a manner that prevents reconstruction. Disposal actions are logged and auditable.
Questions about this policy or NoazRX data-handling practices?
This page describes NoazRX retention and protection practices at a high level, uses language such as "designed to support" and "aligned with" rather than absolute guarantees, and may be updated periodically. It is provided for general information and is not legal advice; NoazRX recommends a final review by qualified counsel before relying on this policy in production.