Bloom ClinicalSign In

Privacy Policy

Last updated: March 31, 2026

1. Introduction

Bloom Clinical ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and any Protected Health Information (PHI) processed through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered PDPM optimization platform.

2. HIPAA Compliance

Bloom Clinical operates as a Business Associate under HIPAA. We maintain signed Business Associate Agreements (BAAs) with all partner facilities. All PHI is handled in accordance with the HIPAA Privacy Rule (45 CFR Part 164, Subpart E) and Security Rule (45 CFR Part 164, Subpart C).

3. Data We Collect

  • Account Information: Name, email address, role, and facility affiliation.
  • Clinical Data: De-identified patient information, MDS assessment data, diagnosis codes, and clinical documentation uploaded by authorized users.
  • Usage Data: Platform interaction data, feature usage patterns, and session information for product improvement.
  • Device Information: Browser type, operating system, and IP address for security and access control.

4. Data Protection

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit for all data transfers
  • Field-level encryption for PHI identifiers
  • Role-based access controls with facility-scoped permissions
  • 15-minute idle session timeout per HIPAA requirements
  • Comprehensive audit logging retained for 7 years per §164.530(j)

5. Data Retention

We retain clinical data for the duration specified in our BAA with each facility, and in compliance with CMS and state-specific retention requirements. Account data is retained while your account is active and for a reasonable period thereafter. You may request deletion of your account data by contacting us.

6. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data. For PHI-related requests, please contact your facility's Privacy Officer. For account-related requests, contact us at privacy@bloomclinical.com.

7. Contact Us

If you have questions about this Privacy Policy or our data practices, contact our Privacy Officer at privacy@bloomclinical.com.