Last updated: March 13, 2026

Calcium LLC (“Calcium,” “we,” “our,” or “us”) is committed to protecting your health information and personal data. This Privacy & Security Notice explains how we collect, use, disclose, and protect your information, including how we participate in nationwide health information exchange under the Trusted Exchange Framework and Common Agreement (TEFCA).

1. Scope of This Notice

This Notice applies to:

• The Calcium Super App
• Calcium Core (provider platform)
• Calcium AI Studio
• All related services, websites, and integrations

This Notice applies to personal data and electronic health information (EHI) collected, accessed, or exchanged through our platform.

 

2. Our Role in TEFCA

Calcium participates in nationwide health information exchange under TEFCA as an Individual Access Services (IAS) Provider and/or Subparticipant, enabling individuals to securely access their electronic health information across multiple healthcare organizations and networks.

Through TEFCA, Calcium may connect to Qualified Health Information Networks (QHINs) and other participants to retrieve and aggregate your health data.

 

3. Information We Collect

3.1 Health Information (EHI)

We may collect and process:

• Medical records (diagnoses, medications, procedures, lab results)
• Vital signs and device-generated data
• Care plans and pathway data
• Health journal entries and user-reported data

3.2 Data from Connected Sources

We collect data from:

• Electronic Health Record (EHR) systems
• Healthcare providers and health systems
• Medical devices and wearables
• Health and wellness applications
• TEFCA-enabled networks

3.3 Personal Information

• Name, email, phone number
• Date of birth, gender
• Account credentials

 

4. How We Use Your Information

We use your information to:

• Provide access to your health records
• Aggregate and organize your health data
• Enable sharing with providers, caregivers, and others
• Deliver personalized pathways and guidance
• Improve platform functionality and user experience

 

5. TEFCA Permitted Uses and Restrictions

Calcium uses health data obtained through TEFCA only for permitted purposes, including:

• Providing individuals access to their own health information
• Supporting treatment, payment, and healthcare operations (where applicable)

We do NOT:

• Sell your health data
• Use TEFCA data for advertising or marketing without authorization
• Use data beyond permitted purposes under TEFCA

 

6. Your Rights (Individual Access)

You have the right to:

• Access your electronic health information
• Request data from multiple providers via TEFCA
• Receive your data in electronic format
• Direct your data to third parties (where permitted)

 

7. Identity Verification & Security

Before granting access to your health information, Calcium uses industry-standard identity verification and authentication processes, which may include:

• Multi-factor authentication
• Identity proofing procedures

 

8. Data Sharing & Disclosure

We may share your information with:

• Healthcare providers and care teams
• Family members or caregivers (with your consent)
• Third-party apps or services (at your direction)
• TEFCA-connected networks

 

Redisclosure Notice

Once your information is shared with third parties, it may no longer be protected under HIPAA and could be redisclosed.

 

9. Minimum Necessary & Sensitive Data

We apply the principle of minimum necessary access and support data segmentation for sensitive information, including behavioral health or other specially protected data, as required by law.

 

10. AI & Automated Processing

Calcium may use artificial intelligence to:

• Generate personalized health pathways
• Provide insights and recommendations

AI-generated outputs are reviewed and designed to support—not replace—clinical decision-making.

 

11. Security Safeguards

We implement administrative, technical, and physical safeguards including:

• Encryption in transit and at rest
• Access controls and authentication
• Secure APIs and interoperability standards
• Continuous monitoring and threat detection

 

12. Auditing & Compliance

We maintain audit logs of access to health data and monitor for unauthorized use. Calcium complies with TEFCA oversight, audit, and reporting requirements.

 

13. Third-Party Obligations

Third parties receiving data from Calcium must comply with applicable privacy and security obligations, including contractual requirements aligned with TEFCA and HIPAA where applicable.

 

14. Data Retention

We retain your information only as long as necessary to provide services and comply with legal obligations.

 

15. Your Choices

You may:

• Control data sharing settings
• Revoke access permissions
• Delete your account (subject to legal requirements)

 

16. Changes to This Notice

We may update this Notice from time to time. Updates will be posted with a revised effective date.

 

 

 

Calcium Health — Empowering You to Own Your Health, Securely.

 

If User has questions or concerns about the Privacy & Security Notice, User can contact Calcium at 500 W Madison St. Suite 3700 Chicago, IL, 60661 (Attention: Privacy Contact) or contact us at support@CalciumHealth.com.

Updates/Modifications

Calcium reserves the right to amend this Privacy & Security Notice at any time as needed with notice provided to User. Changes will take effect upon User’s acceptance of the modified terms and User’s continued use of the Website, Mobile App and/or Services.