ComCierge uses information to support patient care and hospital operations. Depending on how your healthcare organization uses the product, this may include information from:

• hospital EMR/EHR systems and related interfaces
• other connected hospital systems
• device and system telemetry
• user inputs and workflow activity
• support and troubleshooting interactions
• other lawful sources authorized by the healthcare organization

HatchMed Corporation ("HatchMed") uses this information to help provide and support ComCierge, including for:

• bedside patient care and clinical awareness
• operational coordination and workflow support
• system functionality, maintenance, and troubleshooting
• security, integrity, and fraud prevention
• quality, safety, and reliability activities
• legal and compliance obligations

When HatchMed handles identifiable patient information, it does so subject to applicable law, customer instructions, and contractual arrangements, including HIPAA where applicable.

HatchMed may also use properly de-identified or anonymized information, and analyses derived from that information, for product improvement and other lawful purposes.

For questions about patient data, please contact your healthcare provider or organization administrator. For HatchMed privacy questions, contact: techsupport@hatchmed.com.

By continuing, you acknowledge that you have reviewed this Privacy Notice and understand that ComCierge processes information in accordance with applicable law, customer arrangements, and HatchMed's privacy and security practices.

---

ComCierge is used in healthcare settings to support bedside patient care, clinical awareness, and operational coordination. As part of providing these functions, HatchMed Corporation ("HatchMed") may process information made available through the software and related HallMonitor capabilities.

The following sections provide additional detail regarding the categories of information processed, the purposes for which such information may be used, and where responsibility typically sits between HatchMed and the healthcare provider customer.

Depending on the customer's implementation, configuration, and authorized use of ComCierge, HatchMed may access, receive, collect, display, use, store, transmit, or analyze information such as:

• patient and care-related information made available through hospital systems
• information from EMR/EHR systems and related interfaces
• information from other connected systems used by the healthcare organization
• alerts, assignments, status indicators, and workflow-related information displayed through the product
• device, application, and system telemetry
• log data, security records, and performance information
• user-submitted information, configuration inputs, and administrative actions
• information shared during implementation, maintenance, support, troubleshooting, or issue resolution
• information from other lawful sources authorized by the healthcare provider customer or otherwise permitted by law

HatchMed may use information handled through ComCierge for the following purposes, as permitted by law and applicable agreements:

• operating ComCierge and related HallMonitor functionality
• supporting bedside care coordination and patient-related workflows
• displaying or transmitting relevant care, assignment, or status information
• supporting clinical awareness and related hospital operations

• deployment, onboarding, configuration, and integration
• maintenance, troubleshooting, repair, updates, and patches
• service monitoring, availability management, and issue resolution

• protecting the system against unauthorized access, misuse, malware, abuse, and other security threats
• maintaining logs, investigating issues, and preserving evidence where appropriate
• supporting secure and reliable operation of the product

• identifying defects, adverse trends, configuration issues, and reliability concerns
• validating system performance, support quality, and operational effectiveness
• meeting legal, regulatory, audit, reporting, and compliance requirements

Much of the information ComCierge handles in a hospital or clinical environment is processed on behalf of the healthcare provider or healthcare organization using the product.

That generally means:

• the healthcare provider customer determines what systems are connected and what information is made available to ComCierge
• HatchMed handles identifiable patient information according to applicable law, customer instructions, and contractual arrangements
• where applicable, HatchMed acts under HIPAA-compliant business associate arrangements or similar contractual controls
• the healthcare provider remains responsible for certain decisions about notices, permissions, workflows, user roles, and patient-facing obligations, except to the extent those responsibilities are expressly assigned to HatchMed

HatchMed may also process information related to the operation and use of ComCierge itself, such as:

• device and application telemetry
• performance and availability data
• access and activity logs
• configuration and troubleshooting information
• support case details
• security monitoring information

This information helps HatchMed operate, secure, maintain, troubleshoot, and improve the product and related services.

Where permitted by law and contract, HatchMed may create and use properly de-identified or anonymized information, as well as related analyses, metrics, trends, and other non-identifiable outputs, for lawful purposes such as:

• product improvement
• analytics and validation
• quality assurance
• safety and reliability monitoring
• research and development
• reporting in non-identifiable form

HatchMed does not use this information in a way intended to identify a patient, and identifiable patient information remains subject to applicable legal and contractual restrictions.

HatchMed applies privacy and security controls designed to be appropriate to the nature and sensitivity of the information involved, including controls relating to:

• role-based access and least privilege principles
• minimum necessary and data minimization practices where applicable
• system monitoring, logging, and incident response
• vendor and subprocessor oversight
• retention and secure disposal practices

When HatchMed handles identifiable patient information, it does so subject to applicable law, customer instructions, and contractual arrangements, including HIPAA where applicable.

If you have a question about patient information shown in or processed through ComCierge, please contact your:

• healthcare provider, or
• organization administrator or hospital privacy office, as appropriate.

This is because patient information in ComCierge is generally processed on behalf of the healthcare organization that provides care.

HatchMed Privacy Contact:

Email: techsupport@hatchmed.com

Mailing Address: 7056 S 220th St, Kent, WA 98032