Privacy-Safe Approach
Privacy-safe by design — not by assertion
Most healthcare adtech vendors claim privacy-safe practices. Salubrum documents ours: de-identification per HIPAA Safe Harbor, a data architecture that prevents PHI from entering the scoring model at any stage, and methodology documentation available for your compliance team to review before you sign anything.
De-identification Approach
HIPAA Safe Harbor de-identification — what it actually means
HIPAA Safe Harbor requires removal or generalization of 18 categories of individually identifiable health information before data can be considered de-identified. Salubrum applies this standard to all signal data before it enters our processing pipeline.
No PHI in the model
Individual health information is never processed by Salubrum's scoring engine. All inputs are de-identified population-level signals, not personal health records.
De-identified per Safe Harbor
Data inputs are de-identified using the HIPAA Safe Harbor method — not "expert determination" alone. We remove or generalize the 18 required identifier categories before processing.
Privacy-safe by design
Our data architecture was designed from the start to prevent PHI ingestion — not patched after the fact. De-identification happens upstream, before data reaches Salubrum's systems.
Data Governance
Governance practices documented for compliance review
Data Retention Limits
Signal data used in scoring is retained only as long as necessary for the scoring function and is subject to defined retention schedules. We don't accumulate data indefinitely.
Audit Documentation
We maintain documentation of our data flows, de-identification procedures, and vendor relationships. This documentation is available to clients under NDA for compliance review.
Annual Privacy Review
Our data practices are reviewed annually with privacy counsel. We update our methodology documentation when practices change and notify clients of material changes.
Reviewing our data practices? We're ready for that conversation.
Request our methodology documentation package — signal taxonomy, de-identification procedures, and data flow documentation. Available under NDA for qualified healthcare organizations.