Trust

Data & Security

TVshuru Health runs in one of the most sensitive environments there is — the patient bedside. Protecting patient data is a design requirement, not a feature. This page summarizes how we do it. Contracted hospitals receive full documentation during security review.

Our role: HIPAA Business Associate

When TVshuru Health is deployed at a hospital, the hospital is the covered entity and TVshuru Health acts as its Business Associate. We enter a Business Associate Agreement (BAA) with every hospital and operate under the HIPAA Privacy, Security, and Breach Notification Rules. We use protected health information (PHI) only to provide and support the service — never to sell it, and never for our own marketing or advertising.

What data TVshuru Health uses at the bedside

TVshuru Health is built on the principle of data minimization. A typical deployment uses only what the bedside experience needs:

TVshuru Health is not a monitoring device and does not perform clinical measurements.

How it is protected

Retention and disposal

Patient information is retained only as directed by the hospital and the BAA. Room-level personalization is cleared at discharge. When a deployment ends, we return or securely destroy PHI as the agreement requires.

Subprocessors and hosting

Where we rely on infrastructure or service providers to deliver TVshuru Health, each is bound by appropriate contractual and HIPAA obligations, including BAAs where they may handle PHI. A current subprocessor list is available to contracted hospitals on request.

Breach notification

In the event of a breach of unsecured PHI, we notify the affected hospital without unreasonable delay and support its obligations under the HIPAA Breach Notification Rule.

Patient rights

Because the hospital is the covered entity for its patients, patients exercising rights over their health information — access, amendment, restriction, or an accounting of disclosures — should contact the hospital. TVshuru Health supports the hospital in responding.

Accessibility & safety by design

TVshuru Health is built to the accessibility expectations of the ADA effective-communication rule and Section 508 (WCAG 2.0 AA), and supports ligature-safe delivery for behavioral-health settings. Safety and accessibility are treated as security properties of the system.

Running a security review? Email security@tangiblespin.com and we will share our BAA template, security documentation, and subprocessor list.