Privacy Policy | Lumen Innovations

← Back to Home

Our Commitment: Lumen Innovations apps are designed with privacy as a core principle. We do not collect, store, or transmit Protected Health Information (PHI). Our apps are built to be HIPAA-exempt by design.

Overview

This Privacy Policy describes how Lumen Innovations ("we," "our," or "us") handles information in our mobile applications: Lumenus (procedure logging for medical trainees) and CathCPT (CPT code management for cardiologists).

Both applications are designed to help healthcare professionals with documentation and billing workflows while ensuring patient privacy is never compromised.

Protected Health Information (PHI)

No PHI is Collected or Stored: Our apps do not record patient names, medical record numbers, dates of birth, Social Security numbers, or any other identifying patient information. This is by design.

How We Ensure PHI Protection

No Patient Identifiers: Neither app includes fields for patient names or identifying information
Case ID System: Procedures are tracked using user-generated case IDs (e.g., "Case 001") rather than patient identifiers
Date Range Only: Procedures are logged by date range (e.g., week or month), not specific dates, to prevent potential patient identification
No EMR Integration: Our apps do not connect to electronic medical records or hospital systems

Lumenus - Procedure Logging App

What Lumenus Stores

Data Type	Stored	Purpose
User account (email, name)	Yes	Authentication and identification within training program
Procedure date range	Yes	Case logging by week/month (specific dates not stored to protect privacy)
Specific procedure date	No	Not stored - could be PHI when combined with other data
Procedure type	Yes	Training requirements tracking
Attending physician name	Yes	Attestation workflow
Facility/location	Yes	Multi-site training tracking
Operator role (primary/secondary)	Yes	Competency assessment
Duty hours/shift times	Yes	ACGME compliance tracking
Patient name or MRN	No	—
Patient date of birth	No	—
Social Security numbers	No	—

Image Library & PHI Detection

Lumenus includes an optional image library feature for educational purposes. To protect patient privacy:

On-Device PHI Detection: Images are automatically scanned for potential PHI (text overlays containing names, dates, MRNs) using on-device machine learning before upload
Automatic Redaction: Detected PHI regions can be automatically redacted (blacked out) before saving
Manual Review: Users are prompted to confirm images contain no PHI before sharing to the program's teaching library
Crop Tools: Users can crop images to remove identifying information
No Raw DICOM: The app does not accept DICOM files or extract embedded patient metadata

User Responsibility: While we provide PHI detection tools, users are ultimately responsible for ensuring any uploaded images do not contain patient identifiers. Always review images before sharing.

CathCPT - CPT Code Manager

What CathCPT Stores

Data Type	Stored	Purpose
Case ID (user-entered)	Yes (locally)	Reference for billing workflow
Selected CPT codes	Yes (locally)	Report generation
Selected ICD-10 codes	Yes (locally)	Indication documentation
Vessel/modifier selections	Yes (locally)	Accurate code documentation
RVU calculations	Yes (locally)	Reimbursement estimates
Patient name or MRN	No	—
Any patient identifiers	No	—

HIPAA-Exempt by Design: CathCPT uses case IDs instead of patient names. No PHI is ever entered, stored, or transmitted. Reports generated by the app contain only CPT codes, ICD-10 codes, and case IDs.

Report Sharing

When generating reports for billing purposes:

Reports contain only case IDs, CPT codes, ICD-10 codes, and RVU information
No patient identifiers are included in generated reports
Users are reminded to share reports only via secure, organization-approved email systems
Report data is stored locally on the device only

Data Storage & Security

Lumenus

Cloud Storage: Case logs and account data are stored securely using Google Firebase with encryption at rest and in transit
Authentication: Secure sign-in via Apple Sign-In, Google Sign-In, or email/password with Firebase Authentication
Program Isolation: Data is segregated by training program; users can only access their own program's data based on role permissions

CathCPT

Local Storage Only: All data is stored locally on your device using standard iOS secure storage
No Cloud Sync: CathCPT does not sync data to any cloud services
No Account Required: The app functions without user accounts or login

Data We Do NOT Collect

Neither Lumenus nor CathCPT collects:

Patient names, dates of birth, or medical record numbers
Social Security numbers or insurance information
Precise device location or GPS data
Contacts, photos (except user-initiated uploads in Lumenus), or other personal files
Browsing history or data from other apps
Advertising identifiers for ad targeting

Third-Party Services

Lumenus

Firebase (Google): Authentication, database, and cloud storage. See Firebase Privacy Policy
Apple/Google Sign-In: Optional authentication providers

CathCPT

CathCPT does not use third-party analytics, advertising, or cloud services

Your Rights

You have the right to:

Access: Request a copy of your data stored in our systems
Deletion: Request deletion of your account and associated data
Correction: Update or correct your account information
Export: Export your procedure logs (Lumenus) in standard formats

To exercise these rights, contact us at privacy@lumeninnovations.com

Children's Privacy

Our apps are intended for use by medical professionals and trainees. We do not knowingly collect information from children under 13 years of age.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes through the app or via email. Continued use of our apps after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@lumeninnovations.com
Website: lumeninnovations.com

Last Updated: January 27, 2026