Cadmus Privacy Policy
Effective Date: February 5, 2026
1. Introduction
Autonomy Today, LLC (“Cadmus,” “we,” “us,” or “our”) provides a cloud-based software-as-a-service platform for correctional facilities, including Jail Management (JMS) and Electronic Medical Records (EMR). We are committed to protecting the privacy and security of the information processed through our Services. This policy describes how we handle information in connection with our public-facing website and our e-prescribing services.
2. Information We Collect
In the course of providing e-prescribing and healthcare management services, we process the following types of information:
- Protected Health Information (PHI): As a Business Associate under HIPAA, we process PHI on behalf of our Clients (Covered Entities). This includes inmate health histories, medication administration records (MAR), and allergy information required for safe prescribing.
- Professional Information: We collect and verify the credentials of Prescriber End Users, including NPI numbers, DEA numbers, and professional licenses, to facilitate identity proofing for Surescripts Network access.
- Operational Data: We collect system usage data, such as access logs and transaction timestamps, to maintain an immutable record of facility activity.
3. Data Usage and Surescripts Network Integration
Information is processed solely to provide the Services and ensure patient safety:
- Prescription Transmission: PHI is transmitted through the Surescripts Network to facilitate the electronic delivery of prescriptions to a patient's (inmate's) chosen pharmacy.
- Clinical Decision Support: Data is used to provide prescribers with medication history and potential drug-to-drug interaction alerts.
- Neutrality: Cadmus does not use any collected data to influence prescribing decisions or provide economic incentives for specific medications.
4. Information Sharing
We share information only with authorized entities required for the healthcare lifecycle:
- Pharmacies and PBMs: Information is shared with pharmacies and Pharmacy Benefit Managers (PBMs) via the Surescripts Network to process and fulfill prescriptions.
- Regulatory Authorities: We may disclose information when required by law, such as responding to judicial orders or law enforcement requests.
- No Third-Party Sale: Cadmus does not sell patient or prescriber data to third-party marketers.
5. Data Security and Infrastructure
We maintain a robust security framework to protect PHI and operational data:
- Hyperscale Hosting: All data is stored within Microsoft Azure and Azure Government servers located exclusively in the United States.
- Encryption: Data is encrypted both in transit and at rest using industry-standard protocols compliant with the HIPAA Security Rule.
- Redundancy: The system performs continuous real-time data backups to geographically redundant regions to ensure data integrity and availability.
- Breach Response: We maintain a formal Data Breach Plan and will notify affected Clients in the event of a confirmed security incident in accordance with our Business Associate Agreement (BAA).
6. Data Control and Retention
Client Ownership: As between the parties, the Client retains sole responsibility and ownership of the Customer Data (including PHI) processed by the Services.
Retention: We retain data for as long as necessary to provide the Services or as required by state and federal records retention laws applicable to correctional and medical records.
7. Contact Information
For questions regarding this Privacy Policy or our data handling practices, please contact:
Autonomy Today, LLC
6990 Shelbyville Road
PO Box 87
Simpsonville, KY 40067