At Caspar, privacy is a core part of how we design and deliver health insights. In this Q&A, our CTO and VP of Engineering Corey Gates breaks down how we maintain HIPAA compliance, protect resident privacy, and ensure care teams get the insights they need—without wearables, cameras, or compromising dignity.
Q: What does HIPAA compliance mean for a healthtech company like Caspar?
HIPAA compliance is ultimately about giving our customers confidence that health-related data is being handled securely and responsibly. It ensures that only authorized individuals have access to sensitive information—so our customers don’t have to worry about someone in their organization—or ours—seeing data they shouldn’t.
It also means recognizing the special role that health data plays in a person’s life. Security for personal health information isn’t the same as general data security—it requires a deeper understanding of the sensitivity and context around that data.
Q: Caspar’s technology monitors health without wearables or cameras—how does that work? What can a radar-based motion sensor “sense” without a camera? And why is it a privacy win for residents?
Our radar sensors detect motion by reading a cloud of data points that reflect a person’s posture and micro-movements. From that, we can extract pulse rate, respiration rate, and position—whether someone is lying in bed, sitting, or walking around.
Importantly, radar doesn’t capture visual images or audio. It can’t identify someone the way a camera can—it’s not like someone is watching. That’s a big privacy win, especially in spaces like the bathroom, where falls are common but privacy is paramount.
Q: What specific types of resident data does Caspar collect, and how is that data protected?
Caspar collects data such as pulse rate, respiration rate, posture, and movement throughout the room. That data is encrypted both in transit and at rest. This data also does not contain any personal information, so Caspar has no visibility into the patient’s identity.
Q: How do you figure out role-based access while maintaining privacy?
Each client dictates the role-based access that best suits their business needs. On the Caspar side, we enable access so that each user sees only the information they need, based on their role and configuration.
Generally speaking, families would receive information about well-being and general status, while caregivers have operational access to empower them to do their jobs effectively. For example, they receive real-time alerts–like fall detection–that are critical for on-site staff.
Clinicians receive access to clinical data like pulse rate, as well as long-term trends that help them manage overall health (for example, determining if there is a mediation interaction).
Are you ready to revolutionize care delivery while protecting privacy? Contact us today to learn more about how Caspar can help you achieve your goals.