PRIVACY POLICY PLEASE READ THIS PRIVACY POLICY CAREFULLY This Privacy Policy explains how Practice HI (the "Platform," "we," "us") collects, uses, discloses, and protects information when a practice or its users access the Practice HI software-as-a-service. 1. SCOPE AND RELATIONSHIP TO HIPAA When we process protected health information (PHI) on behalf of a practice (a HIPAA Covered Entity), we act as a Business Associate, and that processing is governed by the Business Associate Agreement (BAA) between us and the practice, not by this Policy. This Policy governs the Platform's own collection and use of account, usage, and contact information. 2. INFORMATION WE COLLECT • Account and profile: name, email, phone, role, practice affiliation, and credentials • Usage and device: log data, IP address, browser and device type, pages viewed, timestamps, and diagnostics used to operate and secure the service • Communications: messages, support requests, and consent or preference selections, such as SMS opt-in and opt-out • PHI: handled solely under the BAA and the practice's instructions 3. HOW WE USE INFORMATION • Provide, maintain, secure, and improve the Platform • Authenticate users, prevent fraud and abuse, and enforce our terms • Send service, security, and transactional notices • Comply with legal obligations and respond to lawful requests 4. HOW WE SHARE INFORMATION We do not sell personal information. We share it only with service providers and sub-processors, such as cloud hosting, email and SMS delivery, and payment processing, under contract and, where PHI is involved, under a BAA; with the practice the user belongs to; with authorities when required by law; and with a successor in a merger or acquisition, subject to this Policy. 5. SECURITY We use administrative, technical, and physical safeguards including encryption in transit, access controls, audit logging, and monitoring. No method of transmission or storage is completely secure. 6. DATA RETENTION We retain information for as long as needed to provide the service and to meet legal, regulatory, and contractual obligations. PHI retention follows the BAA and applicable law, including HIPAA six-year requirements where applicable. 7. YOUR CHOICES AND RIGHTS • Update your account information or notification preferences in the app • Opt out of text messages by replying STOP, or manage SMS consent in your notification settings (see Section 8, Text Message (SMS) Consent) • Patients exercising rights over their PHI should contact their practice; we assist the practice as its Business Associate 8. TEXT MESSAGE (SMS) CONSENT By providing your mobile number to your practice and opting in, you agree to receive appointment reminders, re-evaluation notices, and appointment status updates by text message at the number on file. Message frequency varies based on your appointments. Message and data rates may apply. Consent is not a condition of receiving care. You may opt out of text messages at any time by replying STOP to any message, or by updating your communication preferences in your notification settings; reply HELP for help, or contact your practice. The SMS options you select apply only while consent is given; withdrawing consent opts you out of all text messages. 9. COOKIES AND ANALYTICS We use strictly necessary cookies for authentication and may use limited analytics to operate the service. We do not use the Platform for third-party advertising. 10. CHILDREN The Platform is not directed to children for self-registration. Pediatric records are managed by the practice and the patient's guardian. 11. CHANGES We may update this Policy and will post the revised version with a new effective date. Continued use after changes constitutes acceptance. 12. CONTACT Questions about this Policy may be directed to support@practicehi.com.
Privacy Policy · Terms of Use · Sign in