Privacy Policy

Information We Collect

We collect the following types of information:

  • Protected Health Information (PHI): Medical records, treatment information, insurance details, prescription data
  • Personal Information: Name, contact information, date of birth, Social Security Number (when required)
  • Account Information: Username, login credentials
  • Usage Information: Pages visited, features used

How We Use Your Information

We use your information for:

  • Providing healthcare treatment and care coordination
  • Processing billing and insurance claims
  • Communicating about appointments and treatment
  • Complying with legal and regulatory requirements
  • Improving our services and patient experience
  • AI-assisted clinical documentation (with your consent; all AI-generated content is reviewed and approved by your healthcare provider)

AI-Assisted Documentation

Our practice may use artificial intelligence technology to assist with clinical documentation. This means:

  • AI may generate draft clinical notes from provider observations
  • All AI-generated content is reviewed and approved by your healthcare provider before becoming part of your medical record
  • AI is used as a documentation tool only and does not make clinical decisions
  • You may opt out of AI-assisted documentation at any time

Information Sharing and Disclosure

We may share your information with:

  • Healthcare Providers: For coordinated care and treatment
  • Insurance Companies: For billing and claims processing
  • Legal Authorities: When required by law or court order
  • Business Associates: Who help us provide services (under HIPAA-compliant Business Associate Agreements)

We will never sell your personal or health information to third parties.

Data Security

We implement comprehensive security measures to protect your information:

  • AES-256-GCM encryption for PHI at rest
  • TLS 1.3 encryption for data in transit
  • Secure OAuth2 authentication for account access
  • Regular security audits and vulnerability assessments
  • HIPAA-compliant audit logging of all PHI access
  • Role-based access controls and least privilege principles
  • Automated encryption key rotation every 90 days

Your Rights

Under HIPAA, you have the right to:

  • Access and obtain copies of your health records
  • Request corrections to your health information
  • Request restrictions on certain uses and disclosures
  • Receive confidential communications
  • Request an accounting of PHI disclosures
  • Receive a paper copy of this privacy notice
  • File a complaint with us or the HHS Office for Civil Rights

Data Retention

We retain your health information for a minimum of 7 years after your last service date, as required by federal and state law. After this period, records are securely destroyed using certified data destruction methods.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page.

Last updated: February 2026

Contact Our Privacy Officer

For questions about this privacy policy or to exercise your rights under HIPAA:

Privacy Officer

Email: privacy@practisphere.com

Back to Home

This site uses essential cookies to maintain your session and ensure security. No third-party tracking cookies are used. See our Privacy Policy for details.