Contact us
SolidPractice Technologies
Headquarters: Sarasota, Florida
Privacy Policy
SolidPractice Technologies LLC and
our affiliates and subsidiaries (“SolidPractice,” “we,” “us,”
or “our”) recognizes the importance of protecting the privacy of your
information, and we have prepared this Privacy Policy (this “Privacy Policy”)
to provide you (the “Providers”) with important information about the
privacy practices applicable to SolidPractice software, websites services,
telemedicine product and any website and application, product or service
including, without limitation, SolidPractice.com
SolidPractice provides Providers
with SolidPractice Software to manage appointments, personal health records,
communications, and other related activities. Other than information gathered
through our websites at www.SolidPractice.com, SolidPractice acts as a service
provider for health service providers and does not own or control the
information that is submitted to us through SolidPractice. The information that
is submitted through SolidPractice will
be held subject to the requirements specified by our health service provider
clients and applicable law, such as the Health Insurance Portability and
Accountability Act of 1996 (“HIPAA”).
This Privacy Policy covers any
information, that alone or when in combination with other information may be
used to readily identify, contact, or locate an individual (“Personal
Information”), that is in our possession, including but not limited to
Patient’s (as defined below) information shared by Providers, Patients , third
parties at the direction of users, and Provider systems as well as through SolidPractice.
“Personal Information” also includes identifiable health information collected
about you. We do not consider Personal Information to include information that
has been anonymized so that it does not allow a third party to easily identify
a specific individual. This Privacy Policy describes how SolidPractice
collects, uses, and discloses Personal Information.
In addition, individually
identifiable information that you provide to us for purposes of providing
medical care to your potential or existing patients (“Patient” or “Patients”)
(such information is also referred to as “Protected Health Information”
or “PHI”) will also be subject to each Provider’s Health Insurance
Portability and Accountability Act Notice of Privacy Practices (the “HIPAA
Notice”), which each Provider shall make available to Patients. The HIPAA
Notice shall describe how the Providers can use and share the Patients’ PHI and
also describes the Patients’ rights with respect to their PHI.
This Privacy Policy does not reflect
the privacy practices of the Providers and SolidPractice is not responsible for
our Providers’ privacy policies or practices. SolidPractice does not review,
comment upon, or monitor a Provider’s HIPAA Notice or their compliance with
their respective privacy policies, nor does SolidPractice review our client’s
instructions to determine whether they are in compliance or conflict with the
terms of a client’s published privacy policy or applicable law.
I. Collection of
Information
We may collect the following kinds
of information (including Personal Information and PHI of your Patients) when
you use SolidPractice:
Information you or the Patients
provide directly to us. For
certain activities, such as when the Patients register, use our online services
(via our websites or applications), our telemedicine services, subscribe to our
alerts, or contact us directly, we may collect some or all of the following
types of information:
·
Contact information, such as your and
the Patients’ full name, email address, mobile phone number, and address;
·
Username and password;
·
Payment information, such as your or
the Patients’ credit card number, expiration date, and credit card security
code;
·
Information about your employment, such
as your job title, practice area, primary specialty, and medical license
status, gender, date of birth, languages spoken, educational background,
address, photograph, social security number, Tax ID, NPI number, professional
license information and bank account information;
·
Personal health information, including
information about the Patient’s diagnosis, previous treatments, general health,
health insurance; and
·
Any other information you provide to us.
We may combine such information with
information we already have about you or the Patients.
Information we collect automatically. SolidPractice and our
third-party partners, such as analytics service providers, may collect certain
information automatically when you use our SolidPractice, such as your Internet
protocol (IP) address, device and advertising identifiers, browser type,
operating system, Internet service provider, pages that you visit before and
after using SolidPractice, the date and time of the Patient’s visit,
information about the links you click and pages you view within SolidPractice,
and other standard server log information. We may also collect certain location
information when you use our SolidPractice, such as your computer’s IP address,
your mobile device’s GPS signal, or information about nearby WiFi access points
and cell towers.
We may also collect technical data
to address and fix technical problems and improve our SolidPractice, including
the memory state of your device when a system or app crash occurs while using
our SolidPractice. Your device or browser settings may permit you to control
the collection of this technical data. This data may include parts of a
document you were using when a problem occurred, or the contents of your
communications. By using SolidPractice, you are consenting to the collection of
this technical data.
Information we obtain from health
care providers and other sources.
In connection with the Patient’s treatment, we may collect medical records from
their past, current, and future health care providers. This may include
information about their diagnosis, previous treatments, general health,
laboratory and pathology test results and reports, social histories, any family
history of illness, and records about phone calls and emails related to their
illness.
Some of our users, including the
Providers, are subject to laws and regulations governing the use and disclosure
of health information they create or receive. Included among them is the 21st
Century Cures Act, HIPAA, the Health Information Technology for Economic and
Clinical Health of 2009 (“HITECH”), and the regulations adopted
thereunder. When we store, process or transmit “individually identifiable
health information” (as such term is defined by HIPAA) on behalf of the
Provider who has entered a Healthcare Provider User Agreement, we do so as its
“business associate” (as also defined by HIPAA). Under this agreement, SolidPractice
is prohibited from using individually identifiable health information in a
manner that the provider itself may not. SolidPractice is required to, among
other things, apply reasonable and appropriate measures to safeguard the
confidentiality, integrity and availability of individually identifiable health
information we store and process on behalf of such providers. SolidPractice is
subject to laws and regulations governing the use and information of certain
personal and health information, including HIPAA, when it operates as a
business associate of a healthcare provider.
We may also receive information
about you from other sources, including through third-party services and
organizations. We may combine our first-party data, such as your email address
or name, with third-party data from other sources and use this to contact you
(e.g. through direct mail).
II. Use of
Information
Our uses for the information
(including Personal Information) we collect online include but are not limited
to:
·
Providing and improving SolidPractice;
·
Contacting you;
·
Fulfilling your requests for
products, services, and information;
·
Sending you information about
additional clinical services or general wellness from us or on behalf of our
affiliates and trusted third-party partners;
·
Analyzing the use of SolidPractice
and user data to understand and improve SolidPractice;
·
Conducting research using your
information, which may be subject to your separate written authorization;
·
For any other purposes disclosed to
you at the time we collect your information or pursuant to your consent.
From time to time, we may desire to
use the information we collect online for uses not previously listed in this
Privacy Policy. If our practices change regarding previously collected Personal
Information in a way that would be materially less For any other purposes
disclosed to you at the time we collect your information or pursuant to your
consent restrictive than stated in the version of this Privacy Policy in effect
at the time we collected the information, we will make reasonable efforts to
provide notice and obtain consent to any such uses as may be required by law.
Any request to obtain your consent
does not narrow the scope of this Privacy Policy. By using SolidPractice, you
accept and agree to SolidPractice’s information handling practices in the
manner described in this Privacy Policy and in our Terms of Use.
We may use the information collected
through SolidPractice to investigate potential or suspected threats to SolidPractice
or to the confidentiality, integrity or availability of the information SolidPractice
stores and maintains.
By using SolidPractice you agree to
receive texts, phone calls, and/or email from us at the phone numbers and email
addresses you provided to us for informational and customer service-related
purposes.
Additionally, we may send an email
to the email address you provide us in order to verify your account and for
informational and operational purposes, such as account management, customer
service, or system maintenance. We may also send you marketing emails if you
request more information about our products and services. Emails are often
transactional or relationship messages, such as appointment requests, reminders
and cancellations and other notifications. SolidPractice may not offer you the
option of opting out of receiving some of these messages although SolidPractice
may allow you to modify how often you receive such messages. If you opt-in to
receiving marketing announcements from SolidPractice, we will allow you to
opt-out of receiving those announcements.
Electronic Notices. By using SolidPractice or
providing Personal Information to us, you agree that we may communicate with
you electronically regarding security, privacy, and administrative issues
relating to your use of SolidPractice. If we learn of a security system’s
breach, we may attempt to notify you electronically by posting a notice on SolidPractice
or sending a text or email to you. You may have a legal right to receive this
notice in writing. To receive free written notice of a security breach (or to
withdraw your consent from receiving electronic notice), please contact
us. We may anonymize and aggregate any data collected through SolidPractice,
and use it for business purposes. For example, we may use such data for
evaluating and profiling the performance of SolidPractice, including analyzing
usage trends and patterns and measuring the effectiveness of content, features,
or services.
III. Sharing of
Information
We are committed to maintaining your
trust, and we want you to understand when and with whom we may share the
information we collect.
·
Healthcare providers, insurance
companies, and other healthcare-related entities. We may share Patient Personal Information and PHI
with other health care providers, laboratories, government agencies, insurance
companies, organ procurement organizations, medical examiners or funeral
directors, and other entities relevant to providing them with treatment options
and support.
·
Authorized third-party vendors and
service providers. We
may share your Personal Information and PHI with third-party vendors and
service providers that help us with specialized services, including billing,
payment processing, customer service, email deployment, business analytics,
marketing (including but not limited to advertising, attribution, deep-linking,
direct-mail, mobile marketing, optimization and retargeting), performance
monitoring, hosting, and data processing. These third-party vendors and service
providers may not use your information for purposes other than those related to
the services they are providing to us.
·
Research partners. We may share your information
with our research partners to conduct health-related research; such sharing may
be subject to your separate written authorization.
·
Corporate affiliates. In order to streamline certain
business operations, develop products and services that better meet the
interests and needs of our customers, and inform our customers about relevant
products and services, you hereby agree that we may share your Personal
Information with any of our current or future affiliated entities, subsidiaries
and parent companies.
·
Business transfers. We may share your information
in connection with a substantial corporate transaction, such as the sale of a
website, a merger, consolidation, asset sale, or in the unlikely event of
bankruptcy.
·
Legal purposes. We may disclose information
to respond to subpoenas, warrants, court orders, legal process, law enforcement
requests, legal claims or government inquiries, and to protect and defend the
rights, interests, health, safety, and security of SolidPractice, our
affiliates, users, or the public. If we are legally compelled to disclose
information about you to a third-party, we will attempt to notify you by
sending an email to the email address in our records unless doing so would
violate the law or unless you have not provided your email address to us.
·
With your consent or at your
direction. We may share information for any
other purposes disclosed to you at the time we collect the information or
pursuant to your consent or direction.
IV. Security
We use reasonable measures to help
protect information from loss, theft, misuse and unauthorized access,
disclosure, alteration and destruction. You should understand that no data
storage system or transmission of data over the Internet or any other public
network can be guaranteed to be 100% secure. Consequently, we cannot ensure or
warrant the security of any information you transmit to us and you do so at
your own risk. Once we receive your transmission, we take steps to ensure
security on our systems. Please note this is not a guarantee that such
information may not be accessed, disclosed, altered, or destroyed by breach of
such safeguards. Please note that information collected by third parties may
not have the same security protections as information you submit to us, and we
are not responsible for protecting the security of such information.
If SolidPractice learns of a
security system’s breach, SolidPractice maintains an incident response policy
that includes notifications consistent with applicable law.
By using SolidPractice or providing
Personal Information to us, you agree that we can communicate with you
electronically regarding security, privacy, and administrative issues relating
to your use of this website.
V. Intended For Use in
United States Only
SolidPractice are intended to be
used only from and within the United States. As such, SolidPractice makes no
representations and warranties that SolidPractice comply with applicable law
outside the United States and SolidPractice shall not be responsible for your
use of SolidPractice outside of the United States. SolidPractice maintains
information in the United States and in accordance with the laws of the United
States, which may not provide the same level of protection as the laws in your
jurisdiction. By using the website and providing us with information, you
understand and agree that your information may be transferred to and stored on
servers located outside your resident jurisdiction and, to the extent you are a
resident of a country other than the United States, that you consent to the
transfer of such data to the United States for processing by us in accordance
with this Privacy Policy. In the event that you use SolidPractice outside of
the United States, you acknowledge and understand that you are solely responsible
for any and all legal consequences for violating applicable laws within your
jurisdiction and that you shall have no right of recourse against SolidPractice.
In certain situations, we may be
required to disclose personal data in response to lawful requests by public
authorities, including to meet national security or law enforcement
requirements.