Headquarters: Sarasota, Florida
SolidPractice provides Providers with SolidPractice Software to manage appointments, personal health records, communications, and other related activities. Other than information gathered through our websites at www.SolidPractice.com, SolidPractice acts as a service provider for health service providers and does not own or control the information that is submitted to us through SolidPractice. The information that is submitted through SolidPractice will be held subject to the requirements specified by our health service provider clients and applicable law, such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
In addition, individually identifiable information that you provide to us for purposes of providing medical care to your potential or existing patients (“Patient” or “Patients”) (such information is also referred to as “Protected Health Information” or “PHI”) will also be subject to each Provider’s Health Insurance Portability and Accountability Act Notice of Privacy Practices (the “HIPAA Notice”), which each Provider shall make available to Patients. The HIPAA Notice shall describe how the Providers can use and share the Patients’ PHI and also describes the Patients’ rights with respect to their PHI.
I. Collection of Information
We may collect the following kinds of information (including Personal Information and PHI of your Patients) when you use SolidPractice:
Information you or the Patients provide directly to us. For certain activities, such as when the Patients register, use our online services (via our websites or applications), our telemedicine services, subscribe to our alerts, or contact us directly, we may collect some or all of the following types of information:
<![if !supportLists]>· <![endif]>Contact information, such as your and the Patients’ full name, email address, mobile phone number, and address;
<![if !supportLists]>· <![endif]>Username and password;
<![if !supportLists]>· <![endif]>Payment information, such as your or the Patients’ credit card number, expiration date, and credit card security code;
<![if !supportLists]>· <![endif]>Information about your employment, such as your job title, practice area, primary specialty, and medical license status, gender, date of birth, languages spoken, educational background, address, photograph, social security number, Tax ID, NPI number, professional license information and bank account information;
<![if !supportLists]>· <![endif]>Personal health information, including information about the Patient’s diagnosis, previous treatments, general health, health insurance; and
<![if !supportLists]>· <![endif]>Any other information you provide to us.
We may combine such information with information we already have about you or the Patients.
Information we collect automatically. SolidPractice and our third-party partners, such as analytics service providers, may collect certain information automatically when you use our SolidPractice, such as your Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using SolidPractice, the date and time of the Patient’s visit, information about the links you click and pages you view within SolidPractice, and other standard server log information. We may also collect certain location information when you use our SolidPractice, such as your computer’s IP address, your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.
We may also collect technical data to address and fix technical problems and improve our SolidPractice, including the memory state of your device when a system or app crash occurs while using our SolidPractice. Your device or browser settings may permit you to control the collection of this technical data. This data may include parts of a document you were using when a problem occurred, or the contents of your communications. By using SolidPractice, you are consenting to the collection of this technical data.
Information we obtain from health care providers and other sources. In connection with the Patient’s treatment, we may collect medical records from their past, current, and future health care providers. This may include information about their diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records about phone calls and emails related to their illness.
Some of our users, including the Providers, are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the 21st Century Cures Act, HIPAA, the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of the Provider who has entered a Healthcare Provider User Agreement, we do so as its “business associate” (as also defined by HIPAA). Under this agreement, SolidPractice is prohibited from using individually identifiable health information in a manner that the provider itself may not. SolidPractice is required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such providers. SolidPractice is subject to laws and regulations governing the use and information of certain personal and health information, including HIPAA, when it operates as a business associate of a healthcare provider.
We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail).
II. Use of Information
Our uses for the information (including Personal Information) we collect online include but are not limited to:
<![if !supportLists]>· <![endif]>Providing and improving SolidPractice;
<![if !supportLists]>· <![endif]>Contacting you;
<![if !supportLists]>· <![endif]>Fulfilling your requests for products, services, and information;
<![if !supportLists]>· <![endif]>Sending you information about additional clinical services or general wellness from us or on behalf of our affiliates and trusted third-party partners;
<![if !supportLists]>· <![endif]>Analyzing the use of SolidPractice and user data to understand and improve SolidPractice;
<![if !supportLists]>· <![endif]>Conducting research using your information, which may be subject to your separate written authorization;
<![if !supportLists]>· <![endif]>For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
We may use the information collected through SolidPractice to investigate potential or suspected threats to SolidPractice or to the confidentiality, integrity or availability of the information SolidPractice stores and maintains.
By using SolidPractice you agree to receive texts, phone calls, and/or email from us at the phone numbers and email addresses you provided to us for informational and customer service-related purposes.
Additionally, we may send an email to the email address you provide us in order to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance. We may also send you marketing emails if you request more information about our products and services. Emails are often transactional or relationship messages, such as appointment requests, reminders and cancellations and other notifications. SolidPractice may not offer you the option of opting out of receiving some of these messages although SolidPractice may allow you to modify how often you receive such messages. If you opt-in to receiving marketing announcements from SolidPractice, we will allow you to opt-out of receiving those announcements.
Electronic Notices. By using SolidPractice or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of SolidPractice. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on SolidPractice or sending a text or email to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please contact us. We may anonymize and aggregate any data collected through SolidPractice, and use it for business purposes. For example, we may use such data for evaluating and profiling the performance of SolidPractice, including analyzing usage trends and patterns and measuring the effectiveness of content, features, or services.
III. Sharing of Information
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
<![if !supportLists]>· <![endif]>Healthcare providers, insurance companies, and other healthcare-related entities. We may share Patient Personal Information and PHI with other health care providers, laboratories, government agencies, insurance companies, organ procurement organizations, medical examiners or funeral directors, and other entities relevant to providing them with treatment options and support.
<![if !supportLists]>· <![endif]>Authorized third-party vendors and service providers. We may share your Personal Information and PHI with third-party vendors and service providers that help us with specialized services, including billing, payment processing, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct-mail, mobile marketing, optimization and retargeting), performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
<![if !supportLists]>· <![endif]>Research partners. We may share your information with our research partners to conduct health-related research; such sharing may be subject to your separate written authorization.
<![if !supportLists]>· <![endif]>Corporate affiliates. In order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, you hereby agree that we may share your Personal Information with any of our current or future affiliated entities, subsidiaries and parent companies.
<![if !supportLists]>· <![endif]>Business transfers. We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
<![if !supportLists]>· <![endif]>Legal purposes. We may disclose information to respond to subpoenas, warrants, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, health, safety, and security of SolidPractice, our affiliates, users, or the public. If we are legally compelled to disclose information about you to a third-party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.
<![if !supportLists]>· <![endif]>With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.
We use reasonable measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we take steps to ensure security on our systems. Please note this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such safeguards. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.
If SolidPractice learns of a security system’s breach, SolidPractice maintains an incident response policy that includes notifications consistent with applicable law.
By using SolidPractice or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this website.
V. Intended For Use in United States Only
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.