Clinic Connect
Legal Documents

Privacy Policy

Last updated: January 1, 2025

1. Introduction

Clinic Connect ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare practice management platform.

As a healthcare technology company, we understand the sensitive nature of health information and are committed to maintaining the highest standards of privacy and security in compliance with HIPAA, state privacy laws, and other applicable regulations.

2. Information We Collect

2.1 Personal Health Information (PHI)

We collect and process PHI only as necessary to provide our healthcare management services, including:

  • Patient demographic information
  • Medical history and clinical notes
  • Appointment and scheduling information
  • Billing and insurance information
  • Treatment and medication records

2.2 Account Information

When you create an account, we collect:

  • Name, email address, and contact information
  • Professional credentials and practice information
  • Login credentials and security preferences
  • Billing and payment information

2.3 Usage Data

We automatically collect certain information about your use of our platform:

  • Device information and browser type
  • IP address and location data
  • Usage patterns and feature interactions
  • System performance and error logs

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Healthcare Services: To provide practice management and healthcare coordination services
  • Platform Operation: To operate, maintain, and improve our platform
  • Customer Support: To provide technical support and customer service
  • Security: To detect, prevent, and respond to security threats
  • Compliance: To comply with legal and regulatory requirements
  • Communication: To send important updates about your account and our services

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

4.1 Healthcare Operations

  • With other healthcare providers involved in your care (with appropriate authorization)
  • For insurance billing and claims processing
  • With laboratory and imaging services for test results

4.2 Service Providers

We may share information with trusted service providers who assist in operating our platform, subject to strict confidentiality agreements and HIPAA Business Associate Agreements.

4.3 Legal Requirements

We may disclose information when required by law, such as in response to court orders, subpoenas, or to comply with regulatory requirements.

5. Data Security

We implement industry-leading security measures to protect your information:

  • Encryption: All data is encrypted in transit and at rest using AES-256 encryption
  • Access Controls: Role-based access controls and multi-factor authentication
  • Infrastructure: SOC 2 Type II certified data centers with 24/7 monitoring
  • Auditing: Comprehensive audit logs and regular security assessments
  • Training: Regular security training for all staff members

6. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your information (subject to legal requirements)
  • Portability: Request a copy of your data in a portable format
  • Restriction: Request restrictions on how we process your information
  • Objection: Object to certain types of processing

To exercise these rights, please contact us through your account settings.

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Personal health information is retained according to applicable healthcare record retention requirements, typically 7-10 years after the last patient interaction.

8. International Data Transfers

Our services are primarily hosted in the United States. If you are accessing our services from outside the US, please be aware that your information may be transferred to, stored, and processed in the US where our servers are located and our central database is operated.

9. Children's Privacy

Our services are not intended for children under 13 years of age, except as patients under the care of healthcare providers using our platform. We do not knowingly collect personal information from children under 13 except in the context of healthcare services provided through our platform.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice through email or platform notifications.