Search
Close this search box.

PracticeSuite’s Privacy Policy

Last Updated: November 13, 2023

1.     Introduction:

1.1  This Privacy Policy (“Privacy Policy”) informs you what Personal Information (“PI”) PracticeSuite, Inc. (“PracticeSuite” or “we” or “us” or “our”) may collect, how PracticeSuite collects such PI, how PracticeSuite uses such PI in connection with the Services we provide to you or our customers, and your choices related to your PI.

1.1.1      “Services” means PracticeSuite’s products and services, such as our website (“Sites”), electronic medical records systems, practice management systems, healthcare provider customer portals (“Provider Portals”), patient portals (“Patient Portals,” collectively with Provider Portals, “Portals”), and software and mobile applications for the forgoing.

1.2  In this Privacy Policy, we do not include Protected Health Information (“PHI”) in the definition of Personal Information (“PI”) because, as discussed in Sections 2 and 4, PHI is protected by federal law (HIPAA, the HITECH Act, and other regulations) and state privacy laws, and the Customer Documents (as defined below) because PracticeSuite provides Services to Health Care Providers. Accordingly, because PHI is handled differently under the Customer Documents, if you are a patient of a Provider (as defined below), your PHI is subject to the Customer Documents and your Provider’s terms of service and privacy practices.

1.3  This Privacy Policy applies wherever it is posted, and it is part of and incorporated into applicable Terms of Use Agreements (“Terms of Use”) for the Sites, the Portals, and other Services, and into any applicable Terms and Conditions our Company website, software and mobile applications (“Terms and Conditions”). By visiting or using the Services or otherwise affirming the acceptance of an agreement into which this Privacy Policy is incorporated by reference, you acknowledge and agree to accept the practices described in this Privacy Policy regarding the collection, us, disclosure, and transfer of your PI. If you do not agree to the terms of this Privacy Policy, please do not use the service. This Privacy Policy is not a contract and does not create any contractual rights or obligations. Your use of the Services is governed by the applicable Terms of Use or Terms and Conditions of their respective Services.

1.4  Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case PracticeSuite will comply with the local legal requirements.

1.4.1      California Privacy Rights: If you are a California resident, our Privacy Notice for California Residents may apply to you. For a copy of our Privacy Notice for California Residents, please visit the link at www.practicesuite.com or email us at legal-ip@practicesuite.com .

2.     The Personal Information We Collect:

2.1  When you access and use the Services, we may collect the following types of information:

2.1.1      “Personal Information” or “PI” is information that identifies an individual or relates to an identifiable individual or household. The types of Personal Information collected, and the uses thereof depend on the purposes for which we collect the PI (e.g., whether you are a visitor to our Sites, a user of our Portals, or a customer of our Services). As used in this Privacy Policy, Personal Information does not include Protected Health Information.

2.1.2      “Protected Health Information” or “PHI” is individually identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”).

2.1.3      “Usage Data” is information that we automatically collect about your use of the Sites and includes the sort that Web browsers and servers typically make available, through Web server logs, Web beacons, cookies and other similar tracking technologies, about the devices you use to access our Sites, as well as information on how you interact with our Sites. We do not deploy non-essential third-party cookies or similar tracking technologies on the Portals; however, we may collect log information including Usage Data for internal uses or uses by our service providers on our behalf, such as ensuring the security and integrity of our Services. Usage Data may include the IP address of a device or internet service used to connect your device to the Internet and may provide information about your Location; computer and connection information such as your browser type and version; operating system and platform; confirmation when you open e-mail that we send you; purchase history; and the URLs which lead you to and around the Site including the date and time of access. Usage Data may overlap with Location Information. Usage Data generally does not directly identify an individual but may constitute PI in some instances. 

3.     How We Collect Your Personal Information:

3.1  PracticeSuite uses information collected from users of the Services to personalize and improve your visit and experience, to provide the Services to you or our customers, and for other purposes set forth below. When you use the Services, PracticeSuite may collect PI in the following ways described below.

3.2  Information You Provide to PracticeSuite : PracticeSuite collects PI when you use and interact with the services, such as when you:

3.2.1      Communicate with PracticeSuite about our Services whether by letter, e-email, online chat window, or telephone;

3.2.2      Complete and submit forms to us or our customers on our Sites, Provider Portals, Patient Portals, or mobile applications; or

3.2.3      Visit our Sites or interact with us on social media and provide us with PI.

3.3  Information that PracticeSuite Collects Automatically : When you use the Services, PracticeSuite may automatically collect Usage Data subject to the settings of your device that you use to access the Services. With your consent, we may also collect information from your device to facilitate your use of certain features with our Services. PracticeSuite may use this data to analyze trends and statistics to improve your online experience or our customer service. We do not deploy non-essential third-party cookies or similar tracking technologies on our Portals but may collect Usage Data for purposes such as ensuring the security and integrity of our Services.  We may combine this information with other information that we have collected about you, including, where applicable, your username, name, and other personal information. Please see the section “Our Use of Cookies and Other Tracking Mechanisms” below for more information about our use of cookies and other tracking mechanisms.

3.4  Information from Other Sources : PracticeSuite may collect PI from other sources such as the Internet and other publicly available sources, databases, data aggregators, marketing companies, and other third parties, including sources from which you authorize us to obtain Personal Information about you on your behalf. If you authorize us to collect information from a third party, or if you authorize a third party to send us information, and you later decide that you no longer want us to obtain that information, you may need to contact the third-party source directly and request that they stop transmitting information to us. For example, if you submit claims to the Centers for Medicare and Medicaid Services (“CMS”), you may decide to authorize us to obtain information directly from CMS. For more information about how those third parties collected and used your Personal Information, please review the privacy policy of the respective third party. 

4.     Protected Health Information; PracticeSuite as a Business Associate:

4.1  Certain Services we provide to our customers or make available to their patients, such as the Portals, as well as certain support operations, involve access to, and the processing of, PHI. This PHI is provided to us pursuant to a service agreement, business associate agreement, or other document with terms and conditions for the Services (the “Customer Documents”) that we have entered with our customers (health care providers or their firms, “Providers”) that also govern our use of PHI of their patients provided by our Provider customers or their patient users. 

4.1.1      The Privacy Policy supplements the Customer Documents. PracticeSuite only uses such PHI as a Business Associate of its Providers, who are Covered Entities, in accordance with any instructions or restrictions provided to PracticeSuite by the Provider and in full compliance with the applicable provisions of HIPAA. 

4.1.2      If you are a patient of a Provider, our use and disclosure of your PHI is governed by HIPAA and other applicable law and the Customer Documents with your Provider – not by this Privacy Policy. Your Provider’s collection, use, disclosure, and transfer of such PHI are governed, in turn, by your Provider’s terms and conditions and privacy practices between you and your Provider. Please submit all requests and questions related to your PHI directly to your Provider. We are not responsible for how our Provider customers treat PHI we collect on their behalf, and we recommend you review the privacy policies & practices of your Provider.

4.1.3      Our Sites are generally not intended to collect or retain any PHI. Thus, sections of this Privacy Policy that discuss Personal Information collection on the Sites do not apply to PHI, and we do not request, obtain, use or disclose any PHI through our Sites such as www.practicesuite.com .

5.     Use of Information Collected by PracticeSuite:

5.1  PracticeSuite uses the PI collected to provide Services to our customers and their authorized users to improve user experience with Services, and to communicate with you about requested information. PracticeSuite may use PI to help target specific offers to customers and others, and to develop and improve its Services.

5.2  PracticeSuite may disclose your PI as specified in Section 7, and use you PI to:

5.2.1      Respond to user service requests, user questions and concerns, and administer user accounts. We may use your information to verify your identity, register you, administer your account, or provide you with information, products, and services that you request.

5.2.2      Provide service to our customers, which include Providers. If you are a patient of a Provider, we use your information when providing the Services to the Provider.

5.2.3       Communicate with users about our products, services, and related issues. We may use your information to try to identify if you may be interested in any of the Services or our business partners’ products and services.

5.2.4      Administer fees and provide users with invoices or resolve billing issues. We may use your information to verify your identity in order to process your payments.

5.2.5      Ensure the security and integrity of our Services.

5.2.6      Conduct internal analysis for the purposes of development and improvement of the PracticeSuite app.

5.2.7      Verify and maintain the quality of our Services, improve the Services, or develop new Services.

5.2.8      In the event of a business transaction : if we are exploring or in the process of a business transaction or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets, we may use your information in connection with exploring or concluding such transaction.

5.2.9      To comply with law : we may disclose your information to comply with any applicable laws and/or regulations, such as to comply with any applicable laws and/or regulations, and to comply with valid legal processes. Such legal processes include but are not limited to a search warrant, subpoena, or order from a court or tribunal of competent jurisdiction.

6.     Data Collection Technologies:

6.1  We and our service providers may use cookies, Web beacons, log files, and other technologies (collectively, “Data Collection Technologies”) to help us provide, customize, and improve the Sites. We may share aggregate or de-identified information about users with third parties for marketing, advertising, research or similar purposes. The Data Collection Technologies we use on our Sites include:

6.1.1      Web Beacons: A Web Beacon is a Web page is a tool such as a pixel tag or clear GIF that may be embedded into our Sites or e-mail communications, which may employ cookie technology to enable PracticeSuite to track and collect information from users.

6.1.2      Cookies: Cookies are small text files placed on your device to store data that can be recalled by a Web server in the domain that placed the cookie.

6.2  How do we use “Cookies” :

6.2.1      Cookies are necessary to provide functionality and track user’s activity: register information about user’s navigation on our website (e.g., loaded pages, date, time of day and length of visit etc.) which we can access during your next visit to customize the website and Services to your personal requirements and optimize your experience. We may also use this information to automatically enter your data into inquiry forms, so next time you need to complete a form, you do not need to manually enter the information.

6.2.2      We never store passwords or similarly sensitive data in our website cookies. The use of cookies is common and used on most websites. Many improvements and updates are based on information supplied by cookies. Cookies also help us personalize web content and meet the demands of our visitors.

6.2.3      Our website and Services do not use cookies to collect Personal Data from your computer that was not initially sent as a cookie.  

6.2.4      Users can disable cookies or set your browser setting to block or alert you about cookies, however if you instruct your Internet browser or mobile app to not accept certain types of cookies, our site and Services may not work properly or at all.

6.3  Our Sites may use the following types of cookies :

6.3.1      Essential Cookies : These cookies are necessary for the Sites to function and cannot be switched off in our systems. Essential cookies are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the Sites will not then work. 

6.3.2      Analytics/Performance Cookies: These cookies collect information on how users operate our site and services and help us to improve them. Analytics/Performance cookies help us know which pages are the most and least popular and see how visitors move around the Sites. 

6.3.3      Functionality/Advertising Cookies: These cookies are used to remember some choices that users make (e.g., search parameters or language settings) and to make your use of our website and Services more tailored. Functionality/Advertising cookies may be set by our advertising partners at Sites where a cookie banner is displayed. These cookies may be used by those advertising partners to build a profile of your interests and to show you relevant adverts on other websites. You may disallow these targeting/advertising cookies using the cookie banner.

6.4  Notice Do Not Track Signals :

6.4.1      We do not support Do Not Track (“DNT”). DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

6.5  Right to Erasure (“Right to be forgotten”) :

6.5.1      You are eligible to delete certain Data from our website and Services.

6.5.2      If you choose to delete your Data, it will become unavailable and will be complete deleted within 60 days of your delete request.

6.5.3      Please be aware that we may have to store Data for a longer period of time due to either technical limitations or to comply with law.

7.     Disclosing Your Information:

7.1  At Your Request: PracticeSuite may disclose PI to third parties at your request, direction, or authorization.

7.2  Internal Sharing: PracticeSuite may disclose Personal Information to its affiliates (including parents, entities under common ownership, and subsidiaries, such as Healow, LLC), and other related companies without authorization. 

7.3  With Our Service Providers: PracticeSuite may disclose PI to service providers for the purposes of operating our business, delivering, improving, and customizing our products or services, sending marketing and communications related to our business, payment processing, and for other legitimate purposes permitted by applicable law. 

7.4  With Our Customers: PracticeSuite may disclose PI, including Sensitive Personal Information, to its customers consistent with the Customer Documents. Sensitive Personal Information” refers to Personal Information regarding more sensitive areas, such as government ID and certain other financial information, gender, marriage status, race/ethnicity, or veteran or disability status. 

7.5  Compliance With Law: To the extent permitted by law, PracticeSuite will disclose PI to government authorities or third parties pursuant to a legal request, subpoena, or other legal process. PracticeSuite may also use or disclose your PI as permitted by law to perform charge verifications, apply, or enforce the Service’s Terms of Use or Terms and Conditions, or protect PracticeSuite’s rights, interests, or property as well as those of PracticeSuite’s affiliates, customers, or Service users. 

7.6  Business Transaction: If PracticeSuite sells all or part of its business or makes a sale or transfer of assets or is otherwise involved in a merger or business transfer, PracticeSuite may transfer your PI to a third party as part of that transaction.

8.     Biometric Data:

8.1  In connection with the Services, PracticeSuite may collect or store biometric data, such as fingerprints or facial geometry scans, which are used for authentication and verification of your identity. This information may be biometric data under certain laws governing the collection, use, storage, and disclosure of biometric data. By providing such information, you acknowledge that you have been advised of, and understand that, PracticeSuite, and its agents and contractors, may collect, use, store, and disclose biometric data for the purposes described in this Privacy Policy, or as otherwise described in the Services. We will not sell, lease, or trade your biometric information. We will retain such biometric data only until the occurrence of the first of the following, at which point the data will be scheduled for deletion: (a) the purposes outlined in this Section 9 have been satisfied, (b) any date of deletion required by applicable law, or (c) three (3) years have passed since your last interaction with our Services. Notwithstanding the foregoing, (1) PracticeSuite will not delete biometric data that is PHI unless required by the applicable Provider, and (2) except as provided for in subsection (1), the collection, use, storage, disclosure, and retention of biometric data that is PHI through the use of any Service shall be governed by Section 4 of this Privacy Policy and any applicable Customer Documents, not this Section 9.

9.     We Protect Your Personal Information:

9.1  The security of PI is very important to us. We use safeguards beyond industry best practices to protect against unauthorized use, disclosure, alteration, or destruction of the PI we collect and maintain. You should keep in mind, however, that no data transmitted over the internet is 100% secure. Although we strive to protect the PI in our possession, we cannot guarantee or warrant 100% security of any information you transmit to or from our Services.

10.  Retention of Personal Information “PI”:

10.1 PracticeSuite will retain and use your PI as necessary to comply with PracticeSuite’s business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreement.

11.  Children’s Information and Privacy:

11.1 Our website and Services are not intended for use by or directed towards individuals under the age of 18. If you are under 18 years old or otherwise have not attained the age of majority in your state of residence, you must have your parent’s or guardian’s permission to use the Service(s).

11.2 We do not knowingly collect any PI through our Sites from individuals under 18. If we learn that we have received any PI directly from an individual under the age 18, without first receiving his or her parent’s or legal guardian’s verified consent, we will use that PI only to respond directly to that child (or child’s parent/legal guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete that child’s PI.

11.3 If you are an individual under the age of 18, you will not be granted access to PracticeSuite’s Portals per company policy.

12.  Links to Third-Party Websites:

12.1 Our Services may contain certain links to other sites that are not owned or controlled by us. PracticeSuite is not responsible or liable for the privacy practices or content found on other websites. You encourage you to check the privacy notice and policies of each website that collects PI. Links to third party websites are provided solely for your convenience and any use or submission of data to such websites shall be at your sole risk. 

13.  Aggregated De-Identified Information:

13.1 PracticeSuite may provide aggregated information related to your PI to some of our business partners. This information is used in a collective manner and does not identify you individually in any way. If you are a patient of a Provider, we may only create, use or disclose aggregated or certain de-identified PHI as authorized by your Provider in the Customer Documents. 

14.  Note to International Visitors:

14.1 The Services are intended for use in the United States only. If you visit our Services or contact us from outside of the United States, please be advised that: (i) any information you provide to us or that we automatically collect, including PI, will be transferred to the United States; and (ii) that by using our Services or submitting information, including PI, you explicitly authorize its transfer to and subsequent processing in the United States in accordance with the laws of the United States and this Privacy Policy.

15.  Changes to this Privacy Policy:

15.1 PracticeSuite reserves the right to change or replace this Privacy Policy and any time. Unless otherwise indicated, changes will be effective upon the last updated date at the top of this Privacy Policy. Please check this Privacy Policy regularly to ensure that you are aware of any changes. We may try to notify you of material changes to this Privacy Policy, which if we do so may be by means such as by posting a notice directly on the Services, by sending an e-mail notification (if you have provided your e-mail address to us), or by any other reasonable method. Your continued use of the Services after the changes have been posted indicates your acceptance of the amended Privacy Policy. If you do not agree with the changes, please stop using the Services. 

16.  Contact Information:

16.1 If you have any questions or comments about this Privacy Policy, please contact us at privacy@practicesuite.com . This e-mail address is monitored only for privacy- and security-related inquiries. If you are a patient and have a question related to accessing the Patient Portal, please contact your healthcare provider. 

Pursuant to applicable law, PracticeSuite may be required to send you notice of known or suspected security breaches that impact your PI. In the event that PracticeSuite must provide a notice of a security breach to you, PracticeSuite will send notice(s) to the contact information contained in your account information unless PracticeSuite is required by law to notify you using another method.