Updated: November 13, 2023
Policy”) informs you what Personal Information (“PI”) PracticeSuite, Inc.
(“PracticeSuite” or “we” or “us” or “our”) may collect, how PracticeSuite
collects such PI, how PracticeSuite uses such PI in connection with the
Services we provide to you or our customers, and your choices related to your PI.
means PracticeSuite’s products and services, such as our website (“Sites”),
electronic medical records systems, practice management systems, healthcare
provider customer portals (“Provider Portals”), patient portals (“Patient
Portals,” collectively with Provider Portals, “Portals”), and software and
mobile applications for the forgoing.
not include Protected Health Information (“PHI”) in the definition of Personal
Information (“PI”) because, as discussed in Sections 2 and 4, PHI is protected
by federal law (HIPAA, the HITECH Act, and other regulations) and state privacy
laws, and the Customer Documents (as defined below) because PracticeSuite
provides Services to Health Care Providers.
Accordingly, because PHI is handled differently under the Customer
Documents, if you are a patient of a Provider (as defined below), your PHI is
subject to the Customer Documents and your Provider’s terms of service and
wherever it is posted, and it is part of and incorporated into applicable Terms
Services, and into any applicable Terms and Conditions our Company website, software and mobile applications (“Terms and Conditions”). By visiting or using the Services or
otherwise affirming the acceptance of an agreement into which this Privacy
Policy is incorporated by reference, you acknowledge and agree to accept the
disclosure, and transfer of your PI. If
contract and does not create any contractual rights or obligations. Your use of the Services is governed by the
Please note that some privacy
rights and obligations may differ in certain locations based on local law, in
which case PracticeSuite will comply with the local legal requirements.
Privacy Rights: If you are a California resident, our Privacy Notice for
California Residents may apply to you. For a copy of our Privacy
Notice for California Residents, please visit the link at www.practicesuite.com or email us at email@example.com
Personal Information We Collect:
When you access and use the
Services, we may collect the following types of information:
Information” or “PI” is information that identifies an individual or relates to
an identifiable individual or household.
The types of Personal Information collected, and the uses thereof depend
on the purposes for which we collect the PI (e.g., whether you are a visitor to
Information does not include Protected Health Information.
Health Information” or “PHI” is individually identifiable health information
that is protected by the Health Insurance Portability and Accountability Act of
1996, as amended, and its implementing regulations (“HIPAA”).
Data” is information that we automatically collect about your use of the Sites
and includes the sort that Web browsers and servers typically make available,
through Web server logs, Web beacons, cookies and
other similar tracking technologies, about the devices you use to access our
Sites, as well as information on how you interact with our Sites. We do not deploy non-essential third-party
cookies or similar tracking technologies on the Portals; however, we may
collect log information including Usage Data for internal uses or uses by our
service providers on our behalf, such as ensuring the security and integrity of
our Services. Usage Data may include the
IP address of a device or internet service used to connect your device to the
Internet and may provide information about your Location; computer and
connection information such as your browser type and version; operating system
and platform; confirmation when you open e-mail that we send you; purchase
history; and the URLs which lead you to and around the Site including the date
and time of access. Usage Data may
overlap with Location Information. Usage Data generally does not directly
identify an individual but may constitute PI in some instances.
We Collect Your Personal Information:
information collected from users of the Services to personalize and improve
your visit and experience, to provide the Services to you or our customers, and
for other purposes set forth below. When
you use the Services, PracticeSuite may collect PI in the following ways
3.2 Information You Provide to
PracticeSuite collects PI when you use and interact with the services, such as
with PracticeSuite about our Services whether by letter, e-email, online chat
window, or telephone;
and submit forms to us or our customers on our Sites, Provider Portals, Patient
Portals, or mobile applications; or
our Sites or interact with us on social media and provide us with PI.
3.3 Information that
PracticeSuite Collects Automatically
When you use the Services, PracticeSuite may automatically collect Usage
Data subject to the settings of your device that you use to access the
Services. With your consent, we may also
collect information from your device to facilitate your use of certain features
with our Services. PracticeSuite may use
this data to analyze trends and statistics to improve your online experience or
our customer service. We do not deploy non-essential third-party cookies or
similar tracking technologies on our Portals but may collect Usage Data for
purposes such as ensuring the security and integrity of our Services. We
may combine this information with other information that we have collected
about you, including, where applicable, your username, name, and other personal
information. Please see the section “Our
3.4 Information from Other
: PracticeSuite may collect PI from other
sources such as the Internet and other publicly available sources, databases,
data aggregators, marketing companies, and other third parties, including
sources from which you authorize us to obtain Personal Information about you on
your behalf. If you authorize us to
collect information from a third party, or if you authorize a third party to
send us information, and you later decide that you no longer want us to obtain
that information, you may need to contact the third-party source directly and
request that they stop transmitting information to us. For example, if you
submit claims to the Centers for Medicare and Medicaid Services (“CMS”), you
may decide to authorize us to obtain information directly from CMS. For more
information about how those third parties collected and used your Personal
Health Information; PracticeSuite as a Business Associate:
Certain Services we provide
to our customers or make available to their patients, such as the Portals, as
well as certain support operations, involve access to, and the processing of,
PHI. This PHI is provided to us pursuant to a service agreement, business
associate agreement, or other document with terms and conditions for the
Services (the “Customer Documents”) that we have entered with our
customers (health care providers or their firms, “Providers”) that also
govern our use of PHI of their patients provided by our Provider customers or
their patient users.
Associate of its Providers, who are Covered Entities, in accordance with any
instructions or restrictions provided to PracticeSuite by the Provider and in
full compliance with the applicable
you are a patient of a Provider, our use and disclosure of your PHI is governed
by HIPAA and other applicable law and the Customer Documents with your Provider
transfer of such PHI are governed, in turn, by your Provider’s terms and
conditions and privacy practices between you and your Provider. Please submit
all requests and questions related to your PHI directly to your Provider. We
are not responsible for how our Provider customers treat PHI we collect on
their behalf, and we recommend you review the privacy policies & practices
of your Provider.
Sites are generally not intended to collect or retain any PHI. Thus, sections
Sites do not apply to PHI, and we do not request, obtain, use or disclose any
PHI through our Sites such as www.practicesuite.com
of Information Collected by PracticeSuite:
PracticeSuite uses the PI
collected to provide Services to our customers and their authorized users to
improve user experience with Services, and to communicate with you about
requested information. PracticeSuite may
use PI to help target specific offers to customers and others, and to develop
and improve its Services.
PracticeSuite may disclose
your PI as specified in Section 7, and use you PI to:
to user service requests, user questions and concerns, and administer user
accounts. We may use your information to
verify your identity, register you, administer your account, or provide you
with information, products, and services that you request.
service to our customers, which include Providers. If you are a patient of a Provider, we use
your information when providing
the Services to the Provider.
5.2.3 Communicate with users about our products, services, and related issues. We may use your information to try to identify if you may be interested in any of the Services or our business partners’ products and services.
fees and provide users with invoices or resolve billing issues. We may use your information to verify your
identity in order to process your payments.
the security and integrity of our Services.
internal analysis for the purposes of development and improvement of the PracticeSuite
and maintain the quality of our Services, improve the Services, or develop new
the event of a business transaction
: if we are exploring or in the process
of a business transaction or financial transaction, such as a merger,
acquisition, divestiture, restructuring, reorganization, dissolution,
bankruptcy, securities offering, or sale of all or a portion of our assets, we
may use your information in connection with exploring or concluding such
comply with law
we may disclose your information to comply with any applicable laws and/or
regulations, such as to comply with any applicable laws and/or regulations, and
to comply with valid legal processes.
Such legal processes include but are not limited to a search warrant,
subpoena, or order from a court or tribunal of competent jurisdiction.
We and our service providers may
“Data Collection Technologies”) to help us provide, customize, and improve the
Sites. We may share aggregate or
de-identified information about users with third parties for marketing,
advertising, research or similar purposes. The Data
Collection Technologies we use on our Sites include:
Web Beacon is a Web page is a tool such as a pixel tag or clear GIF that may be
embedded into our Sites or e-mail communications, which may employ cookie
technology to enable PracticeSuite to track and collect information from users.
Cookies are small text files
placed on your device to store data that can be recalled by a Web server in the
domain that placed the cookie.
6.2 How do we use “Cookies”
are necessary to provide functionality and track user’s activity: register
information about user’s navigation on our website (e.g., loaded pages, date,
time of day and length of visit etc.) which we can access during your next
visit to customize the website and Services to your personal requirements and
optimize your experience. We may also
use this information to automatically enter your data into inquiry forms, so
next time you need to complete a form, you do not need to manually enter the
never store passwords or similarly sensitive data in our website cookies. The
updates are based on information supplied by cookies. Cookies also help us
personalize web content and meet the demands of our visitors.
computer that was not initially sent as a cookie.
can disable cookies or set your browser setting to block or alert you about
cookies, however if you instruct your Internet browser or mobile app to not accept
certain types of cookies, our site and Services may not work properly or at
6.3 Our Sites may use the
following types of cookies
cookies are necessary for the Sites to function and cannot be switched off in
our systems. Essential cookies are
usually only set in response to actions made by you which amount to a request
for services, such as setting your privacy preferences, logging in or filling
in forms. You can set your browser to
block or alert you about these cookies, but some parts of the Sites will not
cookies collect information on how users operate our site and services and help
us to improve them. Analytics/Performance cookies help us know
which pages are the most and least popular and see how visitors move around the
cookies are used to remember some choices that users make (e.g., search
parameters or language settings) and to make your use of our website and Services
more tailored. Functionality/Advertising
cookies may be set by our advertising partners at Sites where a cookie banner
is displayed. These cookies may be used
by those advertising partners to build a profile of your interests and to show
you relevant adverts on other websites. You
may disallow these targeting/advertising cookies using the cookie banner.
6.4 Notice Do Not Track Signals
do not support Do Not Track (“DNT”). DNT is a preference you can set in your
web browser to inform websites that you do not want to be tracked. You can
enable or disable Do Not Track by visiting the Preferences or Settings page of
your web browser.
6.5 Right to Erasure (“Right to
are eligible to delete certain Data from our website and Services.
you choose to delete your Data, it will become unavailable and will be complete
deleted within 60 days of your delete request.
be aware that we may have to store Data for a longer period
of time due to either technical limitations or to comply with law.
7.1 At Your Request: PracticeSuite may disclose
to third parties at your
request, direction, or authorization.
7.2 Internal Sharing:
PracticeSuite may disclose
Personal Information to its affiliates (including parents, entities under
common ownership, and subsidiaries, such as Healow, LLC), and other related
companies without authorization.
7.3 With Our Service Providers:
PracticeSuite may disclose
PI to service providers for the purposes of operating our business, delivering,
improving, and customizing our products or services, sending marketing and
communications related to our business, payment processing, and for other
legitimate purposes permitted by applicable law.
7.4 With Our Customers:
PracticeSuite may disclose
PI, including Sensitive Personal Information, to its customers consistent with
the Customer Documents. Sensitive
Personal Information” refers to Personal Information regarding more sensitive
areas, such as government ID and certain other financial information, gender,
marriage status, race/ethnicity, or veteran or disability status.
7.5 Compliance With Law:
To the extent permitted by
law, PracticeSuite will disclose PI to government authorities or third parties
pursuant to a legal request, subpoena, or other legal process. PracticeSuite may also use or disclose your PI
as permitted by law to perform charge verifications, apply, or enforce the
rights, interests, or property as well as those of PracticeSuite’s affiliates,
customers, or Service users.
7.6 Business Transaction:
If PracticeSuite sells all
or part of its business or makes a sale or transfer of assets or is otherwise
involved in a merger or business transfer, PracticeSuite may transfer your PI
to a third party as part of that transaction.
In connection with the
Services, PracticeSuite may collect or store biometric data, such as
fingerprints or facial geometry scans, which are used for authentication and
verification of your identity. This
information may be biometric data under certain laws governing the collection,
use, storage, and disclosure of biometric data.
By providing such information, you acknowledge that you have been
advised of, and understand that, PracticeSuite, and its agents and contractors,
may collect, use, store, and disclose biometric data for the purposes described
biometric information. We will retain
such biometric data only until the occurrence of the first of the following, at
which point the data will be scheduled for deletion: (a) the purposes outlined
in this Section 9 have been satisfied, (b) any date of deletion required by
applicable law, or (c) three (3) years have passed since your last interaction
with our Services. Notwithstanding the
foregoing, (1) PracticeSuite will not delete biometric data that is PHI unless
required by the applicable Provider, and (2) except as provided for in
subsection (1), the collection, use, storage, disclosure, and retention of
biometric data that is PHI through the use of any Service shall be governed by
this Section 9.
Protect Your Personal Information:
The security of PI is very
important to us. We use safeguards
beyond industry best practices to protect against unauthorized use, disclosure,
alteration, or destruction of the PI we collect and maintain. You should keep in mind, however, that no
data transmitted over the internet is 100% secure. Although we strive to protect the PI in our
possession, we cannot guarantee or warrant 100% security of any information you
transmit to or from our Services.
Retention of Personal
PracticeSuite will retain and
use your PI as necessary to comply with PracticeSuite’s business requirements,
legal obligations, resolve disputes, protect our assets, and enforce our
Children’s Information and
Our website and Services are
not intended for use by or directed towards individuals under the age of
18. If you are under 18 years old or
otherwise have not attained the age of majority in your state of residence, you
must have your parent’s or guardian’s permission to use the Service(s).
We do not knowingly collect
any PI through our Sites from individuals under 18. If we learn that we have received any PI
directly from an individual under the age 18, without first receiving his or
her parent’s or legal guardian’s verified consent, we will use that PI only to
respond directly to that child (or child’s parent/legal guardian) to inform the
child that he or she cannot use the Services. We will then subsequently delete that child’s PI.
If you are an individual
under the age of 18, you will not be granted access to PracticeSuite’s Portals
per company policy.
Links to Third-Party
Our Services may contain
certain links to other sites that are not owned or controlled by us. PracticeSuite is not responsible or liable
for the privacy practices or content found on other websites. You encourage you to check the privacy notice
and policies of each website that collects PI. Links to third party websites are provided
solely for your convenience and any use or submission of data to such websites
shall be at your sole risk.
PracticeSuite may provide
aggregated information related to your PI to some of our business
partners. This information is used in a
collective manner and does not identify you individually in any way. If you are a patient of a Provider, we may
only create, use or disclose aggregated or certain
de-identified PHI as authorized by your Provider in the Customer
Note to International Visitors:
The Services are intended for
use in the United States only. If you
visit our Services or contact us from outside of the United States, please be
advised that: (i) any information you provide to us
or that we automatically collect, including PI, will be transferred to the
United States; and (ii) that by using our Services or submitting information,
including PI, you explicitly authorize
its transfer to and subsequent processing in the United States in accordance
Changes to this Privacy
PracticeSuite reserves the
indicated, changes will be effective upon the last updated date at the top of
may be by means such as by posting a notice directly on the Services, by sending
an e-mail notification (if you have provided your e-mail address to us), or by
any other reasonable method. Your
continued use of the Services after the changes have been posted indicates your
please stop using the Services.
16.1 If you have any questions or
. This e-mail address is monitored
only for privacy- and security-related inquiries. If you are a patient and have
a question related to accessing the Patient Portal, please contact your
Pursuant to applicable law, PracticeSuite may be required to send you notice of known or suspected security breaches that impact your PI. In the event that PracticeSuite must provide a notice of a security breach to you, PracticeSuite will send notice(s) to the contact information contained in your account information unless PracticeSuite is required by law to notify you using another method.