Privacy Policy
1. General
US Demo Clinic is committed to protecting your privacy and your protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy laws. This policy explains what information we collect, how it is used, how it is protected, and what rights you have regarding your data.
2. Information We Collect
As part of the service, we collect the following types of information: • Identifying personal information: full name, email address, phone number • Health information: treatment summaries, clinical notes, intake questionnaires, session transcripts • Appointment information: appointment dates, treatment types, status • Payment information: payment amounts, dates, payment methods (without full card details) • Technical information: IP address, browser type, device information — for security purposes only
3. How We Use Your Information
Information is used solely for treatment, payment, and health-care operations, including: • Managing appointments and sending reminders • Maintaining medical records as required by law • Processing payments and issuing receipts • Communicating with you (reminders, updates, follow-up) • Maintaining and improving the system, using internal system data only • Complying with legal and regulatory requirements We will not use your information for marketing without your explicit prior authorization.
4. Disclosure to Third Parties
Your information is not disclosed to any third party except: • Business associates: hosting, database, and messaging providers operating under a HIPAA Business Associate Agreement (BAA) and bound by confidentiality • Legal obligation: as required by law, court order, or a demand from a competent authority • Your authorization: where you have given explicit prior written authorization Card details are never stored in the system — they are processed directly by a PCI-DSS-certified payment processor.
5. Data Security
We apply administrative, physical, and technical safeguards required by the HIPAA Security Rule, including: • Encryption of all communications (TLS/HTTPS) • Encryption of sensitive data at rest • Multi-factor authentication (MFA) for access to health information • Complete data isolation between different practices • Logging and monitoring of access to all sensitive data • Regular encrypted backups • Role-based access control
6. Data Retention and Deletion
Medical records are retained for the period required by applicable law. After this period, information is securely deleted. Identifying personal information can be deleted on request — medical records are retained in de-identified form where the law requires retention.
7. Your Rights
Under HIPAA and applicable state law, you have the right to: • Access: receive a copy of the health information we hold about you • Amendment: request correction of inaccurate or incomplete information • Accounting of disclosures: receive a list of certain disclosures of your information • Restriction: request limits on certain uses and disclosures • Confidential communications: request that we contact you by a specific means or at a specific location To exercise your rights, use the settings page in your patient area, or contact your practitioner directly.
8. Contact
For privacy questions or to file a complaint, contact your practitioner through the clinic's contact page. You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.