Privacy Policy

Your privacy and the security of health information is our top priority.

Last Updated: January 2026

1. Introduction

clinicalself ("we," "us," or "our") operates the clinicalself electronic health record ("EHR") platform. We are committed to protecting the privacy and security of personal and health information and complying with applicable laws, including the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our services.

2. Information We Collect

a. Protected Health Information (PHI)

When you use our EHR services, we may collect and store protected health information, including but not limited to:

  • Medical history and clinical notes
  • Diagnoses, treatments, and medications
  • Lab results and imaging references
  • Demographic information (e.g., name, date of birth, gender)

PHI is handled in accordance with HIPAA and applicable state privacy laws.

b. Personal Information

We may collect non-clinical personal information such as:

  • Name, email address, phone number
  • Professional credentials (for providers)
  • Account login information

c. Technical and Usage Data

We may automatically collect:

  • IP address, browser type, device information
  • Log files, access times, and usage activity

This data is used to maintain security, improve functionality, and ensure compliance.

3. How We Use Information

We use information to:

  • Provide, maintain, and improve EHR services
  • Facilitate patient care and clinical documentation
  • Authenticate users and manage accounts
  • Comply with legal, regulatory, and accreditation requirements
  • Prevent fraud, abuse, and unauthorized access

We do not sell or rent PHI.

4. HIPAA Compliance & Business Associate Status

clinicalself acts as a Business Associate under HIPAA when providing services to covered entities. We:

  • Execute Business Associate Agreements (BAAs) where required
  • Limit use and disclosure of PHI to permitted purposes
  • Implement administrative, physical, and technical safeguards

5. Disclosure of Information

We may disclose information:

  • To authorized users as directed by the covered entity
  • To service providers who support our operations and are bound by confidentiality and HIPAA obligations
  • As required by law, regulation, court order, or public health authority
  • To prevent serious threats to health or safety

All disclosures are limited to the minimum necessary.

6. Data Security

We employ industry-standard security measures, including:

  • Encryption of data at rest and in transit
  • Role-based access controls
  • Audit logging and monitoring
  • Regular security assessments and risk analyses

Despite our safeguards, no system is 100% secure. Users are responsible for maintaining the confidentiality of their login credentials.

7. Data Retention

We retain PHI and personal data only as long as necessary to:

  • Fulfill contractual and legal obligations
  • Comply with healthcare record retention laws
  • Resolve disputes and enforce agreements

8. Individual Rights

Where applicable and as required by HIPAA, individuals may have the right to:

  • Access their PHI
  • Request corrections or amendments
  • Request restrictions on certain uses or disclosures
  • Obtain an accounting of disclosures

Requests must be submitted through the covered entity or as otherwise permitted by law.

9. Children's Privacy

Our services are intended for use by healthcare professionals and authorized users. We do not knowingly collect personal information directly from children except as part of lawful healthcare records.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted with a revised "Last Updated" date. Continued use of the application constitutes acceptance of the updated policy.

11. Contact Information

If you have questions about this Privacy Policy or our privacy practices, contact:

privacy@clinicalself.com