Privacy Policy

Information We Collect

We collect the following personal data:

How We Collect Data

Data is collected through the TheraPrac platform, which includes both web and mobile applications. While we use cookies on our website to improve functionality, we do not track or collect personally identifiable information via cookies.

How We Use Your Data

Your data will be used for the following purposes:

• Scheduling
• Billing
• Health records management
• Processing insurance claims
• Payment processing

HIPAA Compliance: Business Associate
& Covered Entity

From a HIPAA perspective, TheraPrac operates as:

• A Business Associate to practices/providers, assisting them in managing patient data securely and in compliance with HIPAA regulations.
• A Covered Entity to clients/patients, ensuring that all personal health information (PHI) is handled in strict compliance with HIPAA requirements.

Data Sharing

We may share your personal data with third parties only when necessary to provide our services:

• Insurance Providers & Clearing Houses: To process insurance claims
• Payment Processors: To process payments securely
• Other Third-Party Providers: We may use other third-party service providers (e.g., hosting or analytics services) to facilitate and support our services. All third parties are required to adhere to strict privacy standards

We do not sell or share your personal information with other third parties for marketing purposes.

Data Storage and Security

We implement the following measures to protect your data:

• Encryption: All sensitive data, including PHI and payment details, are encrypted in transit and at rest using industry-standard encryption protocols (e.g., TLS/SSL, AES-256).
• Secure Servers: Your data is stored on secure servers located in the United States, protected by firewalls and access control technologies.
• Secure Servers: Your data is stored on secure servers located in the United States, protected by firewalls and access control technologies.
• Access Control: Only authorized personnel have access to your data, and they receive regular data protection and privacy training.
• Backups: We perform regular backups and store them in secure off-site locations to ensure data recovery in case of incidents.
• Regular Audits: We conduct security audits and vulnerability assessments to ensure ongoing data protection.

Data Retention

TheraPrac retains personal data for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, accounting, or reporting obligations:

• PHI: Retained for a minimum of 6 years in accordance with HIPAA regulations.
• Billing and Transaction Data: Retained for 7 years to comply with tax and accounting requirements.
• Inactive Accounts: Data from inactive accounts may be anonymized or deleted after 3 years, unless otherwise required by law.
• User-Requested Deletion: Users can request data deletion, and we will comply with such requests in accordance with legal requirements.

User Rights

Users have the following rights regarding their data:

• Access: Users can access their data via the application.
• Correction: Users can correct their data through the application.
• Deletion: Users can request data deletion, and we will comply where legally permitted, noting that some data may need to be retained for regulatory purposes.

Data from Minors

We may collect health data from minors only with parental or guardian consent, as required by law.

Use of Cookies and Tracking Technologies

We use cookies to enhance the functionality of our services. However, no personally identifiable information is collected through cookies.

Data Breach Notification

In the unlikely event of a data breach that involves personal data, we will notify affected users within 72 hours of discovering the breach. Notifications will include details of the breach, what data was affected, and the steps we are taking to mitigate further risks.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we make changes, we will notify you by updating the ‘Effective Date’ at the top of this page and, where appropriate, by sending an email notification. Please review this policy periodically for updates.

Contact Us

If you have any questions or concerns about this Privacy Policy, or if you would like to exercise your rights regarding your data, please contact us at:

TheraPrac Privacy OfficerEmail: privacy@theraprac.com