Privacy Policy
EasyMindCare is committed to protecting the privacy and security of providers and their clients.
What We Collect
- Provider profile, credentials, and billing data
- Client PHI entered by providers in the EHR
- Technical metadata and secure interaction logs
- Cookies and similar technologies for secure operation
How We Use Data
- Manage accounts, payments, support, and updates
- Process PHI strictly on behalf of covered entities
- Use de-identified metrics for reliability and improvements
- Never train generalized AI on PHI without consent
Data Protection
- TLS/SSL in transit and AES-256 encryption at rest
- Role-based access controls and MFA support
- Comprehensive auditing aligned with HIPAA Security Rule
- HIPAA-compliant cloud infrastructure safeguards
Rights & Choices
- Providers can update account data and preferences
- Patients direct HIPAA record requests to providers
- 30-day export window after cancellation
- Administrative/security notices remain required
Complete Privacy Policy
1. The Information We Collect
Provider Information
When you register, we collect personal information such as your name, email address, phone number, professional credentials, practice details, and billing information.
Client Information (PHI)
As an EHR, we store Protected Health Information (PHI) that you input into the system, including patient demographics, session notes, clinical assessments, treatment plans, and billing records.
Automatically Collected Data
We automatically collect technical data such as IP address, browser type, operating system, access times, and interaction logs. We use cookies and similar technologies to keep the platform secure and efficient.
2. How We Use Your Information
To Provide the Service: We use Provider Information to manage your account, process payments, provide support, and communicate service updates.
To Safeguard PHI: Client Information is processed strictly on behalf of Providers as outlined in the BAA. We do not sell PHI or use PHI for our own marketing.
To Improve the Platform: We may use aggregated, fully de-identified usage data to monitor performance, fix bugs, and improve user experience.
AI & Machine Learning: We do not use your PHI to train generalized AI or machine learning models without your explicit consent.
3. How We Share Your Information
We do not sell or rent your personal information or your clients' PHI. We only share information in limited circumstances.
- Service Providers: Trusted vendors (e.g., cloud hosting, clearinghouses, payment processors) under strict subcontractor BAAs where PHI is involved
- Legal Requirements: Disclosures required by law, court order, subpoena, or regulatory authorities
- Business Transfers: In merger, acquisition, or sale scenarios, transferred data remains bound by equivalent confidentiality and HIPAA obligations
4. Data Security & HIPAA Compliance
We employ robust, industry-standard security measures:
- Encryption: TLS/SSL in transit and AES-256 at rest
- Access Controls: Role-based access, strict password policies, and multi-factor authentication
- Auditing: Comprehensive logs of user access and activity aligned with HIPAA Security Rule requirements
- Infrastructure: Secure HIPAA-compliant cloud hosting with physical and electronic safeguards
5. Your Rights and Choices
Providers: You may update account information in platform settings and opt out of promotional emails, while still receiving required administrative and security notices.
Patients/Clients: As EasyMindCare acts as a Business Associate, requests to access, amend, or delete records must be directed to the Provider. We assist Providers in fulfilling these requests as required by law.
6. Data Retention
We retain Provider and Client Information while your account is active and as needed to provide the Service. If you cancel, you receive a 30-day export window. After that, data is securely wiped from active servers under HIPAA data destruction guidelines, while limited encrypted backups may persist until overwritten.
7. Contact Us
If you have questions about this Privacy Policy, security practices, or HIPAA compliance obligations, contact our Privacy Officer:
Email: [email protected]
Website: www.easymindcare.com