Request Demo
Login

Privacy Policy 

Effective Date: October 23, 2025 
Last Updated: October 23, 2025 

Introduction 

EHR360 (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic medical records platform and related services (the “Services”). 

This Privacy Policy complies with the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and other applicable U.S. federal and state privacy laws. 

Information We Collect 

Personal Information 

  • Name, email address, phone number, and contact details 
  • Account credentials and login information 
  • Payment and billing information 
  • Professional credentials and licenses (for healthcare providers) 
  • Clinic or practice information 

Protected Health Information (PHI) 

When you use our Services as a healthcare provider, you may input, store, or transmit PHI about your patients, including: 

  • Patient demographics and contact information 
  • Medical history and diagnoses 
  • Treatment plans and clinical notes 
  • Prescription and medication records 
  • Laboratory and diagnostic test results 
  • Insurance and billing information 
  • Any other health-related information 

Usage and Technical Information 

  • IP address and device information 
  • Browser type and operating system 
  • Pages visited and features used 
  • Date and time of access 
  • Cookies and similar tracking technologies 
  • Log data and analytics information 

How We Use Your Information 

For Healthcare Providers 

  • Provide and maintain the EHR platform and Services 
  • Enable patient record management and clinical workflows 
  • Facilitate appointment scheduling and patient communications 
  • Process billing and payments 
  • Generate reports and practice analytics 
  • Provide customer support and technical assistance 
  • Improve and optimize our Services 
  • Comply with legal and regulatory requirements 

For Patients 

  • Enable secure access to your health records through the patient portal 
  • Facilitate communication with your healthcare providers 
  • Send appointment reminders and notifications 
  • Process payments for healthcare services 
  • Respond to your inquiries and support requests 

Legal Basis for Processing 

We process PHI only as permitted by HIPAA and as necessary to: 

  • Provide healthcare services and treatment 
  • Process payments and billing 
  • Conduct healthcare operations 
  • Comply with legal obligations 
  • Fulfill our contractual obligations as a Business Associate 

Information Sharing and Disclosure 

We Do Not Sell Your Information 

We do not sell, rent, or trade your personal information or PHI to third parties for marketing purposes. 

Permitted Disclosures 

We may share your information in the following circumstances: 

With Healthcare Providers: PHI is shared among authorized users within your clinic or practice as necessary for treatment, payment, and healthcare operations. 

With Business Associates: We may share information with third-party service providers who assist us in operating our platform (e.g., cloud hosting, payment processing, analytics). These parties are bound by Business Associate Agreements and are required to protect PHI in accordance with HIPAA. 

For Legal Compliance: We may disclose information when required by law, including: 

  • In response to court orders, subpoenas, or legal processes 
  • To comply with regulatory investigations or audits 
  • To report suspected abuse, neglect, or domestic violence as required by law 
  • To prevent or address fraud, security, or technical issues 

For Public Health and Safety: As permitted by HIPAA, we may disclose PHI: 

  • To public health authorities for disease prevention and surveillance 
  • To report adverse events related to medical devices or medications 
  • To prevent or control disease, injury, or disability 
  • To avert a serious threat to health or safety 

With Your Consent: We may share your information with third parties when you provide explicit consent. 

Data Security 

We implement robust physical, technical, and administrative safeguards to protect your information: 

Technical Safeguards 

  • End-to-end encryption for data in transit and at rest 
  • Secure socket layer (SSL) technology 
  • Multi-factor authentication 
  • Regular security assessments and penetration testing 
  • Intrusion detection and prevention systems 

Administrative Safeguards 

  • Strict access controls and role-based permissions 
  • Employee training on HIPAA compliance and data security 
  • Business Associate Agreements with all vendors 
  • Incident response and breach notification procedures 
  • Regular security audits and risk assessments 

Physical Safeguards 

  • Secure data centers with 24/7 monitoring 
  • Redundant backup systems 
  • Disaster recovery and business continuity plans 

Data Retention 

We retain your information for as long as necessary to: 

  • Provide the Services and fulfill the purposes described in this Privacy Policy 
  • Comply with legal and regulatory requirements (typically 7-10 years for medical records) 
  • Resolve disputes and enforce our agreements 

Healthcare providers using our Services are responsible for determining appropriate retention periods for patient records in accordance with applicable laws and professional standards. 

Your Privacy Rights 

HIPAA Rights 

If you are a patient, you have the right to: 

  • Access your health records 
  • Request corrections to your health information 
  • Receive an accounting of disclosures of your PHI 
  • Request restrictions on uses and disclosures of your PHI 
  • Request confidential communications 
  • Receive a paper copy of this Privacy Policy 

To exercise these rights, please contact your healthcare provider directly, as they are the covered entity responsible for your PHI. 

General Privacy Rights 

You have the right to: 

  • Access the personal information we hold about you 
  • Request correction of inaccurate information 
  • Request deletion of your account and associated data (subject to legal retention requirements) 
  • Opt out of marketing communications 
  • Disable cookies through your browser settings 

California Residents 

Under the California Consumer Privacy Act (CCPA), California residents have additional rights, including the right to know what personal information is collected and how it is used. However, HIPAA-regulated health information is exempt from CCPA requirements. 

Cookies and Tracking Technologies 

We use cookies and similar technologies to: 

  • Maintain your login session 
  • Remember your preferences 
  • Analyze usage patterns and improve our Services 
  • Ensure security and prevent fraud 

You can control cookies through your browser settings, but disabling cookies may affect the functionality of our Services. 

Children’s Privacy 

Our Services are not intended for individuals under the age of 18, except when accessing their own health records through the patient portal with parental consent. We do not knowingly collect personal information from children without parental authorization. 

International Data Transfers 

Our Services are primarily intended for use in the United States. If you access our Services from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated. 

Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by: 

  • Posting the updated Privacy Policy on our website 
  • Sending email notifications to registered users 
  • Displaying a prominent notice within the Services 

Your continued use of the Services after such modifications constitutes your acknowledgment and acceptance of the updated Privacy Policy. 

Contact Us 

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: 

EHR360 
Privacy Officer 
Email: privacy@ehr360.com 
Phone: 865-474-7559
Address: Healthcare Innovation Center

For HIPAA-Related Requests: 
If you believe your privacy rights have been violated, you may file a complaint with: 

  • Our Privacy Officer (contact information above) 
  • U.S. Department of Health and Human Services Office for Civil Rights 

You will not be retaliated against for filing a complaint. 

Business Associate Role 

EHR360 acts as a Business Associate under HIPAA when providing Services to covered entities (healthcare providers). We enter into Business Associate Agreements with our healthcare provider clients, which govern our handling of PHI and establish liability for breaches and compliance obligations. 

Healthcare providers remain the covered entities responsible for their patients’ PHI and must ensure their own HIPAA compliance when using our Services. 

 

Acknowledgment: By using EHR360’s Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. 

The All-in-One AI EHR for Modern Clinics.

Quick Links

Support

Company Policies

© 2025 EHR360. Powered by IntelliMed AI & Hawk Health 360.