HIPAA Notice of Privacy Practices

Practice Bytes, PracticeBytes.com
1801 NE 123rd Street, Suite 324
North Miami, FL 33181
1(800) 417-6563
[email protected]


How We Collect Information About You

PracticeBytes.com and its softwares/websites/employees collect data through a variety of means including but not necessarily limited to digital forms, phone calls, emails, voicemails, and from the submission of applications that are requesting an appointment between a patient and a doctor/health professional or clinic.

What We Do Not Do With Your Information:

Information about your financial situation and medical conditions and care that are being obtained using our software or via email/internal messaging system, contained in or attached to applications, or directly or indirectly given to us, is held in strictest confidence, however, the information collected does not regard to patient conditions, treatments or diagnosis. Our software, when used by a healthcare professional in accordance to our terms and agreement, is not to be used to collect information about a patient besides name, address, email and phone number.

We do not give out, exchange, barter, rent, sell, lend, or disseminate any information about applicants, clients or patients that interacts with health care professionals using our digital assets, who apply for or actually receive our services that are considered patient confidential, restricted by law, or specifically restricted by a patient/client in a signed HIPAA consent form.

Information We Collect

Our website collects anonymous analytics information about website and software traffic, usability and actions taken by our customers and patients using health care professionals using our software. This information is for marketing and improvement purposes and does not get sold, shared or traded to anyone outside our organization or partner companies that help in the functionality of our digital assets.

Limited Right to Use Non-Identifying Personal Information From Biographies, Letters, Notes, and Other Sources:

Any pictures, text content, letters, correspondence, or any other method of communication between a health professional and a patient, is the sole responsibility of the health professional. We reserve the right to use non-identifying information about users (those who receive services or goods from or through us) for analytic report purposes.

Clients will not be compensated for use of this information and no identifying information (photos, addresses, phone numbers, contact information, last names or uniquely identifiable names) will be used without the client’s express advance permission.

Content

Any information collected using our digital assets (websites, forms, software on our systems or at our client's websites) are being collected with the full content of the user (patient/doctor/heath professional). Information we might collect are:

Name, email, telephone, geographical location, gender, age (birth date) and reasons for an appointment request.

Hosting

Our data centers and hosting partner (Digital Ocean) is secured and compliant with Hipaa rules.

  • Our NYC1 facility is SSAE16 SOC-1 Type II certified.
  • Our NYC2 facility is SSAE16 SOC-2 Type II certified.
  • Our NYC3 facility is SSAE16 SOC-2 and SOC-3 compliant.
  • Our AMS1 and AMS2 facilities are ISO27001:2005 and ISO9001 certified.
  • Our AMS3 facility is ISO9001, ISO27001, and SSAE16 Type II certified
  • Our SFO1 facility is SSAE16 SOC-1 Type II certified.
  • Our SGP1 facility is ISO27001:2005 certified.
  • Our LON1 facility is ISO9001:2008, ISO27001, and SSAE16 / ISAE 3402 certified.

Hosting partner security certifications

ISO/IEC 27001:2013 Certification

 

ISO/IEC 27001:2013 Certification

DigitalOcean is certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, DigitalOcean has demonstrated a commitment to protecting sensitive customer and company information. That commitment doesn’t end with a compliance framework, but is necessary baseline for security. Our ISO/IEC 27001:2013 certificate can be viewed here.

EU-U.S. and Swiss-U.S. Privacy Shield Certification

 

EU-U.S. and Swiss-U.S. Privacy Shield Certification

We are an active participate in and comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce and the European Commission. The framework provides DigitalOcean a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.

You can find more information about our commitment to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks in our Privacy Policy. Our active participation and certification in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks can be viewed on their website located here.