Privacy Policy

Effective Date:01 April 2024

Introduction

orionmdai.com ("we," "us," "our") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy outlines the types of personal data we collect, how we use it, and the measures we take to ensure its security. By using our website and services, you agree to the collection, use, and disclosure of your data as outlined in this policy. Please take the time to read this policy carefully.

1. Information We Collect

We collect various types of information to provide and improve our services. These types of information include:

1.1 Personal Information

This includes data that can personally identify you, such as:

  • Identity Information: Name, email address, phone number, etc.
  • Account Credentials: Username, password, and other account information you provide during registration or account management.
  • Payment Information: Billing details such as credit card numbers, billing address, and transaction history for processing payments.

1.2 Medical Data (Protected Health Information - PHI)

As part of our medical scribe services, we may collect and process health-related information that is considered Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). This data is necessary to generate accurate SOAP notes for medical professionals and is collected through user submissions. PHI may include:

  • Patient medical history, diagnoses, treatment plans, and other health-related data.
  • Any personal health data you provide as part of medical records.

1.3 Usage Data

We collect technical information about your usage of our website, which may include:

  • Device and Browser Information: Information about your device, operating system, browser type, and IP address.
  • Usage Information: Data regarding your interaction with the website, such as pages visited, time spent, and features used.
  • Cookies: We use cookies and similar tracking technologies to enhance your experience. For more information, please refer to our Cookie Policy below.

2. How We Use Your Information

Your information is used for the following purposes:

  • To Provide Services: We use your personal and medical data to generate accurate SOAP notes and fulfill our service offerings, including processing medical scribe data for healthcare providers.
  • To Process Payments: Your payment information is used to process transactions and manage subscriptions for our services through our payment partner, FastSpring.
  • To Improve Our Services: Usage data helps us understand how users interact with our website, allowing us to optimize performance, enhance the user interface, and fix bugs.
  • To Communicate with You: We may send you emails, notifications, or other communications related to your account, service updates, or changes to our privacy policy and terms of service.
  • To Comply with Legal Obligations: We may use or disclose your information to comply with applicable laws, regulations, or legal processes, such as in response to subpoenas or other governmental requests.

3. How We Share Your Information

We respect your privacy and do not sell or rent your personal information to third parties. However, we may share your information in the following circumstances:

3.1 Service Providers

We may share your information with third-party vendors who perform services on our behalf, such as payment processing, website hosting, customer support, and data analytics. These third-party service providers are bound by contracts to protect your information and may only use it for the purposes for which it was shared.

3.2 Legal Requirements

We may disclose your information if required to do so by law, including in response to subpoenas, court orders, or other legal processes. This may include disclosing information to comply with regulatory requirements or to protect our legal rights and interests.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal and medical information may be transferred to the new owner or entity. In such cases, we will ensure that the recipient follows the privacy practices outlined in this policy or provides an adequate level of protection for your data.

4. Data Security

We take the security of your data seriously. We implement administrative, technical, and physical security measures designed to protect your personal and medical data from unauthorized access, alteration, or disclosure. These measures include:

  • Encryption: Sensitive data, including payment and medical data, is encrypted during transmission.
  • Access Controls: We restrict access to personal and medical data to authorized personnel only.
  • Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify potential risks and ensure that our systems remain secure.

While we strive to protect your data, no security system is completely infallible. By using our services, you acknowledge that no data transmission method or electronic storage system is guaranteed to be 100% secure.

5. Retention of Data

We retain your personal and medical data for as long as necessary to provide our services, comply with legal obligations, and resolve disputes. If you wish to request the deletion of your data, you may contact us as described in the "Your Rights" section below.

After the retention period expires, we will either anonymize or securely delete your personal and medical information in accordance with applicable laws and regulations.

6. Your Rights

As a user, you have certain rights regarding your personal and medical data, including:

  • Access: You have the right to request access to the personal and medical data we hold about you.
  • Correction: You can request that we update or correct any inaccurate or incomplete data.
  • Deletion: You may request the deletion of your personal and medical data, subject to legal exceptions (e.g., for data retention purposes).
  • Data Portability: You have the right to request a copy of your data in a commonly used electronic format for transfer to another service provider.
  • Opt-Out: You can opt out of receiving marketing communications from us at any time.

If you would like to exercise any of these rights, please contact us at [email protected].

7. HIPAA Compliance

We are committed to complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in order to protect the privacy and security of your health information. We follow the HIPAA Privacy Rule, which establishes standards for the protection of health information, including your personal health records.

We implement safeguards to ensure that your health information is securely handled, and we provide access to medical professionals with the necessary permissions. By using our services, you acknowledge that you are providing us with PHI and consent to our handling of such data in accordance with HIPAA requirements.

8. Cookies and Tracking Technologies

We use cookies and other tracking technologies to enhance your experience on our website. Cookies are small files that are stored on your device and allow us to remember your preferences and provide a more personalized experience.

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of certain features on our website.

9. International Transfers of Data

As part of our operations, your data may be transferred to, and maintained on, computers located outside of your state, province, or country. By using our services, you consent to the transfer and processing of your data in countries outside your home country, which may not have the same data protection laws as your country.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the updated policy will become effective immediately upon posting. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, or if you wish to exercise your rights under this policy, please contact us at:

Email: [email protected]