Therapia Software Privacy Policy
INTRODUCTION
This Privacy Policy (this “Policy”) applies to the software and information services Therapia Software (“we” or “us” or “our”, the “Company”) offers through our websites, our cloud-based electronic health record and practice management solutions, and web-enabled emails sent as part of, in connection with, or relating to such software and information services (collectively, our “Services”). This Policy does not apply to any other services. “Sites” or “Site” means the Company’s websites at therapiasoftware.com, therapiasupport.com, therapiaconnect.com, therapiabilling.com, therapiaclient.com, and therapiafamily.com
The purpose of this Policy is to describe how we and our partners collect, use, and share information about our users (“user” or “you”). This Policy may describe how our Services gather and use information about other individuals or information about you that may be submitted by another user. This Privacy Policy, however, only applies to how we and our partners collect, use, and share information about you with respect to the Services covered by our Therapia SaaS Agreement, Therapia Software Terms of Use, Therapia Software Healthcare Provider User Agreement (“Provider User Agreement”), Therapia Software Client Portal User Agreement, and Therapia Software Family Portal User Agreement, and not to any other service we may offer to any other individual or customer.
Some of our users – such as healthcare providers – are subject to laws and regulations governing the use and disclosure of health information they create or receive, including the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, together with the regulations adopted thereunder (“HIPAA”). When we store, process or transmit “individually identifiable health information” (as defined by HIPAA) on behalf of a healthcare provider who has entered into a Therapia Software Healthcare Provider User Agreement, we do so as its “business associate” (as also defined by HIPAA). Under this agreement, we cannot use or disclose individually identifiable health information in a way that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the individually identifiable health information we store and process on behalf of such providers. For the purpose of this Policy, the term “healthcare provider” means any user who is a “health care provider” (as defined by HIPAA) or any user who is a member of such health care provider’s “workforce” (as also defined by HIPAA). For additional information regarding our business associate obligations, please see our Therapia Software Healthcare Provider User Agreement.
INFORMATION COLLECTED BY OUR SERVICES
We may collect information about you in a variety of ways. The information we may collect on the Sites includes information you submit or we collect on your behalf:
Personal Data
Personally identifiable information, such as your name, address, email address, and telephone number, and demographic information, such as your age, gender, hometown, and interests, that you voluntarily give to us when you register with the Site or when you choose to participate in various activities related to the Site, such as online chat and message boards, when you complete a form, when you upload a document, image, or other data file on our Services when you Contact us or make a customer service request or attend one of our individual or group training sessions. You are under no obligation to provide us with personal information of any kind, however your refusal to do so may prevent you from using certain features of the Site.
Non-Personal Information
In some cases, we may collect information about you that is not personally identifiable. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.
Financial Data
Depending on the Services you use, we may also collect your billing information, including credit or debit card account information, or other forms of payment (“Payment Card Information”). By submitting your Payment Card Information, you expressly consent to the sharing of your information with third-party payment processers and other third-party services (including but not limited to vendors who provide fraud detection services to us and other third parties). These third parties may store your Payment Card Information for future use in our Services. We do not store your Payment Card Information, nor do we have direct control or responsibility for your Payment Card Information. The third party services that we utilize are contractually obligated to keep your Payment Card Information secure and confidential.
Data From Social Networks
User information from social networking sites, such as Facebook, Instagram, Twitter, including your name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks.
Mobile Device Data
When you interact with our Services, we collect information about your Device such as the URL of services your Device is requesting and the referring web pages, your IP address, Device type, operating system, browser type, application identifier, and, under certain circumstances, the location information your Device sends to us.
Third-Party Data
Information from third parties, such as personal information or network friends, if you connect your account to the third party and grant the Site permission to access this information.
Automatically Collected Information
We and our partners automatically gather information whenever you visit, log in, or otherwise interact with our Services, including when you receive emails delivered via our Services. We and our partners use the technologies described below and similar technologies that may not be expressly described (which we collectively call “Engagement Tools”) to gather this information to enhance and operate our Services in a number of ways, such as to:
- Save user preferences and information;
- Preserve session settings and activity;
- Authenticate users;
- Enable support and security features;
- Tailor the delivery of informational messages, media, advertising and other content; and
- Analyze the performance and use of our Services and its various features and content.
Even if you do not register with us or submit any information on our Services, our Engagement Tools will automatically receive information about, and the software running on, the computer, mobile phone, or tablet (each, a “Device”) you use to interact with our Services.
Cookies & Similar Technologies
We and our partners collect information about you and your Devices through cookies, web beacons, and similar technologies. A “cookie” is a small data file sent from a website and stored on your Device to identify your Device in the future and allow for an enhanced personalized user experience based on your previous activity on the website. A “session cookie” disappears after you close your web browser, or may expire after a fixed period of time. A “persistent cookie” remains after you close your web browser and may be accessed every time you use our Services. We and our partners may use both session and persistent cookies on our Services. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Services.
Some of our partners deploy these technologies directly on our Services. These third parties may collect information over time about your use of our Services, as well as your online activities across other websites or online services. Some third parties may allow you to opt-out of targeted advertising based on this information. You can find more information about these opt-outs from the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA).
Release of Information
The information we have obtained from you through your voluntary participation in our site may transfer to the new owner as a part of the sale in order that the service being provided to you may continue. In that event, you will receive notice through our website of that change in control and practices, and we will make reasonable efforts to ensure that the purchaser honors any opt-out requests you might make of us.
Information from Other Sources
We may receive or proactively gather information about you from other sources and add it to information we otherwise have about you for any purpose described in this Policy. This may include situations where a third party seeks to communicate with you through the Services or establish an “Integration” (as more fully describe below under the heading, Third Party Integrations).
HOW WE USE YOUR INFORMATION
We may use the information we collect for the following purposes:
- Create and manage your account.
- Operating our Services and developing new functionality and features;
- Responding to questions and communications, or obtaining your feedback about our Services;
- Administering and logging your participation in educational and informational programs, including webinars and other classes, and any product or support matters that may arise from such programs;
- Preparing and delivering announcements about features, functionality, terms of use, or other aspects of our Services or your interests and informing you about offers for services or products we believe may be of interest to you, including from third party sponsors;
- Providing you with more relevant content, including clinical support tools, assessments or medical-related information or services, patient support programs, advertising, or other programs appearing on our Services or third-party services;
- Analyzing usage trends and patterns and measuring the effectiveness of content, programs, advertising or the features or functionality of the Services, including emails that may be sent by us to you;
- Preparing reports for any of the purposes described in this Policy, including for current or future sponsors, advertisers or other partners to show utilization or trends about the use of our Services. Such reports may include demographic or other general user information, but will not include personally identifiable information unless the recipient has agreed to confidentiality obligations;
- Safeguarding and protecting our Services, the information we collect, and the rights of us, our users or third parties, and in response to legal process;
- We may use your Payment Card Information as stated in the “Payment Information” Section above;
- Any other purpose described in this Policy or your User Agreement; or
- When we otherwise have your permission.
HOW OUR SERVICES ALLOW USERS TO SHARE INFORMATION
One-on-One Communications
Our Services can be used to facilitate one-on-one communications between users and other persons. Examples include:
- Sending an appointment confirmation or other notification to another user;
- Making a referral to another healthcare provider;
- Sending a prescription to a pharmacy;
- Sending a test requisition to a clinical laboratory; or
- Sending a message to a patient.
In any one-on-one communication, users are sending information to one another or to an individual or entity who may not be a user of the Services. Depending on the message, this could include the sharing of contact and other personally identifiable information.
Directories:
If you are a healthcare provider who has entered into a Therapia Software Healthcare Provider User Agreement, you will have the ability to have your contact and directory information listed in one or more of our professional directories of healthcare providers on our Services that users and/or the general public may be able to view. These directories include profile information (e.g., contact, specialty and other information) and other features that allow users and/or the general public to locate and contact those listed in the directory.
If you visit our Services seeking to contact or schedule an appointment with a provider listed in one of our directories, you may need to submit personally identifiable and other information.
Public Forums:
Our Services may include public forums that allow users to communicate with groups of users or the general public. Information a user posts in one of our communities may be available to a wide range of individuals, and should be presumed public. We strongly advise users to exercise care in selecting what information they share with our communities or public forums, and strongly recommend against sharing any personally identifiable, health, or other sensitive information that could directly or indirectly be traced to any individual, including themselves.
Surveys, Feedback, Informational Programs:
From time to time you may receive survey requests through emails or displays within our Services that request feedback on a variety of topics. These programs may be sponsored or funded by third parties, and may include branded or unbranded content about medical conditions, treatments and products, or safety and regulatory information resources. If you choose to engage with or use one of these requests, you may be asked to provide information that may be used to supplement information that you submitted to our Services. This information may be shared with the sponsor of the program.
Records:
Our Services allow users to store personally identifiable and health information (“Records”), including Records that identify other individuals, including other users. Certain of our Services permit users to share all or portions of these Records at their discretion.
You should be aware that this Policy covers only the information you submit through our Services. If you contact or exchange information with another user in person or through a means other than our Services, such activity is not covered by this Policy. Because our Services enable users to share information you share with them, you should take care in selecting with whom you share your Records and other information. Although our Services process such transmissions, we are not responsible for the actions of persons with whom you share your Records and other information.
Emails and Other Communications:
Our Services allow users to communicate with others through our in-product instant messaging services, Service-branded emails, and other electronic communication channels. Communications that are sent by or on behalf of a user are indicated as being “From” that user, such as when our Services send an appointment notification from, and on behalf of, a healthcare provider to his or her patient. Additionally, we may communicate administrative or Service-related announcements through email or other communications within our Services. These communications may be “real time” communications or communications triggered automatically upon the occurrence of certain events or dates – such as a repeated sign-in failure or an appointment notification. Please note that you may not be able to opt out of receiving certain messages from us.
Emails and other communications from individuals who are not users of our Services, or that we send in connection with business agreements or subject matter other than the User Agreements, are not covered by this Policy. If, for example, you contact us regarding a job opening, that communication to us is not covered by this Policy even though that job opening may have been posted on our Services.
Third Party Integrations
Our Services may allow you to connect your account on our Services with third parties, such as when a healthcare provider seeks to integrate our electronic prescribing module into our partner’s national electronic prescribing network, or when a healthcare provider approves us integrating or linking his or her account with a third parties’ billing software (any such integration, an “Integration”). Integrations can also be initiated by third parties seeking to establish Integrations with you, such as when a clinical laboratory desires to transmit lab results directly into a healthcare provider’s electronic health record account rather than transmitting the result by fax or other means. Your use of these Integrations is entirely optional. Should you choose to utilize these Integrations, you may be prompted to give us permission to perform certain actions in your account, such as creating, updating or deleting certain information. Please note that if you choose to utilize any Integration, any information you elect to provide to third parties will be subject to whatever agreement you have with them, including, if applicable, their terms of use or privacy policy, and not this Policy. To disable an Integration, you can contact us through our support section.
DISCLOSURE OF YOUR INFORMATION
We may share information you submit to us with third parties under the following circumstances:
- When you choose to share such information through our Services, such as “one-on-one” communications between a provider and a patient or another healthcare provider;
- When your account has been issued by an account administrator with administrative rights over your account, your account administrator will have access to your account information;
- With third party service providers that have agreed to confidentiality obligations, which may include, as applicable, business associate contract obligations;
- If you are a healthcare provider who has entered into a Therapia Software Healthcare Provider User Agreement, we may share information with the third parties who are subject to confidentiality obligations that you have elected to establish Integrations with, or who seek to establish Integrations with you, and to facilitate, maintain and monitor the utilization of such Integrations;
- If you are a healthcare provider who has entered into a Therapia Software Healthcare Provider User Agreement, we may also share information with third parties who are subject to confidentiality obligations who are funding or administering certain branded or unbranded content about medical conditions, treatments and products, or safety and regulatory information resources, such as clinical decision support tools, patient savings offers, co-pay offset or discount programs, medication adherence programs, and other similar programs, and with sponsors of advertising appearing within our Services. The purposes of such sharing may include administration, recordkeeping or compliance obligations, and assessing the effectiveness or utilization of any such program;
- If you receive any honoraria or payment in connection with a survey or request for feedback, your information may be shared with the funding source or sponsor of such survey or program;
- When we share your Payment Card Information as described in the “Payment Information” Section above;
- To protect our Services, the information we collect, and the rights of us, our users, and any third parties, including to verify your identity;
- To detect, prevent, investigate, or address fraud, illegal activity, or violations of our terms and agreements;
- In response to legal process, such as a search warrant, court order, or subpoena, or when we have a good faith belief that the law requires us to do so;
- With our current and future subsidiaries or corporate affiliates or actual or potential investors;
- In connection with a potential or actual sale, merger, transfer, exchange, reorganization or other disposition (whether of assets, stock, or otherwise) of all or a portion of the business conducted by our Services. If such a transaction occurs, the acquiring company’s use of your information will remain subject to this Policy, as may be subsequently amended;
- Any other purposes described in this Policy or your User Agreement; or
- When we otherwise have your permission.
SECURITY OF YOUR INFORMATION
To help prevent unauthorized access, maintain data accuracy, and protect against the inappropriate use of the information we collect, store, and transmit, we deploy a range of technical, physical and administrative safeguards. Under our Therapia Software Healthcare Provider User Agreements, Therapia Software Client Portal User Agreement, or Therapia Software Family Portal User Agreement and applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of individually identifiable health information residing on, and processed by, those elements of our Services that we operate as a business associate on behalf of healthcare providers. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.
CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
THIRD PARTY SERVICES
This Policy applies only to our Services. It does not apply to services offered by third parties, including websites and other online services that our Services may display links to or to advertisements appearing within the Services. When you click on such links or advertisements, you will be visiting websites or interactive services operated by third parties, who have their own information collection practices and may also collect information through the use of Engagement Tools. We do not have control over how any third party collects or uses information, so you should review their privacy policies to learn of their practices.
CHANGES TO THIS POLICY
We believe in continuous innovation, which, along with changes in our business, may require that we amend this Policy from time to time. We will post a revised Policy along with its effective date on this page. Because this Policy can change at any time, we encourage you to reread it periodically to see if there have been any changes, amendments, or updates. If you object to the changes or any terms within this Policy or the Therapia Software Healthcare Provider User Agreements, Therapia Software Client Portal User Agreement, or Therapia Software Family Portal User Agreement, you should discontinue using our Services. Your continued use of our Services following the effective date means that you have consented to the Policy, as amended, changed, or updated.
VIEWING AND UPDATING YOUR INFORMATION
Account Information
Our Services aim to provide you with access to the information you submit and the means to update it within our Services consistent with applicable law. This can be accomplished by logging into our Services and updating that information, or contacting a customer support representative, although please be advised of the important limitations described below. Under certain circumstances, we may ask you to verify your identity before your request is processed.
Please note that, unless you have administrative rights over another user’s account pursuant to our Therapia Software Healthcare Provider User Agreements, Therapia Software Client Portal User Agreement, or Therapia Software Family Portal User Agreement, you are not entitled to access, update, or delete the content of another user’s account.
If you have used our Services to share information with another user or a third party, you will not be able to access, update, or delete that shared information. Further, if another user of our Services submits information that identifies you, you will not be able to access, update, or delete that information.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.
Certain users – such as healthcare providers – may be required under applicable laws or regulations to retain information about you for extended periods of time or indefinitely. Additionally, we may have independent obligations under applicable laws or regulations to retain such information indefinitely. Finally, for disaster recovery and business continuity purposes we may retain copies of data stored by our Services for indefinite periods of time.
HIPAA grants patients certain rights to access and amend certain health information that their healthcare providers retain about them. Patients should submit requests to access or amend their health information directly to their healthcare providers.
Emails and Communications
If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by:
- Noting your preferences at the time you register your account with the Site
- Logging into your account settings and updating your preferences.
- Contacting us using the contact information provided below
If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.
How You Can Correct or Remove Information
We provide this privacy policy as a statement to you of our commitment to protect your personal information. If you have submitted personal information through our website and would like that information deleted from our records or would like to update or correct that information, please click on our Contact Us page.
Agreeing to Terms
If you do not agree to our Therapia Software Privacy Policy, please do not use our Sites or any services offered by this Site and our Company.
Your use of this site indicates acceptance of this privacy policy.
CALIFORNIA RESIDENTS
If you are a California resident, you may be afforded certain additional rights under the California Consumer Privacy Act of 2018 regarding our use of your personal information. This is listed under Addendum A.
Contact Us: If you have questions regarding this Policy, please contact us at: Therapia Software LLC, Legal Department, 401 Westpark Court, Suite 200, Peachtree City, GA 30269, United States.
Addendum A
California Privacy Notice
Last Updated and Effective: February 20, 2022
INTRODUCTION
This California Privacy Notice (“Notice”) describes how Therapia Software LLC uses and discloses the Personal Information we collect from or about California residents.
This Notice applies to visitors, users, and others who reside in California and who use our websites, portals, and software, or otherwise interact with us online or offline (our “Services”). Before sharing your Personal Information with us or using our Services, please review this Notice carefully.
This Notice supplements the information contained in the privacy policies that we post on our Services (our “Privacy Policies”). Please review these Privacy Policies for general information about how we use and share the Personal Information we collect from or about you when you use the Services.
Throughout this Notice, “Therapia” refers to Therapia Software LLC, including its affiliated companies and subsidiaries (also referred to as “we” and “us”). Therapia primarily provides services to businesses, and we may collect Personal Information in the context of providing these services. As between Therapia and our business customers, our business customers are primarily responsible for how we use and disclose the Personal Information we collect in our role as a service provider. If Therapia maintains your Personal Information on behalf of one of our business customers, and you have questions about how we process your Personal Information, we may direct any inquiries about our use of your Personal Information to that customer.
PERSONAL INFORMATION WE COLLECT
We may collect information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”). Our Privacy Policies contain a general description of the types of Personal Information we collect. Specifically, we have and may collect the following categories of Personal Information:
Direct Identifiers, such as your name, email address, mailing address, IP address, online identifiers, and account information.
We typically collect this information directly from you in order to provide you access to certain information on our websites.
Internet Activity Information, such as your browsing history, search history, and browser information.
We typically collect this information from our use of cookies and other data collection technologies to help us design our website, to identify popular features, and for other managerial purposes.
Commercial Information, such as products and services purchased from us.
We typically collect this information directly from you in order to fulfill your transactions and provide you customer service.
Profile Information, such as information about your preferences and characteristics.
We typically collect this information directly from you in order to tailor our services and communications to you.
In addition to the purposes for collection described above, we have collected each of the above categories of Personal Information for the purpose of performing services for you and managing our relationship with you, which typically includes:
- Maintaining and servicing your account, including managing your preferences.
- Administering and improving our Services, including to run analytics, assess the quality of our Services, and for other related internal business purposes.
- Communicating with you and responding to inquiries you send to us.
- Sending you messages promoting our products and services.
- Complying with our legal, regulatory and risk management obligations, including establishing, exercising and/or defending legal claims.
HOW WE MAY SHARE AND SELL YOUR PERSONAL INFORMATION
We may share the categories of Personal Information we collect with third parties as described in our Privacy Policies. We may disclose the following categories of Personal Information to third parties: Direct Identifiers, Internet Activity Information, Commercial Information, and Profile Information. We do not sell your Personal Information. If we change our practices, we will update this Notice in accordance with Section 5
PRIVACY RIGHTS
You may be entitled to the following privacy rights under California law:
The right to know.
You have the right to request: (i) the specific pieces of Personal Information we have about you; (ii) the categories of Personal Information we have collected about you in the last 12 months; (iii) the categories of sources from which that Personal Information was collected; (iv) the categories of your Personal Information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your Personal Information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling Personal Information.
The right to deletion.
You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. Certain exceptions under the California law may allow Therapia to retain and use certain Personal Information notwithstanding your deletion request. If we deny your request for deletion, we will let you know the reason why.
The right to opt out of the sale of your Personal Information.
You have the right to opt out of the sale of your Personal Information. Therapia does not sell your Personal Information.
The right to equal service.
If you choose to exercise any of these rights, Therapia Software will not discriminate against you in anyway. If you exercise certain rights, understand that you may be unable to use or access certain features of Therapia Software Services.
You may exercise your right to know and your right to deletion twice a year free of charge. To exercise your right to know or your right to deletion, contact us at privacy@therapiasoftware.com.
We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Shine the Light – Third Party Marketing.
You may request and obtain from Therapia once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us at privacy@therapiasoftware.com.
Agreeing to Terms
If you do not agree to our Therapia Software Privacy Policy, please do not use our Sites or any services offered by this Site and our Company.
Your use of this site indicates acceptance of this privacy policy.
UPDATES
We may update this Notice from time to time. When we update this Notice, we will post the changes on our Services and update the “Last Updated” date on this page. We encourage you to check this Notice regularly for changes. If we make any material changes to this Notice, we may notify you before they take effect either through the Services or by sending you a notification. Unless otherwise noted, any changes we make to this Notice will become effective immediately once posted on this page. Your continued use of the Services following any changes to this Notice indicates that you have read, agree to, and understood the practices described in the revised Notice.
LAST UPDATED 08/4/2022