Privacy Policy

Information We Collect

We collect the following personal data:

How We Collect Data

Data is collected through the TheraPrac platform, which includes both web and mobile applications. While we use cookies on our website to improve functionality, we do not track or collect personally identifiable information via cookies.

How We Use Your Data

Your data will be used for the following purposes:

• Scheduling
• Billing
• Health records management
• Processing insurance claims
• Payment processing

HIPAA Compliance: Business Associate

From a HIPAA perspective, TheraPrac operates as a Business Associate to healthcare customers that qualify as Covered Entities. TheraPrac executes a Business Associate Agreement (BAA) with Covered Entity customers, which governs how Protected Health Information (PHI) is handled and the parties' respective HIPAA obligations. This Privacy Policy does not itself constitute a Business Associate Agreement.

Data Sharing

We may share your personal data with third parties only when necessary to provide our services:

• Insurance Providers & Clearing Houses: To process insurance claims
• Payment Processors: To process payments securely
• Other Third-Party Providers: We may use other third-party service providers (e.g., hosting or analytics services) to facilitate and support our services. All third parties are required to adhere to strict privacy standards

We do not sell or share your personal information with other third parties for marketing purposes.

Data Storage and Security

We implement the following measures to protect your data:

• Encryption: All sensitive data, including PHI and payment details, are encrypted in transit and at rest using industry-standard encryption protocols (e.g., TLS/SSL, AES-256).
• Secure Servers: Your data is stored on secure servers located in the United States, protected by firewalls and access control technologies.
• Access Control: Only authorized personnel have access to your data, and they receive regular data protection and privacy training.
• Backups: We perform regular backups and store them in secure off-site locations to ensure data recovery in case of incidents.
• Regular Audits: We conduct security audits and vulnerability assessments to ensure ongoing data protection.

Data Retention

TheraPrac retains personal data for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, accounting, or reporting obligations:

• PHI: Retained in accordance with customer instructions, applicable law, and the terms of the applicable Business Associate Agreement (BAA).
• Billing and Transaction Data: Retained for 7 years to comply with tax and accounting requirements.
• Inactive Accounts: Data from inactive accounts may be anonymized or deleted after 3 years, unless otherwise required by law.
• User-Requested Deletion: Users can request data deletion, and we will comply with such requests in accordance with legal requirements.

User Rights

Users have the following rights regarding their data:

• Access: Users can access their data via the application.
• Correction: Users can correct their data through the application.
• Deletion: Users can request data deletion, and we will comply where legally permitted, noting that some data may need to be retained for regulatory purposes.

Data from Minors

We may collect health data from minors only with parental or guardian consent, as required by law.

Use of Cookies and Tracking Technologies

We use cookies to enhance the functionality of our services. However, no personally identifiable information is collected through cookies.

Data Breach Notification

In the unlikely event of a data breach involving personal data, TheraPrac will provide notice as required by applicable law and contractual obligations. For incidents involving Protected Health Information (PHI) maintained on behalf of Covered Entity customers, breach and security incident notification obligations are governed by the applicable Business Associate Agreement (BAA).

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we make changes, we will notify you by updating the ‘Effective Date’ at the top of this page and, where appropriate, by sending an email notification. Please review this policy periodically for updates.

Contact Us

If you have any questions or concerns about this Privacy Policy, or if you would like to exercise your rights regarding your data, please contact us at:

TheraPrac Privacy Officer Email: privacy@theraprac.com