MediBrief, LLC Privacy Policy

At MediBrief, LLC we take your privacy and the protection of your personal and sensitive data very seriously. This Privacy Policy outlines how we collect, use, store, and safeguard your information when you interact with our services. As a provider of medical chronology and billing summary services, MediBrief, LLC is committed to complying with the California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and other applicable data protection regulations.

By using our website and services, you consent to the practices outlined in this Privacy Policy. If you do not agree to this policy, please discontinue using our services.

1. Information We Collect

We collect and process various types of information to provide our services effectively. This information may include:

  1. Personal Identification Information

    • Full name, mailing address, phone number, and email address.

    • Professional information such as company name, job title, and position.

  2. Medical and Billing Information

    • Health records, treatment details, and billing data, which are necessary to create accurate medical chronologies and billing summaries.

  3. Technical Information

    • IP addresses, browser types, time zone settings, and operating systems to help us analyze website performance and optimize the user experience.

  4. Payment Information

    • Payment details including credit/debit card information, billing address, and transaction records are collected through secure third-party payment processors.

  5. Communication Data

    • Records of correspondence and interactions with us, including any requests for customer service, feedback, or technical assistance.

2. How We Use Your Information

MediBrief, LLC uses the data we collect for several legitimate business purposes, including:

  • Service Delivery: We use personal, medical, and billing information to provide the services you request, such as the creation of medical chronologies and billing summaries.

  • Client Communications: We use your contact information to send notifications about service updates, account status, and critical communications regarding your requested services.

  • Payment Processing: We use billing and payment information to process service payments and manage billing inquiries. MediBrief, LLC does not store or process credit/debit card information in any way.

  • Compliance with Legal Obligations: We use and disclose personal data as required to comply with applicable laws, such as HIPAA and CCPA, and for fraud prevention and security monitoring.

  • Website Optimization: We use technical data to improve and maintain the functionality and security of our website and services.

3. Data Protection and Security

We prioritize the security of your data and take significant measures to protect it. These include:

  • Encryption: All sensitive data, including medical records and payment information, is encrypted both in transit and at rest using industry-standard encryption protocols.

  • Access Control: Only authorized personnel who have a legitimate need to access your information for service provision are granted access. Access to personal, medical, and billing data is controlled via secure authentication methods.

  • Auditing and Monitoring: We regularly monitor our systems for vulnerabilities and implement auditing procedures to ensure compliance with HIPAA, CCPA, and other applicable regulations.

  • Incident Response Plan: In the event of a data breach or security incident, we have a comprehensive response plan to address and mitigate risks, notify affected individuals, and comply with legal requirements for breach notification.

Although we take these precautions, no system is completely secure. We encourage you to use caution when sharing sensitive information online and to notify us immediately if you suspect any unauthorized access to your account.

4. Sharing and Disclosure of Data

We will never sell your personal information. However, we may share your data under the following circumstances:

  1. Service Providers

    We may share your information with trusted third-party service providers who assist us in operating our business, such as payment processors, IT support, and data storage vendors. These third parties are obligated to protect your data and are prohibited from using your information for any purpose other than providing services to MediBrief, LLC.

  2. Legal Obligations

    We may be required to share your information in response to legal requests, subpoenas, or court orders, or to comply with laws that apply to us. This includes sharing information with law enforcement agencies or regulatory authorities if required.

  3. Business Transfers

    If MediBrief, LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. In such cases, we will notify you and obtain your consent where required by law.

5. Retention of Data

We retain personal and client data (including, but not limited to, medical and billing information) until we receive an explicit request from the client or individual for the removal or deletion of such data, or as required by applicable law. Upon receipt of a valid deletion request, we will securely delete or anonymize the data in accordance with our data retention policies and relevant legal requirements.

6. Your Data Protection Rights

As a user of MediBrief, LLC services, you have several rights regarding the personal data we collect. These rights include:

  1. Right to Access

    You have the right to request access to the personal data we hold about you, along with details of how we process and use it.

  2. Right to Rectification

    You can request corrections or updates to your personal data if it is inaccurate or incomplete.

  3. Right to Erasure

    You have the right to request the deletion of your personal data, except where we are legally obligated to retain it (e.g., for regulatory purposes or ongoing legal matters).

To exercise any of these rights, please fill out our Data Protection Request Form, or contact us at privacy@medibrief.com. We will process your request within the legally mandated timeframes and provide information on how we have handled your request.

7. CCPA Compliance

As required by the California Consumer Privacy Act (CCPA), MediBrief, LLC is committed to protecting the privacy rights of California residents. Under CCPA, you have the following additional rights:

  1. Right to Know

    You have the right to know what personal information we have collected about you, including the specific pieces of information, how we have used it, and with whom it has been shared.

  2. Right to Delete

    You may request that we delete any personal information we have collected from you, subject to certain exceptions where the information is required for legal or regulatory purposes.

  3. Right to Opt-Out of Sale of Personal Information

    MediBrief, LLC does not sell personal information. However, you have the right to opt out of any future sale of your personal data should our practices change.

  4. Right to Non-Discrimination

    We will not discriminate against you for exercising your rights under CCPA, including by denying services or charging different prices for the same services.

To submit a CCPA request, please complete our Data Protection Request Form or email us at privacy@medibrief.com.

8. HIPAA Compliance

MediBrief, LLC fully complies with the Health Insurance Portability and Accountability Act (HIPAA) to ensure that your Protected Health Information (PHI) is secure and handled appropriately. We have implemented the necessary administrative, physical, and technical safeguards to protect your PHI and ensure compliance with HIPAA's stringent standards.

  1. HIPAA Privacy Rule

    We maintain the privacy of your PHI and will only use or disclose it for legitimate purposes, such as for medical summaries, with your authorization, or as required by law. We ensure that any third parties with whom we share your PHI are also HIPAA-compliant.

  2. HIPAA Security Rule

    We implement a variety of technical safeguards, including encryption and access control measures, to protect the confidentiality, integrity, and availability of PHI. These measures are designed to prevent unauthorized access, alteration, and disclosure of sensitive health information.

  3. Breach Notification Rule

    In the event of a data breach involving PHI, MediBrief, LLC will notify within 72-hours affected individuals, regulatory bodies, and other relevant authorities, as required by law. We take breaches seriously and will take the necessary steps to mitigate the effects of any breach.

9. Cookies and Tracking Technologies

We use cookies and other tracking technologies to enhance your experience on our website and to collect data about website usage. Cookies help us understand how you interact with our services and enable us to offer personalized content and services.

You may control or disable cookies through your browser settings; however, doing so may affect the functionality of certain features of the website. Please note that we do not currently respond to "Do Not Track" signals from web browsers.

10. Subprocessors

To deliver our products and services effectively, we engage with trusted third-party providers, known as subprocessors. These subprocessors assist in various operational, technical, and administrative tasks, ensuring the efficiency, reliability, and security of our offerings. For an up-to-date list of our critical subprocessors, including their roles and locations, please refer to the table below.

Name Role Location
AWS Cloud Platform USA
Bitbucket Code Repository USA
ClickUp Project Management USA
Google Workspace Email Provider USA
Slack Communication/Collaboration USA
Stripe Payment Processing USA

11. Children’s Privacy

Our services are intended for users who are at least 18 years of age. We do not knowingly collect or solicit personal data from individuals under the age of 18. If we learn that we have inadvertently collected personal information from a minor, we will take immediate steps to delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, or technology. We encourage you to review this policy regularly to stay informed about how we are protecting your data. Any updates to the policy will be posted on this page, and your continued use of our services constitutes acceptance of any changes.

13. Contact Information

If you have any questions or concerns about this Privacy Policy, your rights under CCPA or HIPAA, or how we handle your data, please feel free to contact us via email at: privacy@medibrief.com. By using MediBrief, LLC services, you acknowledge that you have read, understood, and agreed to this Privacy Policy and the terms set forth herein.