Privacy Policy

Last Updated: June 17, 2025

SmartClinX (“we,” “our,” or “us”) is committed to protecting the privacy and security of all information entrusted to us, including Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

This HIPAA-friendly Privacy Policy describes the types of information we collect, how we use it, how we protect it, and under what circumstances we may disclose it.

By using our website or services, you agree to the terms outlined below.

1. Information We Collect

We may collect two primary types of information:

A. Personal Information (Non-PHI)

This includes information voluntarily provided by website visitors, potential clients, and practice administrators, such as:

  • Name

  • Email address

  • Phone number

  • Practice details

  • Payment and billing information

  • Messages submitted through forms or email

B. Protected Health Information (PHI)

As a business associate to healthcare providers, we may receive or handle PHI only when necessary to perform contracted services. PHI may include:

  • Patient names

  • Contact information

  • Appointment details

  • Insurance details

  • Medical record numbers

  • Prescription or pharmacy-related information

  • Information contained in faxes, emails, portals, EHR/EMR platforms

We do not collect PHI directly through this website. PHI is only received from covered entities (healthcare providers) for the purpose of providing contracted services.

2. How We Use Information

We use personal data and PHI strictly for the following purposes:

A. For Non-PHI Personal Information

  • Responding to inquiries

  • Scheduling discovery calls

  • Setting up accounts

  • Processing payments

  • Administrative communication

  • Improving website functionality

B. For PHI (HIPAA-Regulated)

PHI is used solely to perform services outlined in the service agreement or Business Associate Agreement (BAA), including:

  • Scheduling and coordinating patient appointments

  • Insurance verification or appeals support

  • Processing patient communications

  • Billing-related administrative tasks

  • EHR management and data entry

  • Managing patient-specific requests authorized by the provider

We do not use PHI for marketing, sales, or any other unauthorized purpose.

3. Disclosure of Information

We strictly limit disclosure of information and PHI.

A. Disclosure of Personal Information

We may share non-PHI personal information with:

  • Website support providers

  • Payment processors (e.g., Stripe)

  • Email or scheduling platforms

These partners receive the minimum necessary information required to perform their tasks.

B. Disclosure of Protected Health Information

PHI is only disclosed under the following conditions:

1. To the Covered Entity (Your Practice)

We send, receive, and manage PHI only as needed to fulfill assigned tasks.

2. To Authorized Personnel

PHI may be disclosed to SmartClinX team members who are:

  • HIPAA-trained

  • Authorized under internal access protocols

  • Required to access PHI to perform tasks

3. For Legal or Compliance Purposes

PHI may be disclosed only when required to:

  • Comply with federal or state laws

  • Respond to lawful requests from regulatory authorities

  • Prevent or respond to security incidents

We do not disclose PHI for any other reason.

4. Data Protection & Security

We implement administrative, technical, and physical safeguards consistent with HIPAA requirements, including:

  • Encrypted communication channels (SSL/HTTPS)

  • Encrypted storage where applicable

  • Limited access to PHI (only to necessary personnel)

  • Password protection & two-factor authentication

  • Secure login procedures for EHR and practice systems

  • HIPAA-compliant training & policies for all staff

  • Regular system monitoring and cybersecurity updates

  • No PHI storage on unsecured local devices

  • No use of personal emails or unencrypted communications for PHI

We also rely on HIPAA-compliant third-party systems where appropriate (EHR platforms, secure phone systems, etc.).

5. Data Retention

We only retain PHI as long as necessary to:

  • Perform contracted services

  • Comply with legal record-keeping requirements

  • Resolve operational issues

At the termination of services, PHI is returned to the covered entity or securely deleted in accordance with HIPAA retention and disposal standards.

6. Patient Rights (Handled Through the Provider)

As a Business Associate, SmartClinX does not release PHI directly to patients.

Any patient request for:

  • Access to PHI

  • Amendment of their records

  • Accounting of disclosures

  • Restrictions or confidential communications

must be directed to the covered entity (the healthcare provider). We support the provider in fulfilling such requests as required under HIPAA.

7. Cookies & Website Tracking

Our website may automatically collect non-PHI technical data such as:

  • Browser type

  • Device data

  • IP address

  • Pages visited

This information is used solely to improve site performance, analytics, or troubleshooting.
No PHI is collected through cookies or tracking tools.

8. Third-Party Links

Our website may contain links to external sites. We are not responsible for their privacy practices or security measures. Users should review the privacy policies of third-party websites before providing any information.

9. Changes to This Privacy Policy

We may update this policy from time to time to reflect regulatory changes, security improvements, or service adjustments. Updated versions will be posted on our website with the effective date.

10. Contact Information

For questions regarding this HIPAA-friendly Privacy Policy or how information is handled, please contact us:

SmartClinX – Compliance & Privacy Department
Email: support@smartclinx.com
Website: www.smartclinx.com

SmartClinX
Email: support@smartclinx.com
Phone: (407) 270-0422