Privacy Policy

Last Updated: 2/15/2025

HippaTherapy, a product of Open7 (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy and maintaining the security of protected health information (PHI). This Privacy Policy explains how we collect, use, and safeguard information when you use our Electronic Health Record (EHR) system, Practice Management software, and related software services available through HippaTherapy (collectively, the “Services”).

Information We Collect

Practice and Administrative Information

We collect information about healthcare practices and administrators, including:

  • Practice name and contact information
  • Administrator and staff credentials
  • Business Associate Agreements
  • Billing and payment information
  • System access logs and audit trails
  • Practice configuration settings

Protected Health Information (PHI)

As a HIPAA-compliant service provider, we may collect and process PHI including:

  • Patient demographic information
  • Medical records and history
  • Treatment plans and notes
  • Appointment schedules
  • Insurance and billing information
  • Clinical documentation
  • Patient communication records

Technical and Usage Information

We collect system usage data, including:

  • Access logs and authentication records
  • Feature usage patterns
  • Device and browser information
  • Network and connection data
  • Error reports and performance data
  • Integration configuration data

How We Use Your Information

Practice and Administrative Data

We use this information to:

  • Provide and maintain our Services
  • Process payments and manage subscriptions
  • Communicate system updates and notices
  • Provide technical support
  • Analyze usage patterns for improvement
  • Ensure compliance with agreements
  • Generate anonymized analytics

Protected Health Information

PHI is used solely for:

  • Providing healthcare services through our platform
  • Facilitating insurance and billing processes
  • Supporting patient care and communication
  • Maintaining required medical records
  • Complying with legal obligations

Data Security Measures

We implement comprehensive security measures including:

  • Two-factor authentication
  • Regular security audits and penetration testing
  • Automated threat detection
  • Disaster recovery procedures
  • Employee security training

HIPAA Compliance

As a Business Associate under HIPAA, we:

  • Maintain HIPAA compliance programs
  • Provide Business Associate Agreements
  • Conduct regular risk assessments
  • Report security incidents as required
  • Train staff on HIPAA requirements
  • Maintain audit logs of all PHI access

Data Retention

  • PHI is retained according to state and federal requirements
  • Practice data is maintained throughout active subscriptions
  • System logs are retained for security and compliance
  • Data deletion requests are honored as permitted by law
  • Backup retention follows industry standards

Your Rights

Healthcare providers have the right to:

  • Access practice and patient data
  • Request data exports
  • Modify practice information
  • Receive security incident notifications
  • Obtain audit logs
  • Request data deletion (subject to retention requirements)

Patients retain all rights under HIPAA and applicable laws.

Third-Party Services

We may integrate with:

  • Payment processors
  • Healthcare clearinghouses

All third-party services must meet our security requirements and sign appropriate agreements.

International Data Transfer

  • Data is primarily stored in U.S.-based data centers
  • International transfers follow applicable regulations
  • Additional safeguards apply for cross-border transfers

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated directly to practice administrators with 30 days notice.

Contact Information

For privacy-related inquiries:

For HIPAA-related concerns: Open7 LLC [email protected]