Logo

Privacy Policy for DocPro

Effective Date: 01/01/2025

At DocPro, a product of AIHCON, we are committed to protecting the privacy and security of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in compliance with HIPAA (Health Insurance Portability and Accountability Act) and The Campaign Registry (TCR) compliance requirements.

1. Information We Collect

1.1. Personally Identifiable Information (PII)

  • Full Name
  • Contact Information (Email Address, Phone Number)
  • Address (if provided by the user)
  • Login Credentials (For registered users only)

1.2. Health-Related Information (Protected Health Information - PHI)

  • Patient Demographics (Name, DOB, Gender, Insurance Information)
  • Diagnosis and Treatment Details
  • Prescriptions and Medications
  • Lab Results and Imaging Reports
  • Clinical Notes, Progress Notes, and Medical History
  • Referral and Consult Notes

1.3. Communication and SMS Information

  • Opt-in and Opt-out records for SMS messaging
  • Logs of SMS messages sent for appointment scheduling, reminders, lab notifications, and billing updates
  • Consent information related to SMS communications

1.4. Automatically Collected Information

  • Device Information (IP Address, Browser Type, Device Type)
  • Log Data (Access Time, Pages Visited, Interaction with Website/Portal)
  • Cookies and Tracking Data (Used for authentication and security purposes)

2. How We Process Your Information

2.1. Healthcare Operations and Services

  • Secure patient data management within HIPAA-compliant standards
  • AI-powered medical charting and documentation assistance
  • Managing referrals, insurance eligibility, and medical claims
  • Seamless electronic health record (EHR) integration

2.2. Communication and Notifications

  • SMS and Email notifications for appointment reminders, post-visit instructions, billing updates, and lab results
  • Provider-to-patient communication for medical consultations and follow-ups
  • Notifications regarding updates to our services

2.3. Compliance with Legal and Regulatory Requirements

  • Ensuring adherence to HIPAA and state healthcare privacy laws
  • Maintaining logs and documentation for regulatory audits
  • Preventing fraud, abuse, and unauthorized access to patient data

3. When and With Whom We Share Your Personal Information

3.1. Strict Non-Disclosure Policy

We do not share, sell, rent, or disclose your personal information—including your phone number or any other details—with any third party under any circumstances. Your data remains strictly confidential and is not shared for marketing, analytics, or any other purpose.

3.2. Legal Compliance

We may disclose your personal information only if legally required by a valid request from a government authority (e.g., a court order or regulatory agency request). In such cases, we comply strictly with applicable laws and ensure the request is legally binding before disclosing any information.

3.3. Business Continuity

In the event of a merger, acquisition, or asset sale, we will ensure that your personal information remains protected under the same confidentiality standards. If a transfer is necessary, we will notify you in advance and provide details on how your information will be handled.

4. SMS Consent and Compliance with TCR

4.1. SMS Messaging Policy

By opting into SMS services, you consent to receive healthcare-related messages, including:

  • Appointment scheduling and reminders
  • Post-visit follow-ups and lab notifications
  • Insurance and billing updates
  • No promotional or marketing messages will be sent

4.2. Opt-In and Opt-Out Policy

You may opt-in via web forms, patient portals, or verbal consent at the practice. You may opt out at any time by replying STOP to any SMS message. To get help, reply HELP, or contact us at [email protected].

4.3. SMS Consent Restrictions

  • SMS consent is never shared with third parties for marketing purposes
  • All messages are transmitted via compliant SMS systems
  • We adhere to TCPA (Telephone Consumer Protection Act) regulations

5. Data Security and HIPAA Compliance

5.1. Security Safeguards

  • Encryption: All patient data is encrypted in transit and at rest.
  • Access Controls: Role-based access ensures that only authorized personnel can access PHI.
  • Audit Logs: Every access and modification to patient records is logged.
  • Two-Factor Authentication (2FA): Required for accessing sensitive information.

5.2. Breach Notification

In the event of a data breach involving PHI, we will notify affected individuals and relevant authorities as required by the HIPAA Breach Notification Rule.

6. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the effective date.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us: