Back to home

Privacy Policy

Last updated: March 1, 2026

1. Introduction

PRACTIS Health, Inc. ("Company," "we," "our," or "us") is committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our AI-powered practice management platform at practis.health and related services (collectively, the "Services").

As a platform serving healthcare providers, we understand the critical importance of data privacy. We are committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA), state privacy laws, and industry best practices for healthcare data protection.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, professional credentials, practice name, NPI number, and contact information. This information is necessary to provide the Services and verify your identity as a licensed healthcare provider.

2.2 Protected Health Information (PHI)

In the course of providing the Services, we process PHI on your behalf, including but not limited to: patient names, dates of birth, diagnosis codes, treatment records, insurance information, billing data, clinical notes, and audio recordings of clinical encounters. We process PHI solely as your Business Associate under HIPAA and our Business Associate Agreement.

2.3 Usage Data

We automatically collect information about how you interact with the Services, including: pages visited, features used, session duration, device type, browser type, IP address, and referring URLs. This data is used to improve the Services and is not linked to PHI.

2.4 Voice and Audio Data

When you use our voice documentation features, audio recordings are captured and transmitted to our processing infrastructure for transcription. Audio data is encrypted in transit and at rest. Recordings are deleted after processing unless you opt into the backup feature.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Services, including AI-powered documentation, authorization, billing, and scheduling features.
  • Process and transcribe voice recordings into clinical documentation drafts.
  • Generate prior authorization submissions, billing pre-scrubs, and compliance checks.
  • Communicate with you about your account, service updates, and support requests.
  • Monitor and analyze usage patterns to improve performance and user experience.
  • Detect, prevent, and address technical issues and security threats.
  • Comply with legal obligations, including HIPAA requirements.

4. How We Protect Your Information

4.1 Encryption

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Database encryption keys are managed through industry-standard key management services with automatic rotation.

4.2 Access Controls

We implement role-based access controls (RBAC) to ensure that only authorized personnel can access sensitive data. All access to PHI is logged and audited. Employee access to production systems requires multi-factor authentication.

4.3 Infrastructure Security

Our infrastructure is hosted in SOC 2 Type II-certified data centers within the United States. We conduct regular security assessments, penetration testing, and vulnerability scanning. Our incident response plan is tested and updated annually.

4.4 AI Model Training

We do not use your PHI, clinical data, or audio recordings to train AI models. Our AI capabilities are powered by pre-trained models that are fine-tuned using de-identified, synthetic, or publicly available healthcare data only.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information or PHI. We may share information only in the following circumstances:

  • Service Providers: We share data with third-party processors (e.g., cloud hosting, speech-to-text services) that are bound by Business Associate Agreements and contractual data protection obligations.
  • Payer Submissions: When you use our authorization and billing features, we transmit data to insurance payers on your behalf and at your direction.
  • Legal Requirements: We may disclose information when required by law, court order, or government regulation, or when necessary to protect the rights, safety, or property of the Company, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such transfer.

6. Data Retention

We retain your account information and clinical data for as long as your account is active. Upon account termination, we retain your data for 90 days to allow for export, after which it is securely deleted. Audio recordings are deleted immediately after transcription processing unless you have enabled the backup feature.

We may retain de-identified, aggregated data indefinitely for analytics and service improvement purposes. De-identified data cannot be used to identify any individual patient or provider.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data Portability: Request an export of your data in a standard, machine-readable format.
  • Restriction: Request that we limit the processing of your personal information in certain circumstances.
  • Objection: Object to the processing of your personal information for certain purposes.

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 business days.

8. HIPAA Compliance

We comply with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. We enter into a Business Associate Agreement (BAA) with every customer before processing any PHI. Our HIPAA compliance program includes:

  • Designated Privacy Officer and Security Officer.
  • Annual risk assessments and security audits.
  • Workforce training on HIPAA requirements.
  • Documented policies and procedures for PHI handling.
  • Breach notification procedures in compliance with the HITECH Act.

For more details, see our HIPAA & BAA page.

9. Cookies and Tracking

We use essential cookies to maintain your session and provide the Services. We use analytics cookies to understand how the Services are used. We do not use advertising cookies or share cookie data with third-party advertisers.

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Services.

10. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Services at least 30 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

13. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, contact us at:

PRACTIS Health, Inc.
Email: [email protected]
Privacy inquiries: [email protected]

2026 PRACTIS. All rights reserved.
Terms of ServicePrivacy PolicyRefund PolicyHIPAA & BAA
Need help?
Ask our AI assistant about pricing, features, or demos.