Privacy Policy

1. Introduction

At KeepTrack, we understand that your privacy and the privacy of your patients is of utmost importance. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our dental practice management software and services.

As a healthcare technology provider, we are committed to maintaining the highest standards of data protection and compliance with all applicable privacy laws, including HIPAA (Health Insurance Portability and Accountability Act).

2. Information We Collect

2.1 Practice Information

We collect information about your dental practice, including:

• Practice name, address, and contact information
• Practitioner names, credentials, and professional information
• Staff member information and access credentials
• Business associate agreement details

2.2 Patient Health Information (PHI)

When you use our software to manage patient records, we may process Protected Health Information (PHI) on your behalf, including:

• Patient demographic information
• Medical and dental history
• Treatment plans and clinical notes
• Appointment scheduling information
• Billing and insurance information
• Digital images and x-rays

2.3 Technical Information

We automatically collect certain technical information, including:

• IP addresses and device identifiers
• Browser type and version
• Usage patterns and software interactions
• System performance and error logs

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Provide and maintain our dental practice management software
• Process patient appointments and scheduling
• Generate reports and analytics for your practice
• Facilitate billing and insurance claim processing
• Provide customer support and technical assistance

3.2 Service Improvement

We may use aggregated, de-identified data to:

• Improve our software features and functionality
• Develop new products and services
• Conduct research and analytics
• Enhance user experience and system performance

3.3 Legal Compliance

We may use your information to:

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Protect our rights and prevent fraud
• Ensure system security and integrity

4. HIPAA Compliance

KeepTrack operates as a Business Associate under HIPAA. We have implemented appropriate administrative, physical, and technical safeguards to protect PHI in accordance with HIPAA requirements.

4.1 Business Associate Agreement

All covered entities using our services must execute a Business Associate Agreement (BAA) that outlines our respective responsibilities for protecting PHI.

4.2 PHI Safeguards

We maintain PHI security through:

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication and access controls
• Regular security audits and vulnerability assessments
• Employee training on HIPAA compliance
• Incident response and breach notification procedures

5. Data Sharing and Disclosure

5.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating our business, including:

• Cloud hosting and infrastructure providers
• Payment processing companies
• Customer support platforms
• Security monitoring services

All service providers are bound by confidentiality agreements and must comply with applicable privacy and security requirements.

5.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with court orders or legal processes
• Respond to government investigations
• Protect against fraud or security threats
• Enforce our terms of service

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections outlined in this policy.

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Technical Safeguards

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Regular security updates and patches
• Intrusion detection and prevention systems
• Regular backup and disaster recovery procedures

6.2 Administrative Safeguards

• Role-based access controls
• Regular employee security training
• Background checks for personnel
• Incident response procedures
• Regular security audits and assessments

6.3 Physical Safeguards

• Secure data centers with 24/7 monitoring
• Biometric access controls
• Environmental controls and redundancies
• Secure disposal of physical media

7. Your Rights and Choices

7.1 Access and Correction

You have the right to access and correct your practice information. Patient rights regarding PHI are governed by HIPAA and should be addressed through your practice's privacy procedures.

7.2 Data Portability

You can export your practice data in standard formats. We provide tools and support to help you migrate your data if you choose to discontinue our services.

7.3 Account Deletion

You may request deletion of your account and associated data. Please note that we may retain certain information as required by law or for legitimate business purposes.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable laws.

9. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

11. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

For HIPAA-related inquiries or to report a potential breach, please contact our HIPAA Compliance Officer at the above contact information.