Last Updated: January 8, 2025

Privacy Policy

Your Privacy is Our Priority

Learn how USA Doctors Note protects your personal health information and maintains the highest standards of privacy and security in accordance with HIPAA regulations.

HIPAA Compliant
Full compliance with healthcare privacy laws
Data Protection
Advanced encryption and security measures
Your Rights
Complete control over your information

Table of Contents

HIPAA Notice

USA Doctors Note is committed to protecting your health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy explains how we collect, use, and safeguard your protected health information (PHI) and other personal data.

1. Information We Collect

Protected Health Information (PHI)

When you use our medical documentation services, we may collect and process the following types of protected health information:

  • Personal identifiers (name, date of birth, address, phone number)
  • Medical history and current health conditions
  • Symptoms and treatment information
  • Healthcare provider information
  • Insurance information (when applicable)
  • Appointment and consultation records

Personal Information

  • Contact information (email address, phone number)
  • Account credentials and security information
  • Payment and billing information
  • Communication preferences

Technical Information

  • IP address and device information
  • Browser type and version
  • Usage data and analytics
  • Session information and logs

2. How We Use Your Information

Healthcare Operations

  • Providing medical documentation services
  • Conducting medical consultations and evaluations
  • Creating and delivering doctor's notes and medical certificates
  • Maintaining accurate medical records
  • Quality assurance and improvement of services

Account Management

  • Creating and maintaining your account
  • Processing payments and billing
  • Providing customer support
  • Sending service-related communications

Legal and Compliance

  • Complying with healthcare regulations and laws
  • Responding to legal requests and court orders
  • Protecting against fraud and abuse
  • Ensuring platform security and integrity

3. HIPAA Compliance

Our HIPAA Commitment

As a covered entity under HIPAA, USA Doctors Note implements administrative, physical, and technical safeguards to protect your protected health information (PHI) as required by federal law.

Administrative Safeguards

  • Designated Privacy Officer responsible for HIPAA compliance
  • Comprehensive staff training on privacy and security policies
  • Access controls limiting PHI access to authorized personnel only
  • Regular privacy and security assessments
  • Incident response procedures for privacy breaches

Physical Safeguards

  • Secure data centers with restricted access
  • Workstation security and access controls
  • Device and media controls for PHI storage
  • Secure disposal of PHI-containing materials

Technical Safeguards

  • End-to-end encryption for data transmission and storage
  • Multi-factor authentication for account access
  • Audit controls and access logging
  • Automatic session timeouts and user authentication
  • Regular security updates and vulnerability assessments

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal health information. We may share your information only in the following circumstances:

With Your Authorization

  • When you provide written authorization for specific disclosures
  • Sharing medical documentation with your designated recipients
  • Communicating with your healthcare providers as requested

Required by Law

  • Court orders and legal subpoenas
  • Public health reporting requirements
  • Law enforcement investigations (limited circumstances)
  • Workers' compensation proceedings

Business Associates

  • HIPAA-compliant service providers (with signed Business Associate Agreements)
  • Technology vendors supporting our platform
  • Payment processors for billing services

5. Data Security

We implement industry-leading security measures to protect your information:

Encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • End-to-end encryption for sensitive communications

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Regular access reviews and audits
  • Automated session management

Infrastructure Security

  • SOC 2 Type II certified data centers
  • 24/7 security monitoring and incident response
  • Regular penetration testing and vulnerability assessments
  • Backup and disaster recovery procedures

6. Your Privacy Rights

Under HIPAA and applicable privacy laws, you have the following rights regarding your health information:

Access Rights

  • Right to access and review your PHI
  • Right to request copies of your medical records
  • Right to know who has accessed your information

Correction Rights

  • Right to request amendments to your PHI
  • Right to add statements of disagreement
  • Right to correct inaccurate information

Control Rights

  • Right to request restrictions on PHI use and disclosure
  • Right to request alternative communication methods
  • Right to revoke authorizations (with exceptions)
  • Right to file complaints about privacy practices

Important Note

Some rights may be limited by applicable laws or legitimate business needs. We will respond to your requests within the timeframes required by law and provide explanations for any denials.

7. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and improve our services:

Essential Cookies

  • Authentication and session management
  • Security and fraud prevention
  • Load balancing and performance optimization

Analytics Cookies

  • Usage analytics and performance monitoring
  • Service improvement and optimization
  • Error tracking and debugging

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect the functionality of our services.

8. Third-Party Services

We work with carefully selected third-party service providers who have signed Business Associate Agreements and commit to HIPAA compliance:

  • Cloud hosting providers (AWS, Google Cloud)
  • Payment processors (Stripe, PayPal)
  • Email and communication services
  • Analytics and monitoring tools
  • Customer support platforms

All third-party providers are required to maintain the same level of privacy and security protection for your information as we do.

9. Data Retention

We retain your information for the following periods:

  • Medical records: 7 years from last service date (or as required by state law)
  • Account information: 3 years after account closure
  • Communication records: 3 years from last interaction
  • Billing records: 7 years for tax and audit purposes
  • Technical logs: 1 year for security and performance monitoring

After the retention period expires, we securely delete or anonymize your information in accordance with industry best practices and legal requirements.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Privacy Officer

USA Doctors Note Privacy Department
Address: 30 Hudson Yards, Floor 38, New York, NY 10001
Email: privacy@havellum.com
Phone: +1 (555) 123-4567
HIPAA Compliance: hipaa@havellum.com

We will respond to your privacy-related inquiries within 30 days. For urgent HIPAA-related concerns, please call our privacy hotline during business hours.

Filing a Complaint

You have the right to file a complaint with us or with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.

Effective Date: This Privacy Policy is effective as of January 8, 2025. We reserve the right to modify this policy at any time. Material changes will be communicated to you via email or through our platform at least 30 days before they take effect.