Privacy Policy & HIPAA Compliance

Your Privacy and Security Are Our Top Priority

Our Commitment to HIPAA Compliance

Practice Vault takes HIPAA compliance and patient privacy extremely seriously. We understand the critical importance of protecting sensitive health information in all communications, including SMS messaging. Our platform is designed from the ground up to meet and exceed all HIPAA requirements for electronic protected health information (ePHI).

SMS Messaging & Privacy Protection

We provide secure SMS messaging services for healthcare practices to communicate with patients. When using our SMS services, we implement comprehensive safeguards to protect patient information:

SMS Messaging Information

If you opt in to SMS messaging, we will send appointment-related messages. Message frequency varies and message/data rates may apply. You may opt out by replying STOP; reply HELP for help.

How We Protect SMS Communications

  • Maximum Protection: Your messages are encrypted at every possible point - during transmission to our servers, while stored in our systems, and when sent to SMS gateways. We apply bank-level encryption to all data within our platform's reach, ensuring the highest level of security possible for SMS communications.
  • Secure Storage: Message data is encrypted at rest using industry-standard AES-256 encryption.
  • Access Controls: Strict authentication and authorization protocols ensure only authorized healthcare providers can access patient communications.
  • Audit Logging: Every SMS interaction is logged and tracked for compliance purposes, creating a complete audit trail.
  • Automatic Data Retention Policies: Messages are automatically deleted according to HIPAA-compliant retention schedules.

HIPAA Compliance Standards

Practice Vault maintains full compliance with the Health Insurance Portability and Accountability Act (HIPAA) through:

Administrative Safeguards

  • Regular security risk assessments and updates
  • Comprehensive workforce training on HIPAA requirements
  • Business Associate Agreements (BAAs) with all partners and vendors
  • Incident response procedures and breach notification protocols
  • Access management and minimum necessary access principles

Physical Safeguards

  • Secure data center facilities with 24/7 monitoring
  • Controlled facility access with biometric authentication
  • Device and media controls for all hardware
  • Secure disposal procedures for electronic media

Technical Safeguards

  • Unique user identification and strong password requirements
  • Automatic logoff and encryption of data in transit and at rest
  • Integrity controls to ensure ePHI is not improperly altered or destroyed
  • Transmission security through secure protocols

Patient Rights & Data Protection

We respect and protect all patient rights under HIPAA, including:

Your Rights Include:

  • Right to Access: Patients can request access to their communication history
  • Right to Amendment: Request corrections to inaccurate information
  • Right to an Accounting: Receive a record of disclosures of your health information
  • Right to Request Restrictions: Limit how your information is used and disclosed
  • Right to Confidential Communications: Choose how we contact you

SMS Consent & Opt-Out

Before sending any SMS messages, we ensure proper consent is obtained from patients. Every SMS includes clear opt-out instructions, and we immediately honor all opt-out requests. Patient preferences are strictly maintained and updated in real-time.

You may opt out by replying STOP to any message. Reply HELP for assistance. Message frequency varies and message/data rates may apply. Opting out of SMS will not affect your ability to receive care.

Data Security Measures

Our comprehensive security program includes:

  • Regular third-party security audits and penetration testing
  • SOC 2 Type II certification
  • Continuous security monitoring and threat detection
  • Regular backup procedures with encrypted offsite storage
  • Disaster recovery and business continuity planning

Information We Collect

When facilitating SMS communications between healthcare providers and patients, we may process:

  • Patient contact information (phone numbers)
  • Appointment scheduling information
  • Health reminders and notifications as authorized by your healthcare provider
  • Communication preferences and consent records
  • Message delivery confirmations and read receipts

How We Use Information

All information is used strictly for:

  • Facilitating secure communications between healthcare providers and patients
  • Ensuring HIPAA compliance and maintaining audit trails
  • Improving our security measures and service quality
  • Meeting legal and regulatory requirements

Third-Party Disclosure

We never sell, trade, or otherwise transfer patient information to outside parties. Information is only shared:

  • With your explicit consent
  • To comply with legal requirements or court orders
  • To protect rights, property, or safety in emergency situations
  • With authorized business associates under strict BAAs for service provision

Breach Notification

In the unlikely event of a data breach affecting protected health information, we will:

  • Notify affected individuals within 60 days as required by HIPAA
  • Inform your healthcare provider immediately
  • Report to the Department of Health and Human Services
  • Provide detailed information about the breach and steps to protect yourself

Contact Information

For questions about our privacy practices, HIPAA compliance, or to exercise your rights:

USA Headquarters

Practice Vault AI, LLC
1111B S Governors Ave STE 39341
Dover, DE 19904 USA
Phone: (814) 821-1816
Email: privacy@practicevault.com

European Office

Almir Kazazic
Rotenhofgasse 102
A-1100 Vienna, Austria
Phone: +43 664-8878-6292

Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify users of any material changes and obtain new consent where required by law.

Last Updated: August 2025