Privacy Policy

1. Overview

WVDoc ("we," "our," or "us") is committed to protecting the privacy and security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical documentation platform and related services.

By using WVDoc's services, you consent to the practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us, including:

• Identity Information: Name, date of birth, Social Security number, government-issued ID numbers
• Contact Information: Email address, phone number, mailing address
• Account Information: Username, password, security questions and answers
• Payment Information: Credit card details, billing address (processed securely through encrypted payment processors)

Medical Information

As a healthcare service provider, we collect and process Protected Health Information (PHI) including:

• Medical history and records
• Diagnostic information and test results
• Treatment plans and medication information
• Insurance information and claims data
• Healthcare provider communications

Technical Information

We automatically collect certain technical information when you use our services:

• IP address and device identifiers
• Browser type and version
• Operating system information
• Usage patterns and interaction data
• Log files and error reports

3. How We Use Your Information

We use your information for the following purposes:

Healthcare Services

• Providing medical documentation and record management services
• Facilitating communication between you and healthcare providers
• Processing insurance claims and billing
• Scheduling appointments and sending reminders
• Providing telemedicine and remote consultation services

Service Improvement

• Analyzing usage patterns to improve our platform
• Developing new features and services
• Conducting research to advance healthcare technology
• Ensuring platform security and preventing fraud

Legal and Compliance

• Complying with healthcare regulations and legal requirements
• Responding to legal requests and court orders
• Protecting our rights and the rights of our users
• Investigating and preventing illegal activities

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal or medical information to third parties. We may share your information only in the following circumstances:

Healthcare Providers

We share your medical information with authorized healthcare providers involved in your care, including:

• Your primary care physician and specialists
• Hospitals and medical facilities
• Laboratories and diagnostic centers
• Pharmacies and medication providers

Service Providers

We work with trusted third-party service providers who assist us in operating our platform:

• Cloud hosting and data storage providers
• Payment processing companies
• IT security and monitoring services
• Customer support and communication platforms

Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes and government requests
• Protect public health and safety
• Prevent or investigate suspected illegal activities
• Protect our rights, property, and safety

5. Data Security and Protection

Technical Safeguards

• Encryption: All data is encrypted in transit and at rest using AES-256 encryption
• Access Controls: Role-based access controls and multi-factor authentication
• Network Security: Firewalls, intrusion detection, and DDoS protection
• Monitoring: 24/7 security monitoring and incident response

Administrative Safeguards

• Regular security training for all employees
• Background checks for personnel with access to PHI
• Incident response and breach notification procedures
• Regular security audits and penetration testing

Physical Safeguards

• Secure data centers with biometric access controls
• Environmental monitoring and backup power systems
• Secure disposal of hardware and media
• Restricted access to server rooms and equipment

6. HIPAA Compliance

As a healthcare technology provider, WVDoc is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

Business Associate Agreements

We enter into Business Associate Agreements (BAAs) with all covered entities and ensure that our subcontractors also maintain HIPAA compliance.

Minimum Necessary Standard

We adhere to the minimum necessary standard, using and disclosing only the minimum amount of PHI necessary to accomplish the intended purpose.

Patient Rights Under HIPAA

You have the right to:

• Access and obtain copies of your medical records
• Request amendments to your medical information
• Request restrictions on the use and disclosure of your PHI
• Request confidential communications
• File complaints about privacy practices

7. Your Rights and Choices

Access and Portability

You have the right to:

• Access your personal and medical information
• Download or export your data in a portable format
• Request copies of your medical records
• Receive an accounting of disclosures

Correction and Updates

You can:

• Update your personal information through your account settings
• Request corrections to inaccurate medical information
• Add amendments to your medical records

Communication Preferences

You can control:

• Email and SMS notification preferences
• Marketing communication opt-outs
• Preferred methods of contact
• Language preferences for communications

8. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

Medical Records

• Adult medical records: Retained for a minimum of 7 years after the last treatment date
• Pediatric records: Retained until the patient reaches age 25 or 7 years after last treatment, whichever is longer
• Mental health records: Retained for 7 years after last treatment or as required by state law

Account Information

• Personal account data: Retained for the duration of your account plus 3 years
• Payment information: Retained for 7 years for tax and audit purposes
• Technical logs: Retained for 1 year unless required for security investigations

9. International Data Transfers

Your information is primarily stored and processed in secure data centers within the United States. If we transfer data internationally, we ensure adequate protection through:

• Standard Contractual Clauses approved by regulatory authorities
• Adequacy decisions for countries with equivalent privacy protections
• Binding Corporate Rules for intra-group transfers
• Explicit consent for specific transfer purposes

10. Children's Privacy

We take special care to protect the privacy of children under 18 years of age:

• Parental consent is required for children under 13
• Limited data collection for minors
• Enhanced security measures for pediatric records
• Special retention periods for minor's medical records
• Transition procedures when minors reach the age of majority

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will post the updated policy on our website
• We will notify you via email for material changes
• We will provide a 30-day notice period for significant changes
• The effective date will be clearly indicated

Your continued use of our services after the effective date constitutes acceptance of the updated policy.

12. Contact Information