How MediChatApp protects health information when we provide services to our healthcare customers.
Last updated: November 20, 2025
This Notice of Privacy Practices (“Notice”) describes how MediChatApp (“we,” “us,” or “our”) protects and uses Protected Health Information (“PHI”) when we provide software and services to healthcare organizations and their patients. We act primarily as a Business Associate under the Health Insurance Portability and Accountability Act (“HIPAA”), meaning we process PHI on behalf of covered entities such as medical practices and health systems.
This Notice is intended to explain our privacy practices in that role. It does not replace or modify the Notice of Privacy Practices that you receive directly from your healthcare provider. If there is any conflict between this Notice and your provider’s Notice, your provider’s Notice will control how they use and disclose your information.
This Notice applies to PHI that MediChatApp handles when:
It also applies, in a more limited way, to any health-related information you provide directly to us through our websites or applications outside of a provider relationship.
“Protected Health Information” or “PHI” is individually identifiable health information that relates to:
PHI can include identifiers such as your name, date of birth, address, phone number, medical record number, appointment information, or other details that could be used to identify you in connection with your health.
As a Business Associate, MediChatApp uses and discloses PHI only as permitted by our Business Associate Agreements (“BAAs”) with covered entities and as allowed or required by law. Typical uses and disclosures include:
We may process PHI to support healthcare providers in delivering care to you, such as facilitating secure messaging between you and your care team, managing appointments, or displaying relevant information in a portal or practice dashboard.
We may use PHI to help providers with billing and payment-related activities, such as managing copay collection, sending billing notices or reminders at the direction of the provider, or supporting insurance-related workflows integrated with the practice’s systems.
We may use PHI to support the healthcare organization’s operations, including scheduling, contact center workflows, reporting requested by the provider, quality improvement, and system monitoring. These uses are limited to what is permitted by HIPAA and the applicable BAA.
Where allowed by our BAAs and applicable law, we may de-identify PHI in accordance with HIPAA requirements and use or disclose such de-identified or aggregated data for analytics, product improvement, or other lawful purposes. De-identified data does not identify you and is not treated as PHI.
We may use or disclose PHI when required to do so by federal, state, or local law, regulation, court order, or other legal process, and as otherwise permitted or required by HIPAA.
Under HIPAA, individuals generally have certain rights with respect to their PHI, including the right to:
Because we typically act as a Business Associate, we process PHI on behalf of your healthcare provider. In most cases, you should direct requests to exercise these rights to your provider, not to MediChatApp. If we receive a request directly from you, we may be required to forward your request to the appropriate covered entity or work with them to assist in fulfilling it.
We maintain administrative, technical, and physical safeguards designed to protect PHI from unauthorized access, use, or disclosure. These safeguards may include:
Additional details about our security practices may be found on our Security or Legal & Compliance pages, where available.
We may use carefully selected third-party vendors (subprocessors) to help us provide our services. Where these vendors have access to PHI, we require them to sign appropriate agreements and to implement safeguards consistent with HIPAA and our contractual obligations.
A current list of subprocessors is available on our Subprocessors page. We may update that list from time to time as our infrastructure and providers change.
If we discover a breach of unsecured PHI, we will notify the affected covered entities in accordance with our Business Associate Agreements and applicable law. Your healthcare provider is generally responsible for any required notifications to you and to regulators, and we work with them to support that process as needed.
We may update this Notice from time to time to reflect changes in our practices, legal requirements, or services. When we make changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide additional notice (for example, by posting a banner in the application or on our website).
Your continued use of our services after an updated Notice is posted indicates your acknowledgment of the changes, to the extent permitted by law.
If you have questions about this Notice or our privacy practices in connection with PHI, you may contact us at:
You also have the right to submit a complaint to your healthcare provider or to the U.S. Department of Health and Human Services, Office for Civil Rights, if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint in good faith.
To request access to your medical record, update your information, or exercise other privacy rights, please contact your healthcare provider directly. MediChatApp supports providers but does not replace their role as the custodian of your health record.