MedsitePro Logo

Privacy Policy

Effective Date: May 13, 2025
Last Updated: May 13, 2025
www.medsitepro.com
Convena Care, LLC

This Privacy Policy ("Policy") describes how Convena Care, LLC ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects information in connection with the Medsite Pro platform (the "Platform"), a service provided to healthcare practices.

By using the Platform, you agree to the terms of this Policy. If you do not agree, do not access or use the Platform.

1. Scope and Audience

This Policy applies only to:

  • Website visitors,
  • Authorized users of our software, and
  • Healthcare practices (our customers).

This Policy does not apply to individual patients whose information is entered by a practice. Each healthcare provider is solely responsible for their own privacy practices and patient notices under HIPAA.

2. Information We Collect

A. Information Provided by Customers

  • Practice name, contact info, and provider details
  • Configuration settings
  • Communications with us (support tickets, emails)

B. System-Generated Information

  • Metadata (IP address, browser type, OS)
  • Logs of user activity
  • Error reports and usage statistics

C. Information Submitted by or About Patients

When a patient enters information through scheduling forms, intake forms, or other practice-hosted tools on our Platform, that information may include:

  • Full name, contact information, date of birth
  • Appointment type, reason for visit
  • Insurance details or other identifiers

This data is entered voluntarily by the patient or practice for the purpose of managing medical care and is handled in accordance with the Health Insurance Portability and Accountability Act ("HIPAA"). Convena Care acts solely as a Business Associate to the healthcare practice and processes this data only on behalf of, and under the direction of, the practice.

3. HIPAA Compliance and Business Associates

We maintain signed Business Associate Agreements (BAAs) with:

  • Microsoft Azure (infrastructure provider)
  • OpenAI (for limited AI-assisted features)

We do not access, use, or disclose PHI for any purpose other than to operate or support the Platform in accordance with HIPAA.

Any patient scheduling data submitted via Medsite Pro tools is treated as Protected Health Information (PHI) under HIPAA. Convena Care:

  • Does not access, read, or use PHI beyond what is necessary to operate and support the software;
  • Does not use PHI for analytics, product development, or marketing;
  • Does not determine the legal basis for patient data collection — this is the sole responsibility of the healthcare provider.

The healthcare practice is the Covered Entity and bears all legal obligations for:

  • Obtaining proper consents from patients;
  • Determining lawful use and disclosure of PHI;
  • Ensuring that any scheduling rules or eligibility restrictions comply with applicable law.

4. How We Use Information

We use information for the following purposes:

  • To provide and support the Platform
  • To maintain security, reliability, and compliance
  • To communicate with customers (administrative or support purposes only)
  • To analyze performance and improve the service

We do not sell or rent your data. We do not use PHI for marketing.

5. Disclosures and Third Parties

We may share data with:

  • Our contracted service providers, under binding agreements
  • Law enforcement or regulators if required by law
  • A successor entity in the event of a merger or acquisition (subject to applicable safeguards)

We do not allow third-party advertisers, tracking cookies, or analytics providers to access PHI.

6. Data Security

We use Microsoft Azure's HIPAA-eligible services with:

  • Encryption of all data in transit and at rest
  • Role-based access controls
  • Regular audits and access logs
  • Signed BAAs with infrastructure and AI vendors

However, no system is 100% secure. Your practice is responsible for managing user access and device security on your end.

7. Your Rights and Choices

You have the right to:

  • Access or correct your administrative account information
  • Request deletion of your practice's administrative account (note: PHI entered by your patients may be retained as required by law)

Patients who wish to access, correct, or delete their health information must contact the healthcare provider directly. Convena Care is not authorized to act on such requests independently.

8. Children's Privacy

This Platform is not intended for direct use by children. Any data collected about minors is done only through forms submitted by a healthcare practice.

9. Changes to This Policy

We may update this Policy from time to time. The effective date at the top will reflect the latest version. Continued use of the Platform after changes are posted constitutes your acceptance.

10. Contact Information

Questions or concerns?
Email: support@medsitepro.com