Privacy Policy

At OrgaMedica, your privacy is paramount. This policy explains how we collect, use, protect, and share your information.

Last Updated: January 2025

Information We Collect

Account Information

When you register for OrgaMedica, we collect:

  • Name, email address, and contact information
  • Practice name and location
  • Professional credentials and license numbers
  • Billing and payment information

Patient Data

As a HIPAA-compliant platform, we process PHI including:

  • Patient demographics and contact information
  • Medical records, diagnoses, and treatment plans
  • Appointment history and scheduling data
  • Insurance and billing information

Usage Data

We automatically collect technical information:

  • IP addresses and device information
  • Browser type and operating system
  • Pages visited and features used
  • Access times and duration

How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our services
Process appointments, billing, and payments
Communicate with you about your account
Ensure HIPAA compliance and data security
Detect, prevent, and address technical issues
Comply with legal obligations
Provide customer support and assistance
Send administrative updates

Important: We never use your patient data for AI training or sell your data to third parties.

Information Sharing

We only share your information in these limited circumstances:

With Your Consent

We share information when you explicitly authorize us to do so, such as integrating with third-party services.

Service Providers

We work with trusted vendors who help us provide our services. All vendors sign Business Associate Agreements (BAAs) and are expected to follow HIPAA requirements.

Legal Requirements

We may disclose information when required by law, court order, or government request.

Business Transfers

If OrgaMedica is ever involved in a merger or acquisition, we will notify you and ensure continued protection of your data.

Data Security

We implement industry-leading security measures:

AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
Multi-factor authentication (MFA)
Regular security audits
24/7 monitoring and incident response
Secure data centers
Role-based access controls
Comprehensive audit logging

Learn more on our Security page.

Your Rights

You have the following rights:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request data deletion
  • Portability: Export your data
  • Objection: Object to certain processing

Contact: privacy@orgamedica.com

Data Retention

We retain information as necessary to:

  • Provide our services
  • Comply with legal requirements
  • Resolve disputes
  • Maintain business records

Patient health records are typically retained for 7–10 years or longer, depending on applicable regulations.

Questions About Privacy?

Our privacy team is here to help with any questions or concerns about how your data is handled.

Phone: +1 (646) 466-7070