Privacy Policy

Home | Privacy Policy

Last Updated: December 13, 2025

MySurgeryQuote (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our surgery quote software and services (“Service”).

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you register for the Service, we collect:

  • Name and contact information (email, phone number)
  • Practice/business name and address
  • Billing information (processed securely through Stripe)
  • User credentials

1.2 Patient Information (Protected Health Information)

When you use the Service, you may enter patient information including:

  • Patient names and contact details
  • Patient identification numbers
  • Procedure information
  • Pricing and quote details
  • Medical procedure codes

This information constitutes Protected Health Information (PHI) under HIPAA. We process this information solely on your behalf as a Business Associate.

1.3 Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage patterns and features accessed
  • Performance data

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session
  • Remember your preferences
  • Analyze Service usage
  • Improve our Service

2. How We Use Your Information

2.1 To Provide the Service

  • Create and manage your account
  • Process quotes and generate PDFs
  • Enable feature functionality
  • Provide customer support

2.2 To Improve the Service

  • Analyze usage patterns
  • Identify and fix issues
  • Develop new features
  • Optimize performance

2.3 To Communicate With You

  • Send service-related notifications
  • Respond to inquiries
  • Provide updates about the Service
  • Send billing and account information

2.4 For Legal and Security Purposes

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraud and abuse
  • Maintain security of the Service

3. HIPAA Compliance

3.1 Business Associate Relationship

When you use MySurgeryQuote to process Protected Health Information (PHI), we act as your Business Associate under HIPAA. We will:

  • Enter into a Business Associate Agreement (BAA) with you
  • Use and disclose PHI only as permitted by the BAA and HIPAA
  • Implement appropriate safeguards to protect PHI
  • Report any security incidents or breaches as required

3.2 PHI Safeguards

We protect PHI through:

  • Encryption: All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access, unique user IDs, automatic session timeouts
  • Audit Logging: Comprehensive logging of all PHI access and modifications
  • Secure Infrastructure: HIPAA-compliant cloud hosting with SOC 2 certification
  • Employee Training: All employees complete HIPAA training

3.3 Your HIPAA Responsibilities

As a Covered Entity, you are responsible for:

  • Obtaining appropriate patient authorizations
  • Training your workforce on HIPAA compliance
  • Implementing your own policies and procedures
  • Reporting any suspected breaches to us

4. Information Sharing and Disclosure

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or patient data to third parties for marketing purposes.

4.2 Service Providers

We may share information with trusted service providers who assist us in operating the Service, including:

  • Cloud Hosting: For data storage and processing
  • Payment Processing: Stripe for subscription billing
  • Email Services: For transactional communications
  • Analytics: For Service improvement (anonymized/aggregated data only)

All service providers are bound by confidentiality agreements and, where applicable, Business Associate Agreements.

4.3 Legal Requirements

We may disclose information if required by law or in response to:

  • Court orders or subpoenas
  • Government requests
  • To protect our legal rights
  • In connection with legal proceedings

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Security

We implement comprehensive security measures including:

5.1 Technical Safeguards

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security assessments and penetration testing
  • Intrusion detection and prevention systems
  • Automated backup and disaster recovery

5.2 Administrative Safeguards

  • Employee background checks
  • HIPAA training for all staff
  • Access limited to authorized personnel
  • Incident response procedures
  • Regular policy reviews

5.3 Physical Safeguards

  • Secure, SOC 2 certified data centers
  • Physical access controls
  • Environmental controls

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Service.

6.2 After Termination

Following account termination:

  • We retain data for 30 days to allow for data export
  • After 30 days, data is securely deleted
  • Certain data may be retained longer if required by law

6.3 Backup Data

Backup copies may persist for up to 90 days after deletion from production systems.

7. Your Rights

7.1 Access and Portability

You may:

  • Access your account data at any time through the Service
  • Request a copy of your data in a portable format
  • Export your quotes and procedure data

7.2 Correction

You may update or correct your account information through the Service or by contacting us.

7.3 Deletion

You may request deletion of your account and associated data by contacting us. Note that:

  • We may retain certain data as required by law
  • Deletion requests for PHI must comply with HIPAA requirements

7.4 Patient Rights

Your patients may have rights regarding their PHI under HIPAA. As the Covered Entity, you are responsible for responding to patient requests. We will assist you as needed.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us.

9. Children’s Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

10. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer.

11. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending you an email notification
  • Displaying a notice within the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

MySurgeryQuote Website: www.mysurgeryquote.com

For HIPAA-related or any inquiries: Contact us.

14. HIPAA Notice

This section serves as our Notice of Privacy Practices for Protected Health Information.

Uses and Disclosures of PHI

As a Business Associate, we use and disclose PHI only:

  • To perform functions on behalf of Covered Entities
  • As permitted or required by our Business Associate Agreement
  • As required by law

Your Rights Regarding PHI

Through your healthcare provider (our customer), you may have rights to:

  • Access your PHI
  • Request corrections to your PHI
  • Request restrictions on uses and disclosures
  • Receive an accounting of disclosures
  • File complaints regarding privacy practices

Breach Notification

In the event of a breach of unsecured PHI, we will:

Document and report breaches as required by HIPAA detection service.

Notify affected Covered Entities within 24 hours of discovery

Assist in breach investigation and notification as required

Powered by
...
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by