Privacy Policy

PRIVACY POLICY
For use of ePRO Connect Software

AGILE PRACTICE INTEGRATIONS

PRIVACY POLICY FOR USE OF EPRO CONNECT SOFTWARE

Effective Date: 2025-01-01

Agile Practice Integrations, LLC (“API LLC,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share your personal information with ePRO Connect and its related services (collectively, “ePRO Connect,” “Software,” or “Service”).

By accessing or using our Service, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this policy, please do not use our Service.
1. Information We Collect:We collect both personal and non-personal information while providing our Service. This may include:
  • 1.1. Personal Information: This includes identifiers such as names, addresses, email addresses, phone numbers, patient health data, and other sensitive personal information that you provide directly through our platform or services.
  • 1.2. Health Information: We may collect health-related information such as medical records, patient-reported outcomes, and appointment details, which is governed by the Health Insurance Portability and Accountability Act (HIPAA) in the United States.
  • 1.3. Non-Personal Information: This includes data collected automatically when you use our platform, such as device information, usage patterns, IP addresses, and cookies.
  • 1.4. Financial Information: If the Practice uses ePRO Connect to process credit card transactions, certain financial information such as payment details may be collected by third-party payment processors. API LLC does not handle or store any financial information related to these transactions. All credit card processing is managed by the third-party providers integrated into the ePRO Connect platform.

2. How We Use Information: We use your information for the following purposes:

  • 2.1. Patient Data: We use patient data to provide and enhance the functionality of the ePRO Connect service. This includes sending appointment reminders, care instructions, educational content, survey prompts, and other relevant communications as directed by the Practice.
  • 2.2. Practice Data: We use Practice data to facilitate the operation of ePRO Connect, ensuring that the platform meets the Practice’s needs and that authorized users can access the required functionalities.
  • 2.3. Usage Data: We collect and analyze usage data to improve the performance and functionality of ePRO Connect, troubleshoot issues, and optimize the service based on usage patterns.
  • 2.4. Financial Information:
    • 2.4.1. Credit Card Processing: When processing credit card transactions via third-party payment processors, we may use patient demographic data to facilitate the transaction process. API LLC does not process or store financial data; this is handled by the third-party payment processors.
    • 2.4.2. Patient Financing Applications: The Service may connect patients to financing options through third-party partners. In such cases, patient demographic data may be used to send prequalification application links via non-encrypted SMS. API LLC does not handle or store financing application data; it only facilitates the connection to third-party financing providers.

3. Information We Do Not Collect and Practices We Do Not Engage In:

  • 3.1. Run Ads on Our Platform: We do not display third-party advertisements on our platform or use your data for advertising purposes.
  • 3.2. Sell Patient or Practice Data to Third Parties: We do not sell any personal, health-related, or practice data to third parties. Your data is kept confidential and is only shared as necessary to provide the Service, as outlined in this Privacy Policy.
4. Sharing of Information: We do not sell your personal information to third parties. However, we may share your information in the following cases:
  • 4.1. Service Providers: We may share your information with third-party service providers who help us operate and improve our Service (e.g., cloud hosting providers, analytics services, etc.).
  • 4.2. Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • 4.3. Legal Compliance: We may disclose your information when required to do so by law or to protect our rights, safety, or property, or that of others.
5. Data Retention: We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including complying with applicable legal obligations and resolving disputes. Specifically:
  • 5.1. We retain practice data for the duration of their subscription to ePRO Connect and for a period of up to 6 years thereafter, unless a longer retention period is required by applicable law or contractual obligations.
  • 5.2. We retain practice data in accordance with applicable legal, regulatory, and contractual obligations. Practices may contact us for more details regarding data retention and deletion policies.
  • 5.3. After the retention period ends, all personal and practice data will be securely deleted or anonymized using industry-standard secure deletion protocols to ensure it cannot be recovered.
6. How We Protect Your Information:
  • 6.1. All web traffic is encrypted via SSL.
  • 6.2. Your personal information is contained behind secured networks and is only accessible by a limited number of people who have special access rights to such systems.
  • 6.3. When we send SMS or email messages regarding appointments, we include your name, email, phone number, and practice name, but we do not include your date of birth or medical information.
  • 6.4. Your date of birth and reason for visit will only be transferred to the medical practice over encrypted channels.
7. How We Use Cookies: We use cookies for the following purposes:
  • 7.1. Session management: To store login information that persists across your session.
  • 7.2. Website traffic analysis: To generate website traffic reports via Google Analytics (GA). GA uses its own cookies to provide this information.
  • 7.3. UTM Tracking: We may use UTM (Urchin Tracking Module) parameters in URLs to track the effectiveness of marketing campaigns conducted by the practices using ePRO Connect. These cookies allow us to track where visitors are coming from (e.g., from email campaigns, social media, or ads) to help the practice understand traffic sources and improve the overall patient experience.
  • 7.4. Cookie Preferences: You can adjust your cookie settings through your browser or any cookie management tools available on our platform. Please note that disabling cookies may affect certain functionalities of the platform.
8. Third-Party Disclosures: We will not sell, trade, or transfer your personally identifiable information unless we provide you with advance notice. This does not include:
  • 8.1. Medical practices we are contacting on your behalf.
  • 8.2. Website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
  • 8.3. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
9. HIPAA Compliance: ePRO Connect is designed to assist the Practice in complying with the Health Insurance Portability and Accountability Act (HIPAA) when managing patient data. However, the Practice is ultimately responsible for ensuring that it handles Protected Health Information (PHI) in accordance with HIPAA regulations.
  • 9.1. Role of API LLC: API LLC provides the ePRO Connect platform and related services but does not directly manage PHI beyond necessary processing for the platform’s functionality. The Practice remains responsible for managing PHI in compliance with HIPAA.
  • 9.2. Security Measures: API LLC implements industry-standard security measures, including encryption and access controls, to protect PHI processed through the platform. The Practice must also ensure that it complies with HIPAA when using ePRO Connect to safeguard PHI.
  • 9.3. Data Breaches: If a data breach involving PHI occurs within our systems, API LLC will promptly notify the affected Practice and provide details to support their compliance with HIPAA breach notification requirements. The Practice is responsible for managing breach notifications to affected patients, as well as complying with all relevant HIPAA breach notification requirements.

10. California Data Privacy Compliance: This section applies to Practices located in California or handling data from California residents.

API LLC acknowledges its obligations under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). API LLC processes personal information solely on behalf of the Practice and will not sell or share personal information unless required by law.

  • 10.1. Under the CCPA/CPRA, California residents have the following rights:
    • 10.1.1. Right to Know: You have the right to request information about the categories and specific pieces of personal data we have collected about you in the past 12 months.
    • 10.1.2. Right to Delete: You may request the deletion of your personal information, subject to certain exceptions.
    • 10.1.3. Right to Opt-Out of Sale: API LLC does not sell your personal information to third parties.
    • 10.1.4. Right to Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA.
  • 10.2. The Practice is responsible for responding to requests from California residents exercising their rights under the CCPA/CPRA, such as requests to access, delete, or correct their personal information.
  • 10.3. Exercising Your Rights: California residents can submit requests under the CCPA/CPRA by contacting us as outlined in Section 19.
11. Children’s Online Privacy Protection Act (COPPA) Compliance:
  • 11.1. We are committed to protecting the privacy of children and complying with the Children’s Online Privacy Protection Act (COPPA). Our Service is not intended for individuals under the age of 13, and we do not knowingly collect, use, or disclose personal information from children without verifiable parental consent as required by COPPA. If we become aware that personal information from a child under 13 has been collected without proper parental consent, we will take immediate steps to delete such information from our systems.
12. Patient Consent:
  • 12.1. The Practice is solely responsible for obtaining all necessary consents from patients whose information is entered into ePRO Connect. This applies to all methods of data entry, including but not limited to patients entered via API integration with the Practice’s EHR or PM system or patients manually entered into ePRO Connect by the Practice. Consent must include, but is not limited to, the following information:
    • 12.1.1. Data Use and Storage: Patients must be informed that their data will be entered into a database and stored in an encrypted, de-identified format.
    • 12.1.2. Communications:
      • 12.1.2.1. By using the Service, patients consent to receiving communications via non-encrypted SMS service, including but not limited to appointment reminders, care reminders, educational content, survey prompts, online review prompts, and financing prequalification application links.
      • 12.1.2.2. Patients can opt out of SMS communications at any time by replying with “STOP” to the number sending the messages. To resume receiving SMS messages, patients can reply with “START.”
    • 12.1.3. Third-Party Access: Patients must be informed that their de-identified clinical data may be accessed by the Practice, API LLC, and other third parties for non-clinical purposes such as research, clinical symposiums, peer consultations, and marketing efforts.
    • 12.1.4. Data Protection: Patients must understand that their identity and/or personal contact information will not be disclosed to third parties without their express consent.
  • 12.2. Patient Consent by Using ePRO Connect: By using ePRO Connect, patients also consent to the collection and use of their data as outlined in this policy. API LLC is not liable for any failure by the Practice to obtain the necessary consents as required by HIPAA, CCPA, CPRA, or other applicable privacy regulations. The Practice agrees to indemnify API LLC against any claims or regulatory actions arising from the withdrawal of consent by patients or the Practice’s failure to properly document or obtain such consent.
13. Data Security and Compliance:
  • 13.1. Security Measures: API LLC takes all necessary precautions to safeguard patient data, including encryption, firewalls, and secure access controls. However, no system is 100% secure, and API LLC cannot guarantee the absolute security of any data.
  • 13.2. Compliance with Regulations: API LLC complies with applicable laws and regulations, including HIPAA, CCPA, and any other data privacy laws applicable to the data collected.
  • 13.3. Acknowledgement of Risk: While API LLC employs robust security measures, no system is entirely immune to cyber threats. Patients and Practices are encouraged to report any suspected vulnerabilities or concerns to us immediately.
14. Data Protection and Security:
  • 14.1. Encryption: We use industry-standard encryption protocols, including SSL/TLS encryption for data in transit and strong encryption for data at rest, to protect patient data.
  • 14.2. Access Controls: Access to sensitive data is restricted to authorized personnel only, based on their role within the Practice. We implement role-based access controls to ensure data is accessed only by those who need it.
  • 14.3. Security Audits: We conduct regular security audits and monitor the ePRO Connect platform for abnormal activity to detect potential threats before they can cause harm.
15. Data Sharing and Disclosure:
  • 15.1. Internal Use: API LLC may access personal information for the purpose of providing and improving ePRO Connect, as well as fulfilling the terms of this Privacy Policy.
  • 15.2. Third-Party Service Providers: We may share data with third-party service providers, such as payment processors, email marketing platforms, and other vendors that help us provide ePRO Connect services. These third parties are contractually obligated to protect your data and use it only for the services they are contracted to perform.
  • 15.3. Legal Obligations: We may disclose personal information to comply with applicable laws, regulations, or legal processes, such as responding to subpoenas or government inquiries.
16. Data Rights of Patients: Patients have the right to request access, correction, and deletion of their personal information. These rights are subject to the limitations of applicable laws. Requests can be directed to the Practice, who will work with API LLC to facilitate any necessary actions.
  • 16.1. Request Process: Requests for access, correction, or deletion of personal information should be directed to the relevant Practice. API LLC will work with the Practice to facilitate timely and accurate responses to these requests.

17. Third-Party Integrations: ePRO Connect supports integration with various third-party platforms, including EHR systems and CRM systems. We are not responsible for data security or privacy practices of third parties and encourage Practices to review third-party policies.

Practices are encouraged to regularly review and evaluate the privacy policies and security measures of third-party platforms integrated with ePRO Connect.

18. Changes to This Privacy Policy: API LLC reserves the right to update or modify this Privacy Policy at any time. Any changes will be posted on our website with the updated effective date. Patients and Practices are encouraged to review this Privacy Policy periodically.

19. Accessibility Statement: API LLC is committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you require this Privacy Policy in an alternative format, please contact us as outlined in Section 20.

20. Contact Us: If you have any questions or concerns about this Privacy Policy, please contact us:

ePRO Connect

Agile Practice Integrations, LLC © 2025 All Rights Reserved

For questions reach us at: sales@eproconnect.com

Ti-facebook Instagram Linkedin

Plan inquiry Form

Get Started with ePRO!

Fill out the form to book your demo and see how ePRO Connect’s powerful online scheduling, along with its advanced features, can transform patient engagement, boost efficiency, and drive practice growth.
Streamline operations, enhance patient satisfaction, and increase bookings-all with one seamless platform.

We’ll be in touch shortly to get you started!

Fill out the form to book your demo and we’ll be in touch shortly to get you started!