Privacy Policy
PageMD, Inc. ("PageMD," "we," "us," or "our") operates an AI-powered telephone answering and paging service for outpatient medical clinics. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit pagemd.ai (the "Site") or use our services (the "Service").
By using the Site or Service you agree to this Policy. If you do not agree, please do not use the Site or Service.
HIPAA Notice. When PageMD processes calls on behalf of a covered entity (such as a medical clinic), PageMD acts as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). In that capacity we enter into a Business Associate Agreement ("BAA") with the covered entity and handle Protected Health Information ("PHI") only as permitted by HIPAA and that BAA. This Policy does not replace or limit any applicable BAA.
1. Information We Collect
We collect information in the following ways:
- Clinic and account information. When a clinic signs up or contacts us, we collect business contact details (name, clinic name, email address, phone number) and billing information.
- Call data. The Service records and transcribes inbound phone calls made to a clinic's PageMD line. These recordings and transcripts may contain Protected Health Information about patients, including names, dates of birth, medications, symptoms, and other clinical details. Such data is processed solely on behalf of the clinic under our BAA.
- Structured paging output. We generate structured intake summaries and route them to designated providers. These summaries may include PHI and are handled under the applicable BAA.
- Website usage data. We collect standard log data (IP address, browser type, pages viewed, referring URLs, timestamps) when you visit the Site. We may use cookies or similar technologies to maintain session state and analyze traffic.
- Communications. If you email us or submit our early-access form, we retain your message and contact details.
- Interactive demo. The on-site demo uses synthetic (fictional) patient scenarios. No real PHI is transmitted during the demo.
2. How We Use Information
- Deliver, operate, and improve the Service, including training and refining AI models using de-identified or aggregate data.
- Process and route calls on behalf of clinics as directed by each clinic.
- Respond to inquiries and provide customer support.
- Send product updates, early-access notifications, and service announcements (you may opt out at any time).
- Comply with legal obligations and enforce our Terms of Service.
- Detect and prevent fraud, abuse, or security incidents.
We do not sell personal information or PHI to third parties. We do not use PHI to train AI models without explicit written consent from the relevant covered entity.
3. How We Share Information
We may share information with:
- Service providers. Cloud infrastructure, telephony, and analytics vendors that process data on our behalf under appropriate data-protection agreements (and, where required, BAAs).
- The clinic you call. Call recordings, transcripts, and structured paging outputs are shared with the clinic that engaged us. How that clinic further uses patient information is governed by its own HIPAA obligations.
- Legal or regulatory authorities. If required by law, court order, or to protect our rights or the rights of others.
- Business transfers. In connection with a merger, acquisition, or sale of assets, subject to the acquirer honoring this Policy and any applicable BAAs.
4. HIPAA and Business Associate Obligations
As a Business Associate, PageMD:
- Uses and discloses PHI only as permitted by the applicable BAA and HIPAA.
- Implements administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI (ePHI) as required by the HIPAA Security Rule.
- Reports any known breach of unsecured PHI to the covered entity within the timeframe specified in the applicable BAA.
- Ensures that its subcontractors who access PHI agree to the same obligations.
If you are a patient whose call was processed by PageMD on behalf of a clinic, please contact that clinic directly to exercise your HIPAA rights (access, amendment, accounting of disclosures, etc.). PageMD will cooperate with covered entities in responding to patient rights requests as required by HIPAA.
5. Data Retention
We retain call recordings and transcripts for the period specified in the applicable BAA (typically the minimum required for HIPAA compliance, generally six years from creation or last effective date). Account and billing information is retained for as long as necessary to provide the Service and meet our legal obligations. Website log data is typically retained for 90 days.
6. Security
We implement industry-standard technical and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit (TLS 1.2+) and at rest, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
7. Cookies and Tracking
The Site uses essential cookies for session management and may use analytics cookies (such as simple, privacy-respecting analytics) to understand traffic patterns. We do not use third-party advertising or behavioral-tracking cookies. You may disable cookies in your browser settings; some features may not function correctly if you do.
8. Third-Party Links
The Site may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.
9. Children's Privacy
The Site and Service are intended for healthcare professionals and are not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn we have done so, we will delete it promptly.
10. California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect about you, to request deletion of that information, and to opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us at team@pagemd.ai. We will not discriminate against you for exercising your privacy rights.
11. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top and, for material changes, notify affected clinics by email. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.
12. Contact Us
Questions, concerns, or requests regarding this Policy or our privacy practices may be directed to:
PageMD, Inc.
Email: team@pagemd.ai