SimplePractices' Terms of Service allow them to use and share the information users provide, but only for specific reasons. It's important to note, though, that their privacy policy ensures they remain in line with HIPAA standards. This article delves deeper into SimplePractice's terms and privacy commitments.
We will be providing an in-depth explanation of how the licensing provisions within SimplePractice's terms of service apply to the healthcare professionals utilizing its services.
This article is not legal advice, and we recommend you reach out to SimplePractice if discuss any concerns with their terms of service and privacy policies.
Go deeper: Addressing concerns around SimplePractice's terms and conditions
SimplePractice is a comprehensive practice management software designed to streamline administrative tasks for healthcare professionals. SimplePractice emphasizes its compliance with HIPAA, ensuring that its platform adheres to the strict privacy and security standards required to protect patients' sensitive health information and offering a business associate agreement in alignment with these standards. This commitment to HIPAA compliance helps healthcare providers confidently manage their practices and interact with clients while maintaining the highest level of data protection.
The terms of service outlined in this agreement apply to the users of the service, referred to as "You," and the other members of their team who access or use the services provided by SimplePractice, LLC ("SimplePractice"). These terms also extend to any organization with which the user is associated and identified in the account creation process, as well as the providers affiliated with that organization. If accessing or using the services on behalf of an organization, the user represents that they have the legal authority to bind the organization to these terms.
The agreement covers:
The user indicates that they accept the terms by accessing, using, subscribing to, purchasing, or downloading the services.
Note: the agreement includes a binding arbitration clause and a class action waiver. SimplePractice maintains the right to modify the agreement, and the user is bound by any changes if continuing to access or use the services after the effective date of such changes.
See also: How does HIPAA define marketing?
SimplePractice's terms of service include a portion relating to their license of user data which states, "By uploading or submitting any User Data to or through the Services, and permitting other Users (including, without limitation, Clients) to upload any User Data into the Services, You hereby automatically at such time grant SimplePractice (and its affiliates) a non-exclusive, worldwide, royalty-free, fully paid-up, perpetual, irrevocable, sublicensable (through multiple tiers), and transferable license to use, reproduce, distribute, prepare derivative works of, perform and display such User Data (including User Data that is created, collected or generated by the Services or SimplePractice using the User Data Users submit)."
We understand this to mean that SimplePractice has permission to use, copy, share, change, perform, and show your data. They can do this to provide services and improve and market their products. The terms also let them look at your data to fix problems, test things, help you, and make the services even better in the future.
SimplePractice's terms say that if they use your info for things besides the services, they won't know it's from you or your group. Even if you stop using the service, they can still use your data. But what you share on your professional website is different and provided for in the terms of service. Furthermore, the use of user data is still subject to SimplePractice's Privacy Policies.
SimplePractice states that it will not sell any Personal Information contained in User Data. It also will not retain, use, or disclose Personal Information provided by users about their clients except for specific purposes permitted under the Agreement. SimplePractice assures that it will only use Protected Health Information (PHI) as permitted by the Agreement, the business associate agreement (BAA), and applicable law, including HIPAA.
The BAA is an extension of the Terms of Service and establishes guidelines for the use and disclosure of PHI. This allows SimplePractice to use or share PHI for tasks and services on behalf of the Covered Entity, as allowed by the Agreement and within the bounds of privacy and state laws. They can also use PHI for their own administrative and legal needs, and share PHI for similar purposes, as long as it's required by law. Additionally, SimplePractice can report legal violations, offer Data Aggregation services for healthcare operations, and create de-identified information, all in line with relevant regulations.
SimplePractice's Terms of services allow for them to use, copy or share the data provided by users for specific purposes. However, This permission is limited by the privacy policy, which makes the direct distinction that their practices will still align with HIPAA, and the data will not be identifiable. Any healthcare providers considering the use of SimplePractice should still carefully assess if their handling of user data aligns with their own internal practices.
See also: HIPAA Compliant Email: The Definitive Guide