Privacy Policy

Effective Date: September 5, 2025
Last Updated: September 5, 2025

Enabledoc LLC (“Enabledoc,” “we,” “our,” or “us”) is committed to maintaining the security and privacy of your personal information collected through:

• Websites: www.enabledoc.com and www.enablemyhealth.com (the “Websites”)

• Electronic Health Record: Enablemypractice (the “EHR”)

• Patient Portal: Enablemyhealth Patient Portal (the “Patient Portal”)

This Privacy Policy explains how Enabledoc collects, uses, discloses, and safeguards personal information when you use these platforms. It does not cover information provided in unrelated business or investment contexts.

Table of Contents

1. The Electronic Health Record (EHR)

2. The Enablemyhealth Patient Portal

3. The Websites

4. Information We Collect & How We Use It

5. Data Protection & Security Mechanisms

6. Recipients of Personal Information

7. California Privacy Rights (CCPA/CPRA)

8. Other State & International Rights (HIPAA/GDPR)

9. Children’s Privacy

10. Data Retention

11. Changes to This Policy

12. Questions

1. The Electronic Health Record (EHR)

Enabledoc provides the web-based Enablemypractice platform to customers under subscription agreements (“Customers”). Customers authorize users such as physicians, physician assistants, nurse practitioners, and support staff (“Authorized Users”).

• Customers and Authorized Users are responsible for determining uses and disclosures of patient health information within the EHR, in compliance with HIPAA, state privacy laws, and professional obligations.

• When Enabledoc receives or maintains patient information to provide the EHR, we do so as a HIPAA “Business Associate” and comply with all applicable HIPAA Privacy, Security, and Breach Notification Rules.

2. The Enablemyhealth Patient Portal

Customers may enable the Patient Portal for patients to schedule appointments, view portions of their health record, message providers, and request prescription-related communication.

Enabledoc uses patient data in the Patient Portal only to deliver these services, including:

• Requiring an email and mobile number to send a secure portal invitation.

• Tracking when messages or records are viewed, to update the EHR.

• Faxing a clinical profile on patient request via the portal.

• Maintaining aggregate, de-identified usage statistics for product improvement.

We do not sell or rent patient data and limit use strictly to providing and improving services.

3. The Websites

By using the Websites, you agree to this Privacy Policy. If you do not agree, please discontinue use. Continued use after updates constitutes acceptance.

We may collect:

• Personal information you provide: name, phone, email, and other details submitted through “Contact Us” or similar forms.

• Automatically collected data: IP addresses, browser/device information, cookies, and web beacons.

You may disable cookies in your browser, though certain features may not function properly.

4. Information We Collect & How We Use It

• Personal Information: To respond to requests, deliver services, and provide support.

• Aggregate Data: Used for internal analytics, performance optimization, and product development.

• Sensitive Health Information (PHI): Collected and processed only to deliver EHR/Portal services, under HIPAA.

We do not disclose or sell personal information for marketing purposes without explicit consent.

5. Data Protection & Security Mechanisms

Enabledoc applies industry-standard safeguards to protect data confidentiality, integrity, and availability:

• Encryption:

  • All data encrypted in transit (TLS/SSL).

  • Data at rest encrypted with AES-256 or equivalent.

• Access Controls:

  • Role-based access restrictions for staff and customers.

  • Multi-factor authentication for Authorized Users.

  • Minimum necessary access principle.

• Audit & Monitoring:

  • Real-time monitoring for unusual activity.

  • Audit logs maintained for HIPAA compliance.

  • Routine vulnerability scans and penetration testing.

• Data Minimization & Pseudonymization:

  • Collect only necessary data.

  • De-identify or pseudonymize data when possible.

• Business Associate Agreements (BAAs):

  • Required for all subcontractors handling PHI.

• Incident Response & Breach Notification:

  • Documented breach response plan.

  • Notification procedures per HIPAA, state laws, and other regulations.

• Backup & Disaster Recovery:

  • Encrypted backups with redundancy.

  • Business continuity plans tested regularly.

6. Recipients of Personal Information

We may disclose personal data:

• To service providers who support our operations under strict confidentiality.

• As required by law, subpoena, or regulatory request.

• In connection with mergers, acquisitions, or business transfers (with successor entities required to honor this Policy).

We never sell PHI or personal information.

7. California Privacy Rights (CCPA/CPRA)

California residents have rights to:

• Know what information is collected and shared.

• Request correction or deletion.

• Opt out of sale/sharing of personal data (Enabledoc does not sell data).

• Limit use of sensitive personal information.

• Non-discrimination when exercising privacy rights.

Requests can be submitted via support@enabledoc.com or 877.540.0933.

8. Other State & International Rights (HIPAA/GDPR)

• HIPAA: Patients may request access, amendment, and accounting of disclosures of their health information.

• GDPR (EU/EEA users): Data subjects have rights to access, rectification, erasure, restriction, portability, and objection to processing. Transfers outside the EEA include appropriate safeguards (e.g., Standard Contractual Clauses).

9. Children’s Privacy

Our Websites, EHR, and Patient Portal are not directed to children under 18. We do not knowingly collect or maintain data from children without parental/legal guardian consent.

10. Data Retention

Enabledoc retains data only as long as necessary to provide services, comply with legal obligations, and meet contractual commitments. When retention is no longer required, data is securely deleted or de-identified.

11. Changes to This Policy

We may update this Privacy Policy periodically. Substantive changes will be announced on our Websites or through direct communication, where required.

12. Questions

For questions or concerns about this Privacy Policy or Enabledoc’s privacy practices, contact us:

Enabledoc LLC
Email: support@enabledoc.com
Phone: 877.540.0933