Privacy Policy
At a glance
This policy covers the Open Medicine website, patient portal, and account system — what we collect, how we use it, and the choices you have. The health information in your medical record is covered separately by our Notice of Privacy Practices.
The short version: we never sell information about you, we don’t use advertising trackers, we collect the least we need, and for optional sharing our starting answer is no unless you tell us otherwise.
What we never do
- We never sell information about you — not personal information, not protected health information (PHI), not portal data, not your text-message opt-in or consent.
- We never use advertising trackers or cross-site tracking pixels.
- We never share your SMS opt-in or consent with anyone for third-party marketing or promotion.
- We share only what’s necessary with the providers that deliver the messages and services you ask for.
Two privacy notices
In plain terms: This page is about your account and our online services. A separate HIPAA notice covers the medical records themselves.
- Privacy Policy (this page) — how the website, portal, account system, support, and related online services handle personal information.
- Notice of Privacy Practices — the HIPAA notice for how we may use and disclose protected health information, and your rights over that information.
What we collect
In plain terms: The information needed to run your account, keep it secure, provide your care, and take payment — and the basic technical logs that keep the service working.
- Account and contact information — name, email, phone number, date of birth, mailing address, invite or verification status, and account preferences.
- Login and security data — sign-in history, authentication events, IP address, device and browser information, session activity, and audit logs.
- Portal and service information — what you enter or upload in the portal: intake answers, forms, consents, messages, document requests, and appointment or telehealth information. When this relates to your health care, it is handled as health information under the Notice of Privacy Practices.
- Payment and transaction information — payment status, receipts, invoice identifiers, refund records, and related billing information. We do not store full payment-card numbers.
- Communications information — emails, text-message delivery records, support requests, and related metadata.
- Technical and usage data — basic logs needed to operate, secure, troubleshoot, and improve the service.
How we use your information
In plain terms: To run and secure your account, deliver your care, take payment, answer support, keep audit trails, prevent misuse, and meet legal duties. Not to advertise to you.
We use information to create and secure accounts, verify identity and access, deliver login codes and account notices, provide portal and medical-practice services, process payments, respond to support requests, maintain audit trails, prevent misuse, improve reliability, and meet legal obligations. We do not use your information to serve you ads or to build advertising profiles.
Optional sharing starts with no
In plain terms: Sharing that is optional is off until you turn it on. Some sharing needed for your care, billing, or the law does not need a separate yes — the HIPAA notice explains which.
For optional uses or disclosures that require your authorization, our starting answer is no. We do not proceed unless you authorize it, and you may revoke that authorization in writing for future uses or disclosures. HIPAA also permits or requires certain uses and disclosures without a separate opt-in — including treatment, payment, health care operations, and specific legal or public-safety duties. The Notice of Privacy Practices explains those cases.
Text messages (SMS)
In plain terms: If you give us your phone number, we text you login codes and account-security messages only. Reply STOP anytime. We never sell or share your opt-in.
If you provide your phone number, we use it to send login codes and account security messages only. Message frequency varies with your use of the service. Message and data rates may apply. Reply STOP to opt out (you can still sign in by email code or password) or HELP for help.
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Opt-in data and consent are never sold or shared.
When we share information
In plain terms: Only what’s needed to run the service, provide your care, or follow the law. Vendors who touch health information sign a business associate agreement.
We share information only as needed to run the service, provide medical care, or comply with law:
- Service providers that help with hosting, authentication, email, SMS, support, payment processing, e-signature, security, or record storage.
- Health care partners — providers, laboratories, pharmacies, or health plans — when needed for treatment, payment, or health care operations.
- Authorities — government, regulatory, law-enforcement, or public-health — when required or permitted by law.
Where a vendor handles protected health information for us, we use a business associate agreement or other required contract. We never sell any of this information.
How protection works today
In plain terms: Real, in-place protections: an encrypted connection, encrypted storage, logins and access controls, and an encrypted session cookie your browser scripts can’t read. This is strong protection — but it is not end-to-end or zero-knowledge encryption, and you are not the only holder of the keys.
Connections between your browser and the production portal use HTTPS. Production storage is encrypted at the infrastructure level. We require authentication and use access controls and encrypted session cookies. These safeguards are not end-to-end or zero-knowledge encryption. Patients do not currently hold the only decryption keys.
We also design the service so clinical details are not placed in email bodies, SMS bodies, analytics tools, payment metadata, or application logs unless specifically required and appropriately protected, and inactive sessions time out automatically.
No system is perfectly secure. If we discover a breach requiring notice, we will provide notice as required by law.
Where we are headed
In plain terms: A goal, not a feature you have today. We won’t claim it until it’s built and independently checked.
Our long-term goal is to give patients more direct control over encryption keys and optional sharing — closer to how a serious password manager protects a vault. This is a roadmap direction, not a feature available today. We will not describe Open Medicine as end-to-end encrypted, zero-knowledge, or user-held-key until that design is built and independently verified.
How long we keep information
In plain terms: As long as we need it to run the service and meet legal and medical-record rules — then no longer.
We retain information as long as needed to provide services, maintain security and audit trails, comply with legal duties, resolve disputes, and keep required business or medical records. Medical-record retention follows the rules that apply to health care records and the Notice of Privacy Practices.
AI and analytics
In plain terms: No ad analytics, no cross-site tracking. If we ever add AI features that touch health information, that information goes only to services approved for it — or is de-identified first.
We do not use advertising analytics or cross-site tracking pixels. If Open Medicine later offers AI features involving health information, protected health information will be sent only to services that are approved for that use under appropriate privacy and security terms, such as a business associate agreement when required, or will be de-identified before use.
Your choices and rights
In plain terms: You can ask to see, correct, or delete personal information that isn’t part of a required record. Your rights over health information are in the HIPAA notice.
You may ask to access, correct, update, or delete personal information that is not part of a required medical, billing, security, or legal record. Rights regarding your health information are described in the Notice of Privacy Practices. You may also ask us to contact you by a specific method or at a specific address where reasonable.
To make a request, email support@openmedicine.md.
Changes and contact
This policy is effective July 10, 2026. We will post any changes here with a new effective date. Questions? support@openmedicine.md.