Patient Privacy Index
Sign In
Legal Document

Privacy Policy

Last Updated: April 5, 2026

CRITICAL PRIVACY COMMITMENT: Patient Privacy Index operates as an independent third-party assessment platform. We DO NOT collect, process, store, or transmit any Protected Health Information (PHI) as defined under HIPAA.

1. PLATFORM SCOPE AND DATA BOUNDARIES

1.1 No PHI Collection

Patient Privacy Index is NOT a Covered Entity or Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We do not:

  • Collect, access, or store patient medical records
  • Process health insurance information
  • Handle appointment schedules containing patient identifiers
  • Access electronic health record (EHR) systems
  • Collect individually identifiable health information in any form

1.2 Public Data Only

All data analyzed and displayed on this platform is derived exclusively from:

  • Publicly accessible website content (HTML, CSS, JavaScript)
  • Public DNS records and domain registration information
  • Network-level technical observations (headers, certificates)
  • Third-party tracking scripts detectable via passive observation
  • Public business registration and licensing databases

2. DATA WE COLLECT

2.1 Technical Assessment Data

Our automated systems collect and analyze the following technical data from publicly accessible healthcare websites:

Data Category Purpose
Domain name and DNS records Infrastructure identification
SSL/TLS certificate information Encryption compliance assessment
HTTP security headers Security posture evaluation
Third-party script sources Tracking pixel detection (Meta, Google, etc.)
Form field analysis (public pages) Data collection practice assessment
Cookie and storage analysis Privacy practice evaluation

2.2 Website Analytics Data

When you visit patientprivacyindex.org, we collect standard web analytics information:

  • IP address (anonymized where required by law)
  • Browser type and version
  • Operating system
  • Referring website
  • Pages visited and time spent
  • Click patterns and search queries

2.3 Contact and Account Information

When healthcare providers submit correction requests or purchase verification services:

  • Contact name and professional title
  • Business email address
  • Phone number
  • Entity name and domain ownership verification
  • Payment information (processed by third-party PCI-compliant processors)

3. HOW WE USE COLLECTED DATA

3.1 Primary Purpose

All collected data is used exclusively for:

  • Generating algorithmic privacy compliance assessments
  • Compiling public-facing rating and score information
  • Improving our technical scanning methodologies
  • Responding to verified entity correction requests
  • Platform security and fraud prevention

3.2 Data Retention

Data Type Retention Period
Technical scan results Indefinite (public information)
Analytics data 26 months
Contact form submissions 7 years (legal compliance)
Payment records 7 years (tax/accounting)

4. DATA SHARING AND DISCLOSURE

4.1 No Sale of Personal Information

Patient Privacy Index does not sell, rent, or trade personal information to third parties for commercial purposes.

4.2 Service Providers

We engage the following categories of service providers who may process data on our behalf:

  • Cloud hosting and infrastructure services (AWS)
  • Payment processing (Stripe)
  • Analytics services (Google Analytics)
  • Email communication services
  • Customer support platforms

4.3 Legal Requirements

We may disclose information if required by:

  • Valid subpoena, court order, or legal process
  • Law enforcement request under applicable law
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activity

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 Cookies We Use

Cookie Type Purpose
Essential Site functionality, security
Analytics Usage statistics, performance
Preference User settings, language

5.2 Your Choices

You may disable cookies through your browser settings. Note that essential cookies are required for core platform functionality.

6. DATA SECURITY

We implement industry-standard security measures including:

  • SSL/TLS encryption for all data transmission
  • Access controls and authentication requirements
  • Regular security assessments and penetration testing
  • Employee training on data protection practices
  • Incident response procedures

7. YOUR RIGHTS

Depending on your jurisdiction, you may have rights to:

  • Access personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of personal information
  • Object to certain processing activities
  • Request data portability
  • Withdraw consent (where processing is consent-based)

To exercise these rights, contact us at privacy@patientprivacyindex.org.

8. CHILDREN'S PRIVACY

This platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

9. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Material changes will be posted with an updated effective date. Your continued use of the platform constitutes acceptance of the revised policy.

10. CONTACT INFORMATION

For privacy-related inquiries:

Privacy Officer
Patient Privacy Index
Email: privacy@patientprivacyindex.org
Address: [Registered Agent Address]