Home
Solutions
PrismEHRPrismScribeeRx MobileGuidePTPrismCreatorCuratoFormRehab PrescribedReady2Exercise
Team
Fellows
Contact
Learn More
Home
Solutions
PrismEHRPrismScribeeRx MobileGuidePTPrismCreatorCuratoFormRehab PrescribedReady2Exercise
Team
Fellows
Contact
Learn More

Privacy Policy


Last Updated: 10/31/2025

Introduction

This Privacy Policy describes how Rehabilitation Health ("we," "us," or "our") collects, uses, and protects your information when you use our products and services (collectively, the "Services").

We are committed to protecting your privacy and maintaining HIPAA compliance. By using our Services, you agree to the collection and use of information in accordance with this policy.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

HIPAA Compliance

We are a HIPAA-compliant service. We collect, store, and process Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). We have implemented appropriate administrative, physical, and technical safeguards to protect PHI in accordance with HIPAA requirements.

If you are a covered entity or business associate under HIPAA, we will enter into a Business Associate Agreement (BAA) with you as required by law.

Data We Collect

1. Account Information

  • Email address
  • Name
  • Professional credentials and role
  • Practice or organization affiliation
  • Account preferences and settings

2. Protected Health Information (PHI)

Through your use of our Services, we may collect and process:

  • Patient demographic information
  • Clinical notes and documentation
  • Treatment and assessment information
  • Audio recordings of clinical encounters (temporarily, for transcription purposes)
  • Diagnostic and treatment codes
  • Exercise and wellness program data
  • Health assessment responses

3. Integration Data

When you use our Services with third-party systems, we may:

  • Access information from connected systems to enable functionality
  • Write data to connected systems based on your actions
  • Sync information between our Services and your existing tools

4. Usage and Technical Data

  • Device and browser information
  • IP address
  • Log data including timestamps and features used
  • Usage patterns and interaction data
  • Performance and diagnostic information

5. Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and authentication
  • Remember your preferences
  • Analyze usage patterns to improve our Services

How We Use Your Data

Service Delivery

  • To provide our clinical documentation, assessment, and wellness tools
  • To enable integrations with your existing systems
  • To create and manage your account
  • To authenticate your identity and authorize access
  • To provide customer support and respond to inquiries
  • To send service-related notifications and updates

Product Improvement and Development

  • To analyze usage patterns and improve our Services
  • To develop new features and functionality
  • To conduct research on clinical workflows and digital health solutions
  • To train and improve our AI models (only using de-identified data)

Legal and Compliance

  • To comply with applicable laws and regulations, including HIPAA
  • To respond to legal requests and prevent fraud or abuse
  • To enforce our Terms of Service
  • To protect the rights, property, and safety of our users and the public

How We Share Information

With Your Consent

We may share your information when you explicitly authorize us to do so.

Service Providers

We work with trusted third-party service providers who assist us in delivering our Services. These providers may have access to your data only to perform specific tasks on our behalf and are obligated to:

  • Protect the confidentiality and security of your data
  • Use your data only for the purposes we specify
  • Comply with HIPAA requirements through executed Business Associate Agreements

Our service providers include:

  • Cloud infrastructure and hosting providers
  • AI and machine learning service providers
  • Analytics providers (de-identified usage analytics only)
  • Customer support tools

Connected Systems

When you integrate our Services with third-party systems, information may be shared between our Services and those systems as necessary to provide functionality. We do not share your credentials with any third parties.

Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoena, court order, search warrant)
  • Requests from law enforcement or government agencies
  • Protection of our rights, property, or safety, or that of our users or the public

We will make reasonable efforts to notify you of such requests unless prohibited by law.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Services of any change in ownership or use of your information.

De-identified Data

We may share de-identified and aggregated data that cannot reasonably be used to identify you or any individual for:

  • Research purposes
  • Industry benchmarking
  • Product improvement
  • Marketing purposes

Data Retention

Account Information

We retain your account information for as long as your account is active or as needed to provide you Services.

PHI and Clinical Data

We retain clinical documentation and PHI in accordance with:

  • HIPAA requirements (minimum 6 years from creation or last use)
  • State and federal recordkeeping laws
  • Your specific retention preferences (if configured)

Usage and Log Data

Technical and usage logs are retained for up to 2 years for security, troubleshooting, and service improvement purposes.

Deletion Requests

You may request deletion of your data at any time by contacting us at support@rehabilitationhealth.com. We will process deletion requests within 30 days, subject to our legal obligations to retain certain records.

Your Rights

Access and Portability

  • Request a copy of your personal information and PHI
  • Export your data in a portable format
  • Review what information we have collected about you

Correction and Amendment

  • Request corrections to inaccurate information
  • Update your account information at any time

Deletion

  • Request deletion of your account and associated data
  • Exceptions apply where we have legal obligations to retain records

Restriction and Objection

  • Request restrictions on certain uses of your data
  • Object to processing for specific purposes
  • Opt out of marketing communications

HIPAA Rights

If you are a patient whose information is processed through our Services, you have additional rights under HIPAA, including:

  • Right to access your health information
  • Right to request amendments
  • Right to an accounting of disclosures
  • Right to request restrictions on uses and disclosures

To exercise these rights, contact us at support@rehabilitationhealth.com or through your healthcare provider.

Security Measures

We implement comprehensive security measures to protect your data:

Technical Safeguards

  • Encryption for data in transit and at rest
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Intrusion detection and prevention systems

Administrative Safeguards

  • HIPAA-compliant policies and procedures
  • Regular security training for all personnel
  • Business Associate Agreements with all service providers
  • Incident response and breach notification procedures
  • Regular risk assessments

Physical Safeguards

  • Secure data centers with restricted physical access
  • Environmental controls and disaster recovery measures
  • Secure disposal of hardware and media

Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

International Data Transfers

Our Services are provided from the United States. If you access our Services from outside the United States, your information will be transferred to, stored in, and processed in the United States. By using our Services, you consent to this transfer.

Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal information we collect, use, and share
  • Right to delete personal information
  • Right to opt out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at support@rehabilitationhealth.com.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: support@rehabilitationhealth.com
Website: https://rehabilitationhealth.com

For HIPAA-related inquiries or to file a complaint about our privacy practices, you may also contact:

Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated through:

  • Email notification to your registered email address
  • Prominent notice on our website and within our Services
  • Update to the "Last Updated" date at the top of this policy

Your continued use of our Services after such notification constitutes acceptance of the updated Privacy Policy.