Legal
Privacy Policy
Effective Date: March 26, 2026
Last Updated: March 26, 2026
ClinicTitan, Inc. ("ClinicTitan," "Company," "we," "us," or "our") is committed to protecting the privacy and security of all personal and health-related information entrusted to our platform. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you visit our website at clinictitan.com (the "Website"), use the ClinicTitan platform (the "Platform"), or interact with our services in any way.
ClinicTitan operates as a multi-tenant telehealth infrastructure platform. We provide technology services to telehealth operators ("Tenant Operators" or "Tenants") who use our Platform to deliver healthcare services to their patients and customers ("End Users" or "Patients"). This Privacy Policy applies to all users, including Website visitors, prospective clients, Tenant Operators, healthcare providers, and Patients.
If you are a Patient receiving healthcare services through a Tenant Operator's practice powered by ClinicTitan, please also review the Tenant Operator's own privacy policy. The Tenant Operator is the primary controller of your healthcare data and directs how ClinicTitan processes your protected health information (PHI) under a Business Associate Agreement (BAA).
1. Definitions
Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in any form, as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual or household, as defined under the California Consumer Privacy Act (Cal. Civ. Code § 1798.140(v)) and other applicable state privacy laws.
Sensitive Personal Information: A subset of Personal Information that includes government-issued identification numbers, account login credentials, precise geolocation, racial or ethnic origin, health information, biometric data processed for identification purposes, and other categories defined under the CPRA (Cal. Civ. Code § 1798.140(ae)) and comparable state privacy laws.
Biometric Data: Data generated from the measurement or technological processing of an individual's biological characteristics, including facial geometry, used to identify an individual. ClinicTitan may process Biometric Data in connection with identity verification services (see Section 2.4).
Tenant Operator: A business entity that has entered into a service agreement with ClinicTitan to use the Platform for operating a telehealth practice. Tenant Operators that handle protected health information are responsible for determining their own status as Covered Entities or Business Associates under HIPAA.
End User / Patient: An individual who accesses healthcare services through a Tenant Operator's practice on the Platform.
Business Associate Agreement (BAA): A contract between ClinicTitan and a Tenant Operator (or between ClinicTitan and a subcontractor) that establishes the permitted uses and disclosures of PHI, as required under 45 CFR § 164.502(e) and § 164.504(e).
2. Information We Collect
2.1 Information You Provide Directly
Website Visitors and Prospective Clients:
Contact information: name, email address, phone number, company name
Information submitted through contact forms or demo requests
Communications you send to us via email or other channels
Tenant Operators:
Business registration information and business contact details
Account credentials (email, hashed password)
Billing and payment information (processed by our payment processor; we do not store full card numbers)
Configuration preferences and platform settings
Communications with our team
Patients (processed on behalf of Tenant Operators):
Identity information: full name, date of birth, gender, email address, phone number, mailing address
Government-issued identification (photo upload for identity verification --- see Section 2.4 regarding biometric data)
Medical information: medical history, current medications, diagnoses, therapy history, behavioral assessments, symptoms
Intake questionnaire responses (specific to each Tenant Operator's practice)
Consultation records: physician evaluations, treatment recommendations, clinical notes
Prescription information: medication name, strength, form, quantity, directions, refills
Payment information: payment method (tokenized --- we never store full card numbers; only the last four digits and a payment token are retained), billing address, transaction history
Shipping address (for pharmacy fulfillment)
Communications: messages exchanged with healthcare providers through the Platform
Consent records: acknowledgment of HIPAA notice, telehealth consent, treatment consent, privacy policy acceptance, terms of service acceptance, communication preferences
2.2 Information Collected Automatically
When you use the Website or Platform, we automatically collect:
Log data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access
Device information: device type, screen resolution, language preferences
Usage analytics: features used, navigation patterns, session duration, interaction events
Cookies and similar technologies: See our Cookie Policy for details on the specific cookies we use, their purposes, retention periods, and how to manage your preferences
Tracking Technologies in Use: ClinicTitan and Tenant Operators may use the following categories of tracking technologies: analytics services (such as Google Analytics), CRM and marketing automation tools (such as HubSpot), session analysis tools, bot protection services (such as Google reCAPTCHA Enterprise, which collects behavioral signals for risk scoring), and advertising tracking (such as Meta Pixel, Google Ads, LinkedIn Insight Tag). Advertising tracking technologies are disabled by default and activated only with explicit user consent. Advertising tracking technologies are never activated on pages related to medical intake, consultations, prescriptions, or patient care, regardless of consent preferences.
Important: We do not include PHI in analytics data. Patient usage analytics are limited to anonymous event identifiers and workflow step numbers --- no medical data, intake answers, or prescription information is included in analytics or tracking systems.
2.3 Information from Third Parties
We may receive information from:
Healthcare provider networks (e.g., designated provider networks): physician consultation outcomes, prescription decisions, clinical recommendations
Pharmacy partners (e.g., licensed compounding pharmacies): order status updates, shipping and tracking information, fulfillment confirmations
Payment processors (e.g., PCI-certified processors): transaction confirmations, payment status, fraud screening results
Identity verification services: verification results for patient identity confirmation
2.4 Biometric Data
In connection with identity verification services, the Platform may collect and process biometric data, including facial geometry derived from photographs of your face and government-issued identification. This biometric data is used solely for the purpose of verifying your identity as required by your Tenant Operator's clinical protocols.
Collection and use: Facial geometry data is extracted from photographs you upload and compared against your government-issued identification photograph to confirm identity. This processing is performed by ClinicTitan or its identity verification subcontractors on behalf of the Tenant Operator.
Retention and destruction: Biometric data used for identity verification is retained only for the duration necessary to complete the verification process and maintain a verification record, after which the raw biometric data (facial geometry measurements) is destroyed. Verification results (verified/not verified) and the associated photographs are retained as part of the medical record in accordance with the retention periods set forth in Section 6.
Consent: By uploading a photograph for identity verification, you consent to the collection and processing of your biometric data for this purpose. If you are located in Illinois, Texas, Washington, or another state with biometric privacy laws, this disclosure serves as notice under those laws, including the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), and the Washington Biometric Privacy Law (RCW 19.375). You may decline biometric identity verification; however, doing so may prevent you from accessing certain healthcare services through the Platform.
No sale or commercial use: ClinicTitan does not sell, lease, trade, or otherwise profit from biometric data. Biometric data is never used for marketing, advertising, or any purpose unrelated to identity verification.
2.5 SMS and Text Message Communications
The Platform may send SMS text messages and other electronic messages to you for the following purposes:
Transactional messages: Appointment reminders, prescription status updates, shipping notifications, order confirmations, account security alerts (e.g., multi-factor authentication codes), and other messages directly related to your use of the Services.
Healthcare-related messages: Refill reminders, follow-up care notifications, and other communications related to your treatment as directed by your Tenant Operator.
Consent under the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227: By providing your mobile phone number and opting in to receive text messages through the Platform, you expressly consent to receive autodialed and/or prerecorded text messages at the phone number you provide. This consent is not a condition of purchasing any goods or services. Message and data rates may apply. Message frequency varies based on your healthcare activity and the Tenant Operator's communication settings.
Opt-out: You may opt out of non-essential text messages at any time by replying STOP to any message or by adjusting your communication preferences in your account settings. Opting out of transactional messages related to active healthcare services (such as prescription status or security alerts) may require account deactivation. Opt-out requests are processed within a reasonable time, not to exceed ten (10) business days.
Help: Reply HELP to any message for assistance or contact us at support@clinictitan.com.
3. How We Use Information
3.1 Website Visitors and Prospective Clients
We use your information to:
Respond to inquiries and provide requested information about our services
Send communications about our products, services, and industry updates (with your consent)
Analyze Website usage to improve our content and user experience
Detect and prevent fraud or abuse
Comply with legal obligations
3.2 Tenant Operators
We use your information to:
Provide, maintain, and improve the Platform
Process payments and manage billing
Communicate about your account, service updates, and technical issues
Provide technical support
Enforce our Terms of Service and Acceptable Use Policy
Comply with legal and regulatory obligations
3.3 Patients (Processed on Behalf of Tenant Operators)
Patient data is processed by ClinicTitan as a Business Associate under HIPAA, acting on behalf of and under the direction of the Tenant Operator. We process Patient information to:
Facilitate the delivery of telehealth services, including patient intake, provider consultations, and care coordination
Process prescriptions and coordinate pharmacy fulfillment
Process payments and manage subscriptions
Send transactional communications (appointment confirmations, order status, shipping notifications, payment receipts)
Maintain audit logs as required by HIPAA
Ensure platform security and integrity
Comply with applicable healthcare regulations
We do not use Patient PHI for marketing, advertising, or any purpose unrelated to the delivery of healthcare services, except as permitted or required by law or as authorized by the Patient.
4. How We Share Information
4.1 With Tenant Operators
Patient information is accessible to the Tenant Operator responsible for the Patient's care, including authorized providers and staff, in accordance with the Tenant Operator's privacy practices and applicable law.
4.2 With Service Providers and Subcontractors
We share information with third-party service providers who assist in operating the Platform, subject to appropriate contractual protections and, where PHI is involved, Business Associate Agreements:
Service Provider Category Purpose Data Shared
Healthcare provider networks Physician consultations, e-prescribing Patient demographics, medical history, intake responses
Pharmacy fulfillment Prescription dispensing and shipping Patient demographics, prescription details, shipping address, prescriber information
Payment processing Payment authorization and recurring billing Tokenized payment credentials, transaction amounts, billing address
Cloud infrastructure (AWS) Hosting, storage, compute, email delivery All Platform data (encrypted at rest and in transit)
Database services Data storage All Platform data (encrypted, per-tenant isolated infrastructure)
CRM and marketing automation (HubSpot) Tenant Operator business communications, lifecycle tracking Non-PHI only: name, email, lifecycle stage, plan type. No medical data.
Analytics (Google Analytics) Website usage analysis Non-PHI only: anonymized usage data, no personally identifiable health information
4.3 As Required by Law
We may disclose information when required to do so by law, regulation, legal process, or governmental request, including:
Compliance with court orders, subpoenas, or other legal process
Response to lawful requests by public authorities, including law enforcement
HIPAA-permitted disclosures for public health activities, health oversight, judicial proceedings, law enforcement, or to avert a serious threat to health or safety
4.4 Business Transfers
In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users of any change in ownership or control of their information.
4.5 With Your Consent
We may share your information for other purposes with your explicit consent.
4.6 We Do Not Sell or Share Personal Information
ClinicTitan does not sell personal information or PHI to third parties, as "sell" is defined under the CCPA (Cal. Civ. Code § 1798.140(ad)), the VCDPA, the CPA, or any other applicable state privacy law. We do not share personal information for cross-context behavioral advertising as defined under the CPRA (Cal. Civ. Code § 1798.140(ah)). We have not sold or shared personal information in the preceding twelve (12) months. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
5. Data Security
We implement technical, administrative, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction, consistent with HIPAA Security Rule requirements:
Technical Safeguards:
Encryption at rest for all stored data (AES-256 or equivalent)
Encryption in transit (TLS 1.2 or higher) for all data transmissions
Per-tenant database isolation (each Tenant Operator's data is stored in a completely separate database --- not row-level separation)
Per-tenant file storage isolation (separate encrypted storage buckets per Tenant)
Role-based access controls (RBAC) enforcing least-privilege access
Multi-factor authentication (MFA) mandatory for all staff accounts
Session management with short-lived tokens (short-lived session tokens with automatic rotation)
Automated vulnerability scanning and dependency monitoring
Administrative Safeguards:
Comprehensive audit logging of all PHI access (user, action, resource, IP address, user agent, timestamp)
Audit log retention for a minimum of six (6) years as required by HIPAA
Workforce training on privacy and security policies
Incident response procedures for security events and breaches
Regular risk assessments
Business Associate Agreements with all subcontractors who access PHI
Physical Safeguards:
Data hosted in SOC 2 Type II and HIPAA-eligible data centers (AWS)
Physical access controls managed by our infrastructure provider
Payment Security:
Credit card data is tokenized client-side and never touches ClinicTitan servers
Payment processing is PCI DSS compliant through our payment processor
Only tokenized payment references and last four digits are stored
No PHI is included in:
Client-side browser storage (only anonymous workflow identifiers)
URLs or query parameters
Error messages or responses
Analytics or tracking data
Log files (PHI is automatically redacted from application logs)
6. Data Retention
Data Type Retention Period Basis
PHI and medical records Minimum 6 years from date of creation or last effective date, or longer as required by applicable state law HIPAA (45 CFR § 164.530(j)); state medical records retention laws
Audit logs Minimum 6 years HIPAA (45 CFR § 164.530(j))
Biometric data (facial geometry) Duration of verification process; verification results retained with medical record per PHI retention schedule Identity verification purpose limitation; BIPA (740 ILCS 14/15(a))
Payment records 7 years IRS requirements; PCI DSS
Consent records Duration of the treatment relationship plus 6 years HIPAA
Account information (Tenant Operators) Duration of the service relationship plus 3 years Contractual; legal compliance
Website visitor data 26 months Analytics retention policies
Marketing communications data Until opt-out or account deletion Consent-based
Upon termination of a Tenant Operator's service agreement, ClinicTitan will retain Tenant data for the period required by applicable law and regulation, after which data will be securely destroyed in accordance with HIPAA requirements.
7. Your Rights
7.1 All Users
Depending on your jurisdiction, you may have the right to:
Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate personal information
Deletion: Request deletion of your personal information, subject to legal retention requirements
Portability: Request your personal information in a structured, machine-readable format
Opt-out of marketing: Unsubscribe from marketing communications at any time using the link in any marketing email or by contacting us
Withdraw consent: Where processing is based on consent, withdraw that consent at any time
7.2 Patients --- HIPAA Rights
If you are a Patient whose PHI is processed through the Platform, you have rights under HIPAA including the right to:
Access and obtain a copy of your PHI
Request amendment of your PHI
Receive an accounting of disclosures of your PHI
Request restrictions on uses and disclosures of your PHI
Request confidential communications
Receive notice of a breach of your unsecured PHI
File a complaint
To exercise your HIPAA rights, contact your Tenant Operator (the healthcare practice providing your care) directly. The Tenant Operator is the Covered Entity responsible for responding to your HIPAA rights requests. ClinicTitan will assist the Tenant Operator in fulfilling these requests as required under our Business Associate Agreement.
For more information, see our HIPAA Business Associate Privacy Statement.
7.3 California Residents --- CCPA/CPRA Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share personal information.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell personal information or share it for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: You may request that we limit our use and disclosure of your sensitive personal information to uses necessary to perform the Services.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Categories of Personal Information Collected and Disclosed: The following table summarizes the categories of personal information ClinicTitan has collected in the preceding twelve (12) months, the sources, the business purposes, and the categories of third parties to whom information was disclosed for a business purpose:
Category Examples Sources Business Purpose Third Parties
Identifiers Name, email, phone, IP address You; Tenant Operators; automatic collection Provide Services; communicate; security Service providers; Tenant Operators
Commercial Information Transaction history, payment records You; payment processors Process payments; billing Payment processors
Internet/Electronic Activity Browsing history, search history, usage data Automatic collection Improve Services; analytics; security Analytics providers
Geolocation Data IP-based approximate location Automatic collection Security; compliance None
Biometric Information Facial geometry (identity verification only) You (photo uploads) Identity verification Identity verification subcontractors
Sensitive Personal Information Government ID numbers, health information, account credentials You; Tenant Operators; healthcare providers Provide healthcare Services; identity verification; account security Service providers under BAA
Professional/Employment Information Provider NPI, license numbers Tenant Operators Credentialing; compliance Healthcare provider networks
We do not "sell" personal information as defined by the CCPA. We do not "share" personal information for cross-context behavioral advertising. Accordingly, we do not offer an opt-out of sale or sharing because no sale or sharing occurs.
Retention: See Section 6 (Data Retention) for specific retention periods by data category.
Financial Incentives: We do not offer financial incentives for the collection or retention of personal information.
Note: PHI that is collected and used in compliance with HIPAA is exempt from the CCPA (Cal. Civ. Code § 1798.145(c)(1)(A)). This exemption applies to Patient medical information processed by ClinicTitan on behalf of Tenant Operators. Clinical trial data and information collected pursuant to other HIPAA exemptions are similarly excluded.
Authorized Agent: You may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly.
To submit a verifiable consumer request, contact us at support@clinictitan.com or use the contact information in Section 12. We will verify your identity before fulfilling any request by matching the information you provide against information we have on file. We will respond within forty-five (45) days of receiving a verifiable request. If additional time is needed, we will inform you of the reason and the extension period (up to an additional forty-five days). You may make a verifiable consumer request up to two (2) times within a twelve (12) month period.
7.4 Residents of Virginia, Colorado, Connecticut, and Other States with Comprehensive Privacy Laws
If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Indiana, Maryland, Minnesota, Kentucky, or another state with a comprehensive consumer privacy law, you may have the following rights, subject to applicable exemptions:
Right to Access: Confirm whether we are processing your personal data and obtain a copy of that data.
Right to Delete: Request deletion of personal data you have provided to us or that we have obtained about you.
Right to Correct: Request correction of inaccurate personal data.
Right to Data Portability: Obtain a copy of your personal data in a portable, readily usable format.
Right to Opt Out of Targeted Advertising: Opt out of the processing of your personal data for purposes of targeted advertising. ClinicTitan does not currently process personal data for targeted advertising.
Right to Opt Out of Sale: Opt out of the sale of your personal data. ClinicTitan does not sell personal data.
Right to Opt Out of Profiling: Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
Exemptions: As with the CCPA, PHI governed by HIPAA is generally exempt from these state privacy laws. Specific exemptions vary by state.
Appeals: If we deny your privacy rights request, you may appeal our decision by contacting us at support@clinictitan.com with the subject line "Privacy Rights Appeal." We will respond to your appeal within the timeframe required by applicable law (typically sixty days). If your appeal is denied, you may contact your state's attorney general.
To exercise any of these rights, contact us at support@clinictitan.com.
8. Children's Privacy
ClinicTitan does not knowingly collect personal information directly from children under the age of 13 as defined by the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501--6506 and 16 CFR Part 312. The Platform is not directed to children, and ClinicTitan does not permit minors to create accounts, submit information, or interact with the Platform directly.
Pediatric Healthcare Services: Certain Tenant Operators use the Platform to provide healthcare services specifically for minors, including children under 13 (for example, pediatric autism telehealth services). In all such cases:
The minor's parent or legal guardian --- not the minor --- creates the account, provides consent, submits all information, and interacts with the Platform on behalf of the minor.
ClinicTitan collects information about the minor (such as name, date of birth, and medical history) exclusively from the parent or legal guardian who is the authorized Platform user.
All information about minors is processed by ClinicTitan as a Business Associate under the Tenant Operator's direction, pursuant to a Business Associate Agreement, and is treated as PHI subject to HIPAA protections.
ClinicTitan does not use information about minors for any commercial purpose unrelated to the delivery of healthcare services. No information about minors is used for marketing, advertising, or behavioral profiling.
The Tenant Operator, as the Covered Entity, is responsible for obtaining verifiable parental consent as required by COPPA (16 CFR § 312.5) and applicable state laws regarding minors' health information, including any heightened protections for adolescent health data.
Parents and legal guardians may review, request deletion of, or refuse further collection of their child's personal information by contacting the Tenant Operator directly or by contacting ClinicTitan at support@clinictitan.com.
This parent-as-user model is consistent with COPPA's parental consent framework. Because the parent or legal guardian is the Platform user and all information about the minor is collected from the parent, ClinicTitan's collection of minor information occurs through the parent rather than from the child directly.
Additional Protections for Minors Ages 13--17: Some state laws (including the CCPA as applied to minors under 16) impose additional requirements for the personal information of minors between 13 and 17. ClinicTitan does not sell or share the personal information of any user, including minors. Tenant Operators serving minor patients in states with such laws are responsible for ensuring compliance with age-specific consent and opt-in requirements.
If you believe we have inadvertently collected personal information from a child under 13 without appropriate parental consent, please contact us immediately at support@clinictitan.com. Upon verification, we will promptly delete such information.
9. International Data Transfers
ClinicTitan's Platform and data are hosted in the United States. If you access our Website or Platform from outside the United States, your information will be transferred to and processed in the United States.
By using our Website or Platform, you consent to the transfer of your information to the United States. We take appropriate measures to ensure that your information receives an adequate level of protection in accordance with applicable data protection laws.
9a. Do Not Track and Global Privacy Control
ClinicTitan recognizes and honors Global Privacy Control (GPC) signals on its Website and recommends that Tenant Operators do the same. When a browser sends a GPC signal, advertising cookies are automatically denied and analytics tracking is limited to essential, anonymized metrics. ClinicTitan treats GPC signals as a valid opt-out of the sale or sharing of personal information as required by the California Consumer Privacy Act (CCPA) and the Colorado Privacy Act (CPA).
Regarding legacy "Do Not Track" (DNT) browser signals: there is no universally accepted standard for DNT. ClinicTitan responds to GPC signals (the successor to DNT) as described above.
10. Third-Party Links and Services
Our Website and Platform may contain links to third-party websites or services that are not operated by ClinicTitan. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access.
10a. AI-Powered Services
The ClinicTitan Website may include an AI-powered chat assistant designed to answer general questions about our services. The chat assistant is NOT a medical professional and does not provide medical advice, diagnosis, or treatment recommendations.
How it works: Messages are processed by Amazon Web Services (AWS) Bedrock, a cloud-based AI service. Before messages reach the AI model, our system automatically strips personal identifiers including Social Security numbers, phone numbers, email addresses, dates of birth, and medical record numbers. The AI generates responses based on a knowledge base of published service information.
Data handling:
Chat conversations are temporarily stored for up to 24 hours to maintain conversation context, then automatically deleted
AWS Bedrock does not use conversations to train AI models (per AWS Bedrock terms of service)
No chat data is shared with third parties beyond AWS
AI services are covered under ClinicTitan's AWS Business Associate Agreement
Your choices: Use of the chat assistant is entirely voluntary. Contact us at support@clinictitan.com for alternatives.
10b. Email Communications
ClinicTitan and its Tenant Operators send two types of email:
Transactional emails related to accounts, appointments, orders, and security. These are necessary for service operation and cannot be opted out of while an account is active.
Marketing emails with health information, service updates, and educational content. Recipients may opt out at any time by clicking the "unsubscribe" link in any marketing email or by contacting us.
All marketing emails include a physical mailing address and an unsubscribe mechanism as required by the CAN-SPAM Act.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:
Posting the updated policy on our Website with a revised "Last Updated" date
Sending notice to Tenant Operators via email or through the Platform
For changes affecting Patient data processing, coordinating with Tenant Operators to provide appropriate notice
Your continued use of the Website or Platform after the effective date of any changes constitutes acceptance of the updated Privacy Policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:
ClinicTitan, Inc.
Privacy Inquiries
12900 Metcalf Avenue, Suite 140
Overland Park, KS 66213
Email: support@clinictitan.com
Website: clinictitan.com/contact
For HIPAA-related concerns:
HIPAA Privacy Officer
Email: support@clinictitan.com
For CCPA/CPRA verifiable consumer requests:
Email: support@clinictitan.com
You may also submit requests through our website at clinictitan.com/contact.
To file a complaint with the federal government regarding health information privacy:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Website: hhs.gov/ocr/complaints
Phone: 1-877-696-6775
To file a complaint with the California Privacy Protection Agency:
California Privacy Protection Agency
Website: cppa.ca.gov
Email: info@cppa.ca.gov