Medplum receives the information you provide when you open an account with Medplum, including but not limited to: your name, email address, birth date, location of work, medical degree status, position in institution of employment, area of specialty, medical school or training institution(s), year of graduation, and/or institutional affiliations.
Medplum receives information from third party sources that you have authorized or is already publicly available, such as information from medical databases.
Medplum receives information you choose to transmit to others or information other Medplum users choose to transmit to you through Medplum's Licensed Application, including but not limited to the content contained in text messages transmitted through Medplum's Licensed Application. This provision only applies to non-Protected Health Information ("PHI") transmitted through the Licensed Application. Transmission and retention of PHI is covered by the HIPAA Security Rule.
Medplum receives information whenever you interact with its Licensed Application, including but not limited to when you log on, when you log off, when you access data, add documents, or when you read a message that has been sent to you. For example, when you access Medplum's Licensed Application, the information may be stored in cookies, which are data files stored by your web browser on your computer, and/or web server logs and log files, which are records for when you request to view a webpage. This information helps Medplum recognize you and customize your experience with Medplum's Licensed Application.
Medplum receives information from you whenever you communicate directly with Medplum, such as when you have you have requested customer service support.
How We Use Your Information
Medplum uses the information received from you to do the following:
Received your permission to share the information; and/or Provided you notice about sharing such information, such as by posting this notice. Medplum will provide users with thirty (30) days' notice if it has been sold, acquired, merged, sold some of its assets, or has been involved in some other action affecting Medplum's ownership and control. During this time period, users can exercise their right to terminate their accounts or remove information in their accounts. If users do not terminate their accounts or remove information in their accounts during this time period, the information received may be transferred to the third party involved in the sale, acquisition, merger, or change of ownership action.
How You Can Control Your Information
You have a right to access, modify, or update information or delete non-required information that Medplum has received about you after you open an account with Medplum and become a user. Required information is information Medplum needs to open an account for you with its Licensed Application.
You can opt out of any feature that sends you notifications regarding commercial, educational, or financial opportunities relating to your account and/or communications.
If you want to stop using your account, you can terminate it by contacting Medplum at firstname.lastname@example.org.
How We Secure Your Information
To access your account and information through Medplum's Licensed Application, you must have a unique email and password. You are responsible for keeping your login password secure and confidential and not permitting others to use your login credentials to access your account. Please log out of your account when you are not using it. After a period of inactivity, your account will automatically log off.
Medplum follows a wide range of industry standard security best practices to protect your data from loss, corruption, or unauthorized access.
Medplum relies on third party services for some elements of its system infrastructure. We carefully vet the services we use and require the ones that handle customer data to satisfy legal standards and to follow industry standard security, compliance and auditing practices (for an example, please see Amazon Web Services Security and Compliance information). Regardless of the level of trust we place in a thirdparty service, we always encrypt the most sensitive data, including customer messages.
If you believe that your account security has been compromised for any reason, please contact email@example.com.
Protected Health Information
Medplum secures PHI that is subject to HIPAA and that is transmitted through its Licensed Application in compliance with HIPAA Security and Privacy Regulations, the HITECH Act, and applicable state regulations. The HIPAA Security Rule addresses security of PHI.
Medplum is intended for individuals who are licensed physicians or health care professionals in good standing or verified medical students in the United States who are 18 years of age or older.
Last Updated: 2022-04-05