Skip to main content

Privacy Policy

Welcome to Medplum! Physicians and healthcare professionals who wish to use Medplum's software and services ("Licensed Application") are required to register for the service and provide certain registration information to Medplum. Accordingly, we have developed this Privacy Policy to describe our policies and procedures with respect to such information, as well as additional information that you provide to Medplum from time to time. This Privacy Policy applies only to registration data that is provided by the physicians who register for and use the Licensed Application. It does not apply to the content of the data and files that are transmitted through the Licensed Application. The security of the messages that are transmitted through our Licensed Application is governed by the HIPAA Security Rule.

When you open an account with Medplum and provide information to Medplum, you are voluntarily accepting the terms and conditions of the Terms Of Service, the HIPAA Addendum, this Privacy Policy, and any other agreement or policy incorporated by reference.

Information Received

Medplum receives the information you provide when you open an account with Medplum, including but not limited to: your name, email address, birth date, location of work, medical degree status, position in institution of employment, area of specialty, medical school or training institution(s), year of graduation, and/or institutional affiliations.

Medplum receives information from third party sources that you have authorized or is already publicly available, such as information from medical databases.

Medplum receives information you choose to transmit to others or information other Medplum users choose to transmit to you through Medplum's Licensed Application, including but not limited to the content contained in text messages transmitted through Medplum's Licensed Application. This provision only applies to non-Protected Health Information ("PHI") transmitted through the Licensed Application. Transmission and retention of PHI is covered by the HIPAA Security Rule.

Medplum receives information whenever you interact with its Licensed Application, including but not limited to when you log on, when you log off, when you access data, add documents, or when you read a message that has been sent to you. For example, when you access Medplum's Licensed Application, the information may be stored in cookies, which are data files stored by your web browser on your computer, and/or web server logs and log files, which are records for when you request to view a webpage. This information helps Medplum recognize you and customize your experience with Medplum's Licensed Application.

Medplum receives information from you whenever you communicate directly with Medplum, such as when you have you have requested customer service support.

How We Use Your Information

Medplum uses the information received from you to do the following:

Update, improve, expand, and customize the services provided by our Licensed Application to you; Improve our efforts to keep the Licensed Application and the information transmitted safe and secure; Use data that does not contain personally identifying information for research; Disclose any information required to do so by law, or where Medplum has a good faith belief that such disclosure is reasonably necessary to: (a) comply with mandatory legal processes, including but not limited to, subpoenas and court orders; (b) protect the rights, property, or personal safety of Medplum or our users; and/or enforce the terms and conditions of the Terms Of Service Agreement, the HIPAA Addendum, this Privacy Policy, and any other agreement or policy incorporated by reference.

Except as otherwise disclosed in this Privacy Policy, while you have permitted Medplum to use the information received, Medplum will not share information received from you with third parties unless Medplum has:

Received your permission to share the information; and/or Provided you notice about sharing such information, such as by posting this notice. Medplum will provide users with thirty (30) days' notice if it has been sold, acquired, merged, sold some of its assets, or has been involved in some other action affecting Medplum's ownership and control. During this time period, users can exercise their right to terminate their accounts or remove information in their accounts. If users do not terminate their accounts or remove information in their accounts during this time period, the information received may be transferred to the third party involved in the sale, acquisition, merger, or change of ownership action.

How You Can Control Your Information

You have a right to access, modify, or update information or delete non-required information that Medplum has received about you after you open an account with Medplum and become a user. Required information is information Medplum needs to open an account for you with its Licensed Application.

You can opt out of any feature that sends you notifications regarding commercial, educational, or financial opportunities relating to your account and/or communications.

If you want to stop using your account, you can terminate it by contacting Medplum at

How We Secure Your Information

To access your account and information through Medplum's Licensed Application, you must have a unique email and password. You are responsible for keeping your login password secure and confidential and not permitting others to use your login credentials to access your account. Please log out of your account when you are not using it. After a period of inactivity, your account will automatically log off.

Medplum follows a wide range of industry standard security best practices to protect your data from loss, corruption, or unauthorized access.

Medplum relies on third party services for some elements of its system infrastructure. We carefully vet the services we use and require the ones that handle customer data to satisfy legal standards and to follow industry standard security, compliance and auditing practices (for an example, please see Amazon Web Services Security and Compliance information). Regardless of the level of trust we place in a thirdparty service, we always encrypt the most sensitive data, including customer messages.

If you believe that your account security has been compromised for any reason, please contact

Protected Health Information

Medplum secures PHI that is subject to HIPAA and that is transmitted through its Licensed Application in compliance with HIPAA Security and Privacy Regulations, the HITECH Act, and applicable state regulations. The HIPAA Security Rule addresses security of PHI.

Changes to our Privacy Policy

From time to time, Medplum may make changes to this Privacy Policy or other applicable agreements and policies. These changes will be posted at and you will be notified through your mobile device and/or the email address you provide to Medplum. If you continue to use Medplum's Licensed Application and services, you agree to be bound by the terms and conditions of the revised Privacy Policy, or any other applicable agreements and policies.


Medplum is intended for individuals who are licensed physicians or health care professionals in good standing or verified medical students in the United States who are 18 years of age or older.

Last Updated: 2022-04-05