Skip to content
ProDocNotes
Back to site Sign in

HIPAA Notice

Notice of Privacy Practices

A plain-language summary of how health information may be used, disclosed, and safeguarded when ProDocNotes processes PHI for healthcare customers.

Structured with HIPAA privacy-rule concepts in mind. Last updated: May 16, 2026.

Terms of Use Privacy Policy Notice of Privacy Practices Business Associate Agreement

Need a signed BAA or have a privacy question? Contact [email protected] or [email protected].

On this page

  1. Scope and role
  2. Permitted uses and disclosures
  3. Uses requiring authorization
  4. Individual rights
  5. Our duties
  6. Complaints and contact

Section 01

Scope and role

This notice explains how ProDocNotes handles protected health information when we provide hosted documentation services to healthcare customers. In most cases, those customers are the covered entities and ProDocNotes acts as their business associate.

Because the covered entity controls the clinical relationship, patients should also review the privacy notice issued directly by their provider or health plan. That notice remains the primary HIPAA notice for treatment, payment, and healthcare operations decisions.

This page is meant to help users, patients, and customer teams understand the platform's privacy posture. It supplements, but does not replace, the notice delivered by the relevant provider or health plan.

Section 02

Permitted uses and disclosures

PHI processed in ProDocNotes may be used or disclosed as permitted by law and customer instructions, including:

  • Treatment: to help authorised clinicians document, review, and coordinate patient care.
  • Payment: where customers use the Service to support billing, coding, or reimbursement workflows.
  • Healthcare operations: such as quality review, auditing, compliance monitoring, and administrative support.
  • Security and platform integrity: including access monitoring, incident investigation, backup, and recovery activities.
  • Legal or regulatory compliance: where disclosure is required by law, subpoena, court order, or other lawful process.

We apply role-based access controls and minimum-necessary practices to help limit access to PHI based on operational need.

Section 03

Uses that typically require authorization

If a use or disclosure is not otherwise permitted by HIPAA, customer instruction, or applicable law, an authorization or other valid legal basis may be required before PHI is used or disclosed.

Examples may include:

  • customer-requested disclosures outside ordinary treatment, payment, or operations;
  • certain marketing-related uses of PHI;
  • sharing information with third parties for purposes not covered by the applicable agreement or law.

ProDocNotes does not independently decide to use PHI for unrelated commercial purposes.

Section 04

Individual rights

HIPAA gives individuals important rights regarding their PHI. In most cases, those rights are exercised through the healthcare provider or plan that controls the designated record set. Those rights may include:

  • the right to request access to PHI;
  • the right to request amendment of incomplete or inaccurate PHI;
  • the right to request an accounting of certain disclosures;
  • the right to request restrictions on certain uses or disclosures;
  • the right to request confidential communications by alternative means or at alternative locations;
  • the right to receive a copy of the relevant notice of privacy practices;
  • the right to complain without retaliation.

If you are a patient and your information appears in ProDocNotes, contact your provider or health plan first. We will support that organisation in responding to valid requests as required by our agreements and applicable law.

Section 05

Our duties

When acting as a business associate, ProDocNotes is expected to:

  • safeguard PHI using appropriate administrative, technical, and physical controls;
  • use or disclose PHI only as permitted by the BAA, customer instructions, or law;
  • help customers meet certain HIPAA obligations where our assistance is required under contract;
  • report security incidents or breaches in accordance with the applicable agreement and legal requirements;
  • flow appropriate privacy and security obligations down to relevant subcontractors.

Additional detail is summarized on our Business Associate Agreement page.

Section 06

Complaints and contact

Questions or complaints about privacy practices may be sent to [email protected]. Security concerns should be reported to [email protected].

Individuals may also have the right to file a complaint with the relevant healthcare provider, health plan, or the U.S. Department of Health and Human Services Office for Civil Rights, depending on the nature of the issue.

© 2026 ProDocNotes. All rights reserved.  ·  Terms of Use  ·  Privacy Policy  ·  Notice of Privacy Practices  ·  Business Associate Agreement