1. Overview
Medora provides a Healthcare Operating System for emergency departments, freestanding emergency rooms, urgent care centers, clinics, and hybrid healthcare organizations. We are committed to protecting the privacy and security of the information entrusted to us by our customers, their workforce members, and their patients.
This policy applies to our public website and marketing activities. Our handling of protected health information (PHI) on behalf of healthcare provider customers is additionally governed by our Business Associate Agreements (BAAs) and applicable law.
2. HIPAA and Protected Health Information (PHI)
When Medora processes PHI on behalf of a covered entity or another business associate, Medora acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH Act. In that role we:
- Use and disclose PHI only as permitted by the applicable BAA and law;
- Implement administrative, physical, and technical safeguards to protect PHI;
- Restrict access to PHI to authorized personnel on a least-privilege basis;
- Maintain audit logs of access to and activity involving PHI;
- Report security incidents and breaches as required by the BAA and law.
Patients seeking to exercise rights over their health records should contact the healthcare provider (our customer) responsible for their care, as that provider is the covered entity and record custodian.
3. Information We Collect
Through our website and account systems we may collect:
- Contact and business information — name, work email, phone number, organization, and role, submitted through demo, contact, or sales forms.
- Account information — credentials, authentication factors, and workspace/role assignments for authorized users.
- Usage and device data — IP address, browser type, pages viewed, and diagnostic logs collected through cookies and similar technologies.
- Communications — records of your correspondence with our sales, support, and security teams.
4. How We Use Information
- Provide, operate, secure, and improve the Medora platform and website;
- Respond to inquiries, demo requests, and support tickets;
- Authenticate users and manage access to facility workspaces;
- Monitor for fraud, abuse, and security threats;
- Comply with legal, regulatory, and contractual obligations.
5. Cookies and Analytics
We use essential cookies to operate the site and secure authenticated sessions, and privacy-respecting analytics to understand aggregate usage and improve performance. You can control non-essential cookies through your browser settings. See our Cookie Policy for details.
6. User Accounts
Account holders are responsible for maintaining the confidentiality of their credentials and for all activity under their accounts. Notify us immediately at security@medoras.com if you suspect unauthorized access.
7. Security
We maintain administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, role-based access controls, audit logging, and continuous monitoring. Learn more on our Security page. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Data Retention
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce agreements. PHI is retained and disposed of in accordance with the applicable BAA and our customers' instructions and legal requirements.
9. Third-Party Services
We rely on vetted subprocessors and infrastructure providers (for example, cloud hosting, email delivery, and analytics) to deliver our services. These providers are bound by contractual obligations, including BAAs where they may process PHI, and are permitted to use information only to perform services on our behalf.
10. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the processing of your personal information. To exercise these rights, contact us using the details below. Requests concerning patient health records should be directed to the relevant healthcare provider.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, through additional notice.
12. Contact Us
Medora Health, Inc.
Privacy inquiries: privacy@medoras.com
Security inquiries: security@medoras.com
Phone: 469-423-7858
Website: https://medoras.com
