Privacy Policy

Last Updated June 4, 2025.

1. Introduction

LinkMD (“LinkMD”, “we”, “us”, or “our”) is committed to protecting the privacy, security, and confidentiality of health-related and other sensitive information we process. This Privacy Policy explains how we collect, use, share, protect, and retain information, including Protected Health Information (PHI), Personal Data, and Operational Data, in compliance with applicable laws and regulations, including but not limited to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), GDPR (where applicable), and other privacy standards.

LinkMD operates as a Business Associate under HIPAA, providing claim processing, AI-driven analytics, and operational solutions to healthcare providers and related entities.
Our platform is not patient-facing, and we do not collect information directly from patients.

2. Scope

This Privacy Policy applies to:

Information processed by LinkMD through its technology platform (on behalf of healthcare partners and business associates).
Information collected from users visiting our websites, using our services, or interacting with us online.

Two Distinct Contexts Apply:

Business Clients: Covered Entities and Business Associates sharing PHI and operational data.
Website Visitors: Individuals visiting our website, where limited Personal Information and Usage Data may be collected via cookies and tracking technologies.

3. Information We Collect and Process

We collect and process the following types of information:

a. Protected Health Information (PHI)

Medical records, diagnoses, procedure codes, patient demographics (e.g., date of birth, gender), and insurance details necessary for claim processing and service delivery.

b. Personally Identifiable Information (PII)

Limited PII (e.g., name, business email) for client representatives, vendors, and partners for communication and operational purposes.

c. De-Identified and Aggregated Data

We may de-identify PHI according to HIPAA standards and use aggregated datasets for service improvements, analytics, AI model training, benchmarking, or research.

d. Operational and Technical Data

IP addresses, browser type, device identifiers, access logs, diagnostic data, and usage patterns.

e. Usage Data from Website Visitors

Data collected through cookies, pixels, analytics services (e.g., Google Analytics), including browsing patterns, interaction with website features, and referral URLs.

4. How We Use the Information

We use information to:

Deliver and improve our claims and analytics services.
Enhance, monitor, and optimize the performance of our AI and technology platforms.
Conduct audits, compliance checks, and regulatory reporting.
Develop and train AI models using only de-identified data unless otherwise authorized.
Protect the security, confidentiality, and integrity of information.
Support client requests to access, amend, or restrict the use of PHI.
Communicate with our clients and partners regarding service updates or regulatory changes.

We do not use PHI or PII for:

Marketing or advertising without consent.
Sale to third parties.
Model training involving identifiable PHI unless explicitly authorized.

5. Legal Basis for Processing (for GDPR Applicability)

When applicable under GDPR, our legal basis for processing information includes:

Performance of contractual obligations.
Compliance with legal obligations.
Legitimate interests (e.g., improving our services, ensuring security).
Consent where required (e.g., for cookies, newsletters).

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Understand how visitors interact with our website.
Enhance user experience.
Monitor website security and performance.

You may control or disable cookies through your browser settings. Certain features of our website may not function properly without cookies.

7. How We Protect Information

We apply rigorous security controls, including:

HIPAA-compliant hosting with encryption in transit and at rest.
Role-based access controls and multi-factor authentication.
Regular risk assessments, penetration testing, and vulnerability management.
Detailed incident response protocols and disaster recovery plans.
Mandatory workforce training on privacy and cybersecurity.

No method of transmission or storage is 100% secure; however, we employ commercially reasonable means to protect your data.

8. Information Sharing and Disclosure

We may share information in the following circumstances:

With Covered Entities and Business Associates: As authorized under our agreements and HIPAA.
With Subcontractors and Service Providers: Under contractual agreements ensuring HIPAA and privacy compliance.
Business Transfers: If LinkMD is involved in a merger, acquisition, or asset sale, information may be transferred to a successor entity.
Compliance with Legal Obligations: If required by applicable law, legal process, or government request.
De-Identified Data: May be used internally for research, AI training, benchmarking, or other permissible activities.

We require all third parties to protect any information they receive to at least the same standards described in this policy.

9. Data Retention and Secure Destruction

PHI and PII are retained only for as long as necessary to fulfill our service obligations, legal, or regulatory requirements.
Upon completion of service or expiration of legal retention periods, data is securely deleted following NIST 800-88 guidelines.

10. Patient Rights and Our Role

Since LinkMD does not collect PHI directly from individuals:

Individuals seeking to exercise their rights (access, correction, deletion) should contact their healthcare provider or the originating entity.
We support our healthcare partners in fulfilling HIPAA-compliant rights requests as needed.

11. Cross-Border Data Transfers

Our services are primarily U.S.-based. However, if cross-border transfers occur, we implement appropriate safeguards (e.g., Standard Contractual Clauses) to ensure compliance with international data protection laws.

12. Children's Privacy

Our services are not directed toward, and we do not knowingly collect information from, individuals under the age of 13. If we become aware that we have collected information from a child, we will take appropriate steps to delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically.
When changes are made:

We will update the “Last Updated” date.
We may notify partners and clients through appropriate means.
Continued use of our services following an update constitutes acceptance of the revised policy.

14. Breach Notification

In accordance with the Health Insurance Portability and Accountability Act (HIPAA), LinkMD will notify affected individuals in the event of a breach of unsecured Protected Health Information (PHI). This notification will be provided without unreasonable delay and no later than 60 days following the discovery of the breach.

The breach notification will include the following information:

A brief description of what happened, including the date of the breach and the date it was discovered (if known).
A description of the types of PHI that were involved in the breach (such as full name, social security number, date of birth, home address, diagnosis, etc.).
Any steps individuals should take to protect themselves from potential harm (such as credit monitoring, password changes, or identity theft protection).
A description of what LinkMD is doing to investigate the breach, mitigate harm to affected individuals, and prevent future breaches.
Contact information for individuals to ask questions or obtain additional information, which includes a toll-free telephone number, email address, website, or mailing address.

All notifications will be written in plain language and designed to be clear, informative, and actionable for individuals. In situations where more than 500 individuals are affected, notifications may also be made to the Secretary of Health and Human Services (HHS) and prominent media outlets, as required by law.

15. Contact Us

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact:

Email: security@linkmd.ai

Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast