Raintree is committed to protecting the privacy and security of their customers. Raintree’s goal is to provide you with a personalized internet experience that delivers the information, resources and services that are most relevant and helpful to you. In order to achieve this goal, Raintree sometimes collects statistical information during your visits to understand what differentiates you from other users of Raintree websites. Raintree operates under the following set of strict privacy principles:
- The only personal information Raintree obtains about individual users to its websites is that supplied voluntarily by users.
- In cases when Raintree may need personal information to provide users with customized content or to inform them about new features or services, users are explicitly asked for that information.
- Personally identifiable information provided by users (name, e-mail or home address, etc.) will only be disclosed to agents action on Raintree’s behalf subject to an agreement ensuring Raintree’s privacy principles and will not be disclosed to non-agent-third party unless users choose that Raintree may do so, or unless required by law, in conjunction with a government inquiry, or in litigation or dispute resolution.
- Only statistical non-personal information about Raintree website users as a group (usage habits, demographics) may be shared with any sponsor, advertiser or partner of Raintree, unless an appropriate confidentiality agreement is in place. Raintree employs strict security measures to safeguard online transactions. All personal information is stored in a secured database.
Information We Collect
This Policy applies to all information collected or submitted through the Raintree product. On some pages, you are able to make a request to contact us through a web form. The types of information collected on these pages may include your name, company name, ZIP code, email address, and phone number.
We also automatically collect information about you through your use of our Services, including, without limitation: Internet protocol (IP) address, browser type, domain name, the website that led you to our Services, the website to which you go after leaving our Services, the dates and times you access our Services, device identification information, and your activities within our Services (e.g., links you click, searches you run, purchase history, etc.). We may combine information we collect automatically with information we collect directly from you or from third parties.
In providing our Services, the information we collect may include your or your patients’ protected health information (“PHI”), as that term is defined under the Health Insurance Portability and Accountability Act (“HIPAA”). Our processing of PHI is subject to Raintree’s Business Associate Agreement, which you can review in our Terms and Conditions.
Payment Information and Third-Party Payment Processing Services
We offer credit card processing services through Third-Party Payment Processing Services (“Third-Party
Services”) to help you collect patient credit card payments. We do not collect, retain, or disclose your
patient payment information, including credit card information. For more information regarding the
payment information collected by Third-Party Services, please refer to the applicable Third-Party
The Electronic Health Record
Raintree provides the web-based Clinical EHR to customers who enter into an Elation Service Agreement (“Customers”), who then authorize Clinical EHR users, including physicians, physician assistants, nurse practitioners and non-physician staff members (“Authorized Users”). Customers and Authorized Users are responsible for determining uses and disclosures of patient medical information maintained in the Clinical EHR, in accordance with their legal and professional responsibilities as health care professionals and state and federal medical privacy laws, including the federal Health Insurance Portability and Accountability Act (“HIPAA”). To the extent that Raintree receives or maintains patient medical information in the course of providing the Clinical EHR, that information is secured, used and disclosed only in accordance with Raintree’s legal obligations as a “business associate” under HIPAA.
The Patient Dashboard
Raintree Customers may choose to make the Patient Dashboard available to patients to enable certain interactions between the Customer, Authorized Users and patients, including scheduling appointments, discussing medical treatment, sending medication prescription-related messages, and enabling patient viewing of a portion of the Clinical EHR. Customers are solely responsible for the content of the patient’s medical record maintained in the Clinical EHR and determining the portion of the Clinical EHR that may be viewed by the patient through the Patient Dashboard.
Use of Information
Information collected from our consumers is used for the following purposes:
Product and Service Enhancement
To provide and maintain our Services; to improve our Services; to develop new features, products, or services; to perform technical operations, such as updating software; and for other customer service and support purposes.
To analyze how our users interact with our Services; to monitor and analyze usage and activity trends; and for other research, analytical, and statistical purposes.
Strategic Marketing and Company Development
To communicate with you about your account and use of our Services; to send you product, service, or event updates; to respond to your inquiries; to provide you with news and newsletters, special offers, promotions, and other information we think may interest you; and for other informational, marketing, or promotional purposes. Our communications with you may include communications via email.
Confidentiality, Security, Privacy
Confidentiality of Electronic Health Information (EHI)
Some of our customers, such as healthcare providers, are subject to laws and regulations governing the use and disclosure of health information they create or receive. These laws include the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process, or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of a healthcare provider who has entered a Raintree Terms of Service Agreement, we do so as its “business associate” (as defined by HIPAA). Under this agreement, we are prohibited from, among other things, using individually identifiable health information in a manner that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of individually identifiable health information we store and process on behalf of such providers. We are also subject to laws and regulations governing the use and information of certain personal and health information, including HIPAA, when we operate as a business associate of a healthcare provider.
Raintree performs regular Malware Scanning. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.
Raintree will comply with the ONC’s Cures Act and health information policies and procedures and all Applicable Law in connection with the Access, Exchange or Use of EHI, including the Information Blocking Rule. The Information Blocking Rule prohibits Actors—including health IT developers—from engaging in practices (such as acts and omissions) that are likely to interfere with the Access, Exchange or Use of EHI, unless the practice is Required by Law or covered by a regulatory exception. The Information Blocking Rule does not require Raintree to disclose EHI if doing so would violate other Applicable Law, such as HIPAA or other state or federal privacy laws applicable to Raintree. The Information Blocking Rule is intent based. That means failure to satisfy an exception does not mean that there is a violation of the Information Blocking Rule. However, Raintree strives to satisfy the conditions of any applicable exception when engaging in practices that might implicate the Information Blocking Rule. Accordingly, Raintree staff and subsidiaries will follow this policy and all relevant procedures when engaging in practices that involve the Access, Exchange or Use of EHI over which Organization has control.
Raintree does not target our advertising or product use to children. Children under the age of 13 years are not permitted to use Raintree software or services. We do not knowingly collect information online from children under 13. If we discover that we have collected personal information from a child under 13, we will take steps to delete such information.
The Children’s Online Privacy Protection Act (COPPA) does not apply to our therapy practice management, patient relationship management, medical billing and benchmarking services. Personal information collected, retained, used, or disclosed about children under age 13 as part of these Services is subject to HIPAA.
If you are a resident of California and under the age of 18, you may remove any content that you have posted to our Site. In the event you cannot remove the content, you may request for us to remove the content by sending us an email at email@example.com. Please note that the removal of content or information from the Site does not ensure complete or comprehensive removal of the content or information posted on the Site.
CCPA Privacy Notice
Raintree complies with the California Consumer Privacy Act (CCPA).
We will not discriminate against you for exercising any of your CCPA rights. At times, we may offer you a different financial incentive, price difference, or service difference, as permitted by the CCPA, in exchange for retention or the sale of your personal information. If we offer you a financial incentive, we will do the following in advance:
- Notify you of the categories of personal information implicated by the financial incentive, price difference or service difference;
- Obtain your informed consent;
- Base the financial incentive, price difference, or service difference on a good faith estimate of the value of your personal information; and
- Describe the method used for calculating the value of your personal information that formed the basis of the financial incentive, price difference, or service difference.
To adhere with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request from law enforcement or a governmental authority.
Protection of Rights and Liberties
To protect the safety and security; rights; or property of Raintree, the Services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity, which Raintree, in its sole discretion, may consider to be, or to pose a risk of being, an invasion of privacy or otherwise illegal, unethical activity; to use as evidence in litigation; and to enforce this Policy and our Terms and Conditions.
You have the right to correct or request deletion of your personal information. Please note that we may retain certain information about you, as required by law, or as permitted by law for business purposes.
You have the right to opt out of email communications.
3rd Party Affiliates and Vendors
We may disclose your information to any current or potential affiliates or subsidiaries for research and other purposes.
Additionally, and as stated above, Raintree may also share aggregated information or de-identified information with third parties for research purposes. For example, we may share de-identified information with an organization to help identify potential trends in outcomes related to certain healthcare advancements.
We reserve the right to amend this privacy notice at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website.
Last updated: April 5, 2021