Privacy Policy

Last Updated: April 10, 2026

1. Introduction

SureVisit Health, LLC (“we,” “us,” or “our”) provides a healthcare scheduling platform designed for independent medical practices. We are committed to protecting the privacy of our clients (the “Practices”) and their patients. This policy describes how we collect, use, and safeguard information through our website, the Smart Scheduler, and the Browser Bridge extension.

2. HIPAA Compliance & Protected Health Information (PHI)

For the purposes of the Health Insurance Portability and Accountability Act (HIPAA), SureVisit Health acts as a Business Associate to our Practices.

  • We handle PHI only as permitted by the Business Associate Agreement (BAA) we sign with each Practice.

  • We ensure all secondary service providers also maintain strict compliance through executed BAAs.

 

3. Data Hosting & Security

We prioritize the security of your data by partnering with industry leaders in healthcare infrastructure:

  • Hosting & Processing: All platform data and PHI are hosted and processed via HIPAAVault, ensuring administrative, physical, and technical safeguards are maintained at the server level.

  • Encryption: Data is encrypted both in transit (TLS 1.2+) and at rest (AES-256).

 

4. Notifications & Communication

To provide real-time updates and reminders, we utilize specialized communication partners. All notifications containing PHI are sent via encrypted channels to ensure patient confidentiality.

Email Notifications: Facilitated through Mailgun by Sinch.

  • BAA Status: We maintain active Business Associate Agreements with Mailgun to ensure your communication flow is fully compliant.
     

SMS / Text Notifications:
SureVisit Health processes mobile numbers solely to deliver appointment‑related text message reminders on behalf of health care practices. We do not sell, share, or use phone numbers for marketing. No PHI is transmitted by SMS.

Phone numbers and message logs are used only for delivering messages, troubleshooting delivery issues, and complying with carrier requirements. Data is protected using industry‑standard security practices.

Patients may opt out of SMS at any time by replying STOP. Opting out does not affect their ability to receive care.

We do not send any Personal Information and Personal Health Information (PHI) via SMS.

 

5. Information We Collect

  • Practice Information: Name, provider details, contact information, and billing data for subscription management.

  • Patient Data: Information provided by patients during booking (names, contact details, insurance info).

  • Browser Bridge Data: Our extension uses “Passive Detection” to identify relevant fields in your EHR. It only reads and writes data necessary to sync appointment information. We do not store EHR login credentials.