Privacy Policy
How we protect your privacy and handle your data
Our Commitment to Privacy
PatientLetterHub respects your privacy and protects your data.
We are committed to protecting the privacy and security of all information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
This Privacy Policy applies to PatientLetterHub, operated by MASS Communications, Inc. ("Company," "we," "us," or "our"). We are committed to maintaining the privacy and security of your information in accordance with applicable laws and regulations, including HIPAA, GDPR, and other privacy standards.
Our Privacy Principles
No Data Sales
We never sell or share your practice or patient information with third parties
End-to-End Encryption
All data is encrypted in transit and at rest using industry-standard protocols
Minimal Retention
We only retain data as required to fulfill your jobs and maintain audit trails
User Control
You can request deletion of your data at any time
Information We Collect
Account Information
When you create an account, we collect:
- Name, email address, and contact information
- Practice or organization details
- Authentication credentials (managed securely)
- Billing and payment information
Patient Health Information (PHI)
To provide our services, we may process:
- Patient names and contact information
- Medical practice information
- Communication content and templates
- Mailing addresses and delivery information
Important: All PHI is handled in strict compliance with HIPAA regulations and our Business Associate Agreement (BAA).
Usage and Technical Data
We automatically collect certain technical information:
- Log files and system performance data
- Platform usage statistics and analytics
- Security and audit logs for compliance
- Error reports and system diagnostics
How We Use Your Information
Primary Service Delivery
Process patient communications
Generate and mail patient letters according to your specifications
Manage your account
Provide access to our platform and manage billing
Customer support
Respond to your questions and provide assistance
Security & Compliance
Maintain security
Protect against fraud, abuse, and security threats
Compliance monitoring
Ensure HIPAA compliance and maintain audit trails
Legal obligations
Meet regulatory requirements and respond to legal requests
We Never:
- • Sell your data to third parties
- • Use your data for marketing without consent
- • Share patient information with unauthorized parties
- • Use your data for purposes unrelated to service delivery
Data Protection & Security
Encryption & Security
We implement industry-standard security measures to protect your data:
- • TLS 1.2+ encryption for all data in transit
- • AES-256 encryption for data at rest
- • Multi-factor authentication for account access
- • Regular security audits and penetration testing
- • Role-based access controls to limit data exposure
Data Retention & Deletion
Our data retention practices are designed to balance service delivery with privacy:
- • Active jobs: Data retained until job completion + 30 days
- • Audit trails: Retained for 7 years for compliance purposes
- • Account data: Retained while account is active
- • Data deletion: Available upon request within 30 days
- • Secure disposal: All deleted data is permanently erased
Third-Party Services
We use carefully selected third-party services that meet our security standards:
- • Cloud infrastructure: SOC 2 and HIPAA-compliant providers
- • Payment processing: PCI DSS compliant payment gateways
- • Email services: Secure, encrypted communication
- • All vendors: Subject to our security requirements and BAAs
Your Privacy Rights
Access & Portability
You have the right to access your personal information and request a copy of your data in a portable format. We will respond to such requests within 30 days.
Correction & Updates
You can update or correct your account information at any time through your account settings or by contacting our support team.
Data Deletion
You can request deletion of your account and associated data. We will process deletion requests within 30 days, subject to legal retention requirements.
Opt-Out Rights
You can opt out of non-essential communications and marketing emails. Service-related communications cannot be opted out of.
To exercise any of these rights, please contact us at:
Compliance with Privacy Standards
Our privacy practices are designed to align with:
HIPAA
Health Insurance Portability and Accountability Act
GDPR
General Data Protection Regulation (EU)
Industry Standards
Best practices for healthcare data protection
Questions About Privacy?
Our privacy team is here to help with any questions about data protection