Back to home
PV

PatientPreVue

Privacy Policy

Effective Date: May 6, 2026

Ryan Seifipour LLC

HIPAA-COVERED PLATFORM

PatientPreVue handles Protected Health Information (PHI) as defined under HIPAA. This Privacy Policy, together with our Terms of Service, describes how we collect, use, disclose, and protect your information. Healthcare providers who use this platform must also execute a Business Associate Agreement with us.

1. WHO WE ARE

PatientPreVue is a health information technology platform operated by Ryan Seifipour LLC (“we,” “us,” or “our”). We provide AI-assisted pre-visit intake, patient record management, and care coordination tools for healthcare providers and their patients.

We are not a healthcare provider, insurer, or covered entity as that term is used in HIPAA. We act as a Business Associate to healthcare providers who use our platform to process patient information.

Questions about this policy may be directed to: support@patientprevue.com

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

  • Account information: name, email address, role (doctor or patient), and specialty (for providers). Passwords are never stored in readable form.
  • Health intake information (patients): symptom descriptions, medical history responses, and answers submitted through assessment modules. This constitutes PHI and is protected accordingly.
  • Uploaded medical records: documents, images, and files you upload to the platform, stored securely in the cloud.
  • Clinical notes and summaries: notes entered by healthcare providers and AI-generated summaries of patient assessments.
  • Communications: messages sent between patients and providers through the platform.
  • Profile photo: if you choose to upload one, stored securely in the cloud.

2.2 Information Collected Automatically

  • HIPAA audit logs: IP address, browser type, timestamp, and action taken on every request that accesses PHI. These logs are required by HIPAA and retained for 6 years.
  • Session information: authentication tokens stored as secure cookies. We do not use persistent tracking cookies or third-party analytics.
  • Security data: technical data used to ensure platform security and prevent abuse. Deleted automatically after a short period.

2.3 Information from Google Sign-In (if used)

If you choose to sign in with Google, we receive your name and email address from Google. We do not receive your Google password, contacts, calendar, or any other Google account data. We use this information solely to create or authenticate your PatientPreVue account. Google’s use of your data is governed by Google’s Privacy Policy.

3. HOW WE USE YOUR INFORMATION

We use the information we collect to:

  • Create and authenticate your account.
  • Deliver platform features: assessments, AI-generated summaries, record management, provider-patient messaging, and referral coordination.
  • Generate AI-assisted summaries of your health intake. Information sent for AI processing is handled with care and is not used to train AI models.
  • Enable healthcare providers to view and manage patient information for patients with whom they have an active, authorized connection.
  • Maintain HIPAA-required audit logs of all PHI access.
  • Process subscription payments (providers only).
  • Send transactional emails: account verification, password reset, and platform notifications. We do not send marketing emails.
  • Detect and prevent fraud, abuse, and unauthorized access.

We do not sell your personal information or PHI to any third party. We do not use your health information for advertising purposes.

4. HOW WE PROTECT YOUR INFORMATION

4.1 Encryption

All Protected Health Information is encrypted at rest. Files are stored with server-side encryption. All data transmitted between your browser and our servers is encrypted in transit using HTTPS/TLS. Passwords are stored using a one-way cryptographic hash — we cannot recover your password.

4.2 Access Controls

  • Patient health data is only accessible to providers with whom the patient has an active, accepted connection.
  • Document access requires explicit patient authorization.
  • Every endpoint that returns PHI verifies the requesting user’s identity and authorization before responding.
  • Authentication uses short-lived tokens stored as secure, HTTP-only cookies inaccessible to JavaScript.
  • Authorized platform administrators may access account-level information (such as email, name, and account status) for platform operations, security monitoring, and user support. Administrators cannot access patient health records without a direct provider-patient connection.

4.3 Audit Logging

Every access to PHI is logged as required by HIPAA, including the user’s identity, IP address, timestamp, and action performed. Logs are retained for a minimum of 6 years.

5. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information or PHI. We share information only in the following limited circumstances:

  • With your healthcare provider: patients’ assessment summaries, uploaded records, and messages are shared with providers the patient has connected with and authorized.
  • Service providers: we work with trusted third-party service providers to operate the platform, including cloud infrastructure, AI processing, payment processing, and email delivery. These providers are bound by contractual obligations to protect your data and, where required, have entered into HIPAA Business Associate Agreements with us.
  • Legal requirements: we may disclose information if required by law, court order, or to protect the rights and safety of our users or the public.

6. DATA RETENTION

  • Account data and PHI: retained for the duration of your account and for a minimum of 6 years after account closure as required by HIPAA.
  • Uploaded files: retained until you delete them or your account is closed. Files are permanently deleted upon account deletion.
  • Audit logs: retained for 6 years minimum.

7. YOUR RIGHTS

Depending on your location and applicable law, you may have the right to:

  • Access your data: request a copy of the personal information and PHI we hold about you.
  • Correct your data: update inaccurate account information through your profile settings.
  • Delete your account: request deletion of your account and associated data. Note that HIPAA requires us to retain certain audit records regardless of deletion requests.
  • HIPAA rights (patients): under HIPAA you have the right to access and obtain a copy of your PHI, request amendments, and receive an accounting of disclosures. Contact your healthcare provider or us at support@patientprevue.com to exercise these rights.

To exercise any of these rights, contact us at support@patientprevue.com. We will respond within 30 days.

8. COOKIES AND TRACKING

We use only essential cookies necessary for the platform to function securely — authentication tokens and a security token to prevent cross-site attacks. We do not use advertising cookies, third-party analytics (Google Analytics, Meta Pixel, etc.), or any tracking technology that shares your data with advertisers.

9. CHILDREN'S PRIVACY

PatientPreVue is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us at support@patientprevue.com and we will delete the account promptly.

10. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and notify registered users by email for material changes. Continued use of the platform after changes are posted constitutes acceptance of the updated policy.

11. CONTACT US

For privacy-related questions, data requests, or to report a concern:

Ryan Seifipour LLC

PatientPreVue

support@patientprevue.com

This Privacy Policy was last updated on May 6, 2026. Prior versions are available upon request.

Privacy Policy — PatientPreVue