Privacy Policy

Last Modified: September 2, 2022

This Privacy Policy discloses the privacy practices for collaboratemd.com, cmd2go.com, and paystatementonline.com (including all sub-domains, the “Sites”), which are owned and operated by CollaborateMD, Inc. (“CollaborateMD,” “our,” “we” or “us”).  This Privacy Policy also governs the use of any mobile device application created by CollaborateMD (each or collectively, the “Mobile App”) and the practice management software CollaborateMD provides to healthcare practices and practitioners as well as “Payment Portal” Services for use by a practitioner’s patients (collectively, our “Services”).

This Privacy Policy applies to our collection and use of information from all users of our Services including, without limitation, visitors accessing the Sites or using only free services offered on the Sites, and is incorporated into our Customer Software Agreement (CSA). Please note that this Privacy Policy does not address the privacy practices of third parties, including those with whom we may share information as set forth below, and those of websites to which our Sites link. Please review the privacy policies of any third parties before you disclose information to them. Through your use of any of our Sites or Services you consent to the practices described in this Privacy Policy.



Changes to this Privacy Policy 

We may revise this Privacy Policy from time to time and without prior notice to you. Changes may apply to any personal information we already hold about you and any new personal information collected after the Policy is modified. If we make changes, we will notify you by revising the “Last Modified” date at the top of this Policy, which will always be at https://www.collaboratemd.com/privacy. By continuing to access or use the Sites and/or Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

In addition, we may provide you with “just-in-time” disclosures or additional information about the data handling practices of specific parts of our Sites or Services. Such notices may supplement this Policy or provide you with additional choices about how we process your Personal Information.

Our Relationship to You 

To understand CollaborateMD’s data protection obligations and your rights to your personal information under this Policy, it is important that you identify which relationship(s) you have with CollaborateMD.

  • “Practitioners” refers to the registered companies (i.e. healthcare practices, billing services, sole proprietor practitioners, etc.) utilizing the CollaborateMD Services, including companies with both paid and free demo accounts, on whose behalf CollaborateMD collects certain consumer and patient information, and on whose behalf CollaborateMD submits insurance claim information and processes payments. (Authorized users of a Practitioner’s paid, and/or free demo account are collectively and individually referred to as “Practitioners” or “Practitioner.”)
  • “Clients” refers to individuals utilizing the services of a Practitioner utilizing CollaborateMD Services. If you are a Client, CollaborateMD will collect your Personal Information solely on behalf of a Practitioner. Your agreement with the relevant Practitioner should explain how the Practitioner shares your Personal Information with CollaborateMD and other third parties, and if you have questions about this sharing, then you should direct those questions to the Practitioner.
  • “Visitors” refers to any individual accessing the Sites, as well as to any individual submitting personal information via the Sites for any reason, including but not limited to submitting a “contact us” or other online inquiry form, engaging in an online Chat session, subscribing to a newsletter or blog, registering for a demo or webinar, completing an online survey, or uploading any content to the Sites or via the Services.

Hereinafter we may refer to Practitioners, Clients, and Visitors individually and collectively as “you.”

Collection and Use of Personal Information 

For purposes of this policy, “Personal Information” refers to any information about an identified or identifiable individual, including financial account information, Protected Health Information (PHI/ePHI), and any device information that may be linked with an identifiable individual. Any information that is anonymized or aggregated is no longer Personal Information and we may use it and share it for any reason, including using anonymized PHI/ePHI as authorized by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and their implementing regulations set forth at 45 C.F.R. Parts 160 and Part 164 (collectively “the HIPAA Rules”), or any other law or regulation.

We collect Personal Information from and about Visitors to our Sites, we collect Personal Information from and about Practitioners through our Sites and Services, and we collect Personal Information from and about Clients and other individuals who utilize the services of Practitioners that use our Services for insurance claims submission, invoicing and billing, patient communications, online patient portals, online payments, and other practice management services.

Personal Information about Clients may be provided to us by Practitioners or authorized users of a Practitioner’s account, or directly by the Clients themselves.  By providing information to us through an online payment form or online communication channel that is part of Practitioner’s instance of our Services (“Payment Portal”), Clients consent to our collection of such information and our sharing of that information with the Practitioner as set forth in this policy. In cases where authorized Practitioners enter a Client’s Personal Information into our systems, they certify that they have received any required authorization to do so from the Client and that the disclosure does not violate the Payment Card Industry Data Security Standard (PCI DSS), the HIPAA Rules, or any other law or regulation.

Parts of our Sites are public and any information that is disclosed on such public parts of our Sites may appear on search engines or other publicly available platforms, and may be “crawled,” searched and used by other Visitors, Practitioners, Clients, or other third parties. Please do not post any information that you do not want to reveal publicly.

In all cases where we share Personal Information with third parties, we will use a “minimum necessary” standard to disclose only that information required for satisfying the purpose of or performing the service for which the information is disclosed.

We generally collect and use information as follows:

From Practitioners with a Free Account or Trial Account

The Sites may require you to give us contact information (name, business name, phone number, e-mail address, etc.) in order to obtain a registered free trial account. We use this information, and any personal information for your own Clients that you enter into our Services, to configure your account for submitting insurance claims, reporting, interacting with Clients, and other uses and activities relating to our provision of the Services. We may also use this information to communicate with you about your free account usage, to provide account-specific technical support, and to provide information to you about additional CollaborateMD products and services that we believe may be of interest to you.

We may also use your personal information to send you promotional products and information about CollaborateMD, the Sites, and/or on behalf of trusted third-parties, subsidiaries and affiliates. Additionally, we may create anonymous records from personal information by excluding information (such as your name) that makes the information personally identifiable to you or one of your Clients. We may use this anonymous information for certain business purposes of CollaborateMD or its subsidiaries or affiliates, including but not limited to, directing future development efforts, analyzing usage patterns so that we may enhance our services, and providing reports based on anonymous non-personal information.

From Practitioners with a Paid CollaborateMD Account

To obtain a CollaborateMD account you must provide contact information (name, address, phone number, and e-mail address) in addition to other personal information and information about your practice, and payment information to authorize automatic recurring billing for your subscription fees and deposit of payments for insurance claims and Client payments CollaborateMD submits/processes on your behalf.  You may also enter personal information for your own Clients as part of using the CollaborateMD Services. You represent and warrant that you have the right to provide CollaborateMD with any information, content, data, or materials provided by you, and that the disclosure does not violate the PCI DSS, the HIPAA Rules, or any other law or regulation.

We use your personal information to administer your account, to send you messages related to your usage of the Services, and to send you information about our company and your account.  

We use billing and financial information (bank account numbers/credit card numbers) to process recurring subscription fees and other fees as applicable, via third-party payment processors, and to facilitate the deposit of insurance claims payments.  We collect information when you engage in transactions via our Services, such as when you process payments and refunds, configure recurring payment or payment plan schedules, send and configure invoices, schedule appointments, and other transaction-related information. 

When you download and use a Mobile App we may collect certain information automatically, such as the type of mobile device you use, your unique device ID, the IP address of your mobile device, your mobile phone number, your mobile operating system, the type of mobile internet browsers you use, and information about the way you use the Mobile App.

We may use your personal information to send you promotional products and information about CollaborateMD, the Sites, the Services, and/or on behalf of our parent company, partner companies, subsidiaries and affiliates. We may also create anonymous records from personal information by excluding information (such as your name) that makes the information personally identifiable to you. We may use this anonymous information to direct future development, including but not limited to analyzing usage patterns so that we may enhance our services, and providing reports based on anonymous non-personal information.

From Clients Using a Payment Portal

Any Personal Information we collect about a Client (consumer or other individual), whether entered directly into our systems by the Client via a Payment Portal or other online form or portal operated on behalf of a Practitioner, or entered by an authorized Practitioner, is used solely for the purpose of providing our Services or as otherwise set forth herein.

As part of utilizing a Client Payment Portal or any other Client-facing feature of our Services, you may send and receive free-form messages to/from Practitioners, review invoices, review visit summaries, and make payments to or activate payment plans with Practitioners.  In all of those cases, the information collected may be classified as Protected Health Information (PHI/ePHI) under the HIPAA Rules.  

CollaborateMD, via integration with third parties, processes payments for and collects information from Clients via the Payment Portal.  When you submit a payment or payment account information from a Payment Portal, we may collect information necessary to process that transaction, including your name, address, zip/postal code, credit card or financial account number, IP address, and any other information necessary to process or authenticate the transaction. Furthermore, we may collect information about you and your payment, as well as any personal information or demographic data that you provide at the time of payment, including (without limitation) your email address, contact information, and other information related to the products/services purchased. This information is shared with third party processors solely for the purpose of processing the transaction, and the third party’s use of the information is governed by the contractual agreements between CollaborateMD, the Practitioner, and the third party.

We may store indefinitely, on behalf of the Practitioner, any Protected Health Information (PHI/ePHI), personal, payment, and other information collected as part of a Payment Portal transaction or interaction. The Practitioner may have access to that Personal Information, including your financial account numbers and Protected Health Information, as part of our Services. The Practitioner may also use the information you provided for marketing and other similar purposes, and may combine that information with other information the Practitioner holds about you as set forth in the Practitioner’s privacy policy or other terms and conditions between you and the Practitioner. By providing information, including PHI/ePHI, to us through a Patient Portal you expressly consent to our collection of such information and our sharing of that information with the Practitioner as set forth in this policy.

We may also create anonymous records from Personal Information by excluding information (such as name) that makes the information personally identifiable to a specific consumer or other individual. We may use this anonymous information to direct future development, including but not limited to analyzing usage patterns so that we may enhance our services, and providing reports based on anonymous non-personal information. We may also use anonymized PHI/ePHI as authorized by the HIPAA “Privacy Rule” as described in 45 C.F.R. § 164.514(b).

From Visitors to the Sites

When you submit an online “contact us” or other online inquiry form,  when you engage in an online chat session, when you subscribe to a newsletter or blog, or when you call, write, fax or otherwise initiate contact with CollaborateMD, we record your contact information (name, address, phone number, and email address) in our CRM (Customer Relationship Management) system. This information is used for answering your questions as well as ongoing marketing communication programs. In some cases, you may be referred to a CollaborateMD online inquiry form via a link on a third party referral website. In that case, any information collected on the CollaborateMD hosted online inquiry form may be shared with the referring party, and that referring party may use it for their own, non-CollaborateMD related, marketing communication programs. If you exchange any messages through our Sites or through our Services, we may store those as well.

Automated Data Collection Technologies

When you access the Sites or Services or open one of our HTML emails, we may automatically record certain information from your system by using cookies and other types of click-stream tracking technologies. This “automatically collected” information may include an Internet Protocol address (“IP Address”–a number that is automatically assigned to your computer when you use the internet, which may vary from session to session), a unique user ID, device type, device identifiers, browser types and language, referring and exit pages, platform type, version of software installed, system type, the content and pages that you access on the Service, the number of clicks, the amount of time spent on pages, the dates and times that you visit the Service, and other similar information. Depending on the law of your country of residence, your IP address may legally be considered personally identifiable information.

Additionally, to make our Sites more useful to you, and to adhere to the PCI DSS, the HIPAA Rules, and other applicable laws and regulations, our servers (which may be hosted by a third party service provider) collect personal information and other data from you, including (without limitation) browser type, operating system, Internet Protocol (IP) address, domain name, and/or a date/time stamp for your visit. Like most internet services, we automatically gather this information and store it in log files each 

Our Sites also include widgets, which are interactive mini-programs that run on our Sites to provide specific services from another company (e.g. displaying the news, opinions, music, etc.). Personal information, such as your email address, may be collected through the widget. Cookies may also be set by the widget to enable it to function properly. Information collected by widgets is governed by the privacy policy of the company that created it.

Cookies and Similar Technologies

Certain portions of our Services may collect information via cookies, web beacons, pixel tags, and similar digital tracking technologies. These technologies can be used to collect and analyze other information related to the devices you use to access the Sites and/or Services, such as IP addresses, browser types, browser language, unique device identifiers and other information about your computer(s) and/or mobile device(s).

We may also use these technologies to log click-stream or similar data collected from certain portions of our Sites. Generally, this information is collected when you request pages from our Sites, and typically includes information such as the page served, the time, the source and type of browser making the request, the most recent page view, what you clicked on in order to arrive at our Sites, the content you viewed on our Sites, and other similar information relating to your use of our Sites.

We typically use these cookies and similar technologies for essential and functional purposes (e.g. to maintain an active session), to improve the performance and usability of our Sites, and to analyze how users interact with the Services (e.g. to understand how long users stay on a page, how often they return, and how they arrived at our Site). On certain portions of our Sites, we may collect data through these technologies for advertising, remarketing, or other similar purposes. Click-stream and related data is typically used for purposes of system administration, to improve our Services, for marketing and advertising-related purposes, and other similar uses.

Some tracking technologies on our Sites and/or Services may be provided by a third party (which may collect information on its own behalf, or may provide such information to us). For example, we use Google Analytics on our Sites. Google Analytics is a web analytics service provided by Google. Google Analytics uses cookies to collect anonymous traffic data to help use analyze how users use the website. The information generated by a cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Sites, compiling reports on Site activity for us and providing other services relating to Site activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. By using the Sites, you consent to the processing of data about you by Google in the manner and for the purposes described in this Privacy Policy.

You may also refuse or accept Cookies from the Sites or any other website at any time by activating settings on your browser. Most browsers automatically accept Cookies, but you can usually modify your browser setting to decline Cookies if you prefer. If you choose to decline Cookies, you may not be able to sign in or use other interactive features of our Sites that depend on Cookies. Information about the procedure to follow in order to enable or disable Cookies can be found at:

For more information about other commonly used browsers, and to learn more about cookies and similar tracking technologies, and how they can affect your privacy, visit please refer to http://www.allaboutcookies.org/manage-cookies/.

To learn more about how to opt out of Google’s use of cookies, visit the Google Ads Settings page or to opt-out of participating in Google Analytics data follow the instructions on https://tools.google.com/dlpage/gaoptout.

Alternatively, you can opt out of certain types of cookie use by visiting the Network Advertising Initiative opt out page or permanently using the Google Analytics Opt Out Browser add on. If you wish to take steps to opt-out of tracking by certain online advertisers, you can visit the Digital Advertising Alliance’s opt-out page at http://www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/optout_nonppii.asp. You may control Facebook’s use of interest-based ads through your Facebook account settings, or may visit the customer support page here.

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

How We Share Information with Third Parties

Except as otherwise set forth in this Privacy Policy or in accordance with any request or consent you provide, CollaborateMD does not sell, share, or in any other way transmit personal information (names, address, phone numbers, financial account information, Protected Health Information (PHI/ePHI), etc.) submitted by non-registered users to any other persons or companies. We reserve the right, however, to use and disclose anonymous information to third parties, at our discretion. Except as limited below, third parties may use information we share with them for any purpose for which we may use such information.

Personal information we collect may be shared with service providers who provide certain services on our behalf or directly on behalf of Practitioners using third party integrations, including but not limited to insurance claims submission, identity verification, credit checks, fraud prevention, business intelligence, customer relationship management, bill collection, payment processing, marketing, hosting, and other common technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and in accordance with this Privacy Policy.  In the event that PHI/ePHI will be shared a Business Associates Agreement is established with the third party in compliance with the HIPAA Rules. You explicitly consent to our sharing with these third parties by using our Services and accepting the terms of this Privacy Policy.

We may provide information, including Personal Information of registered users to third party service providers and referral partners that work on behalf of or with us to provide some of the aspects of our services, to help us communicate with you, or to provide Practitioners with ancillary services offered by such service providers and referral partners. We may also receive information about you, including personal information, from our third party service providers and referral partners. However, these service providers and referral partners do not have any independent right to disclose this information (except to the same extent we would have a right to disclose that information under this Privacy Policy).

If you make a purchase from or a payment to a Practitioner via a Payment Portal, we may grant access to or share with the Practitioner any and all information we collect as part of that transaction, including credit card and other financial account information and Protected Health Information (PHI/ePHI), except where that disclosure is prohibited by law, regulation or other obligations (e.g. for data security).

If you make an appointment with a Practitioner, message a Practitioner, complete and upload a Practitioner supplied form, or otherwise provide personal information to a Practitioner via a Payment Portal Service we will grant access to and share all information collected with that Practitioner.

In order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, you hereby agree that we may share your personal information with any of our current or future affiliated entities, subsidiaries and parent companies (collectively “Affiliates”). If our company or some or all of our assets are acquired by another company, any personal or other information we possess may be a part of the assets transferred, and that company will possess any rights granted to us under this Privacy Policy.

Additionally, we may share any personal or other information we possess, including but not limited to credit card and other financial account information and Protected Health Information (PHI/ePHI) when necessary or appropriate to: comply with the law; cooperate with law enforcement or national security requirements; respond to lawful requests; comply with law or credit card rules; participate in a lawful federal, state or local government investigation; protect the rights of CollaborateMD, other CollaborateMD Practitioners or Clients, and third parties; or to investigate violations of or to enforce our terms of service. We may also share PHI/ePHI with the Department of Health and Human Services as part of a lawful investigation. However, when complying with information sharing requests, we may: (i) dispute demands for release to the extent we believe, in our sole discretion, are unwarranted, illegitimate or overbroad; and (ii) when we determine that it is necessary or appropriate, we will notify you of any requests for release. 

In all cases where we share Personal Information with third parties, we will use a “minimum necessary” standard to disclose only that information required to perform the service or fulfill the obligation for which the information is disclosed.

Data Retention Policy, Managing Your Information 

We will retain personal information for as long as you remain an active CollaborateMD paid account holder and for a reasonable time thereafter. 

We may store on behalf of Practitioners, for as long as a valid business reason exists, which may be indefinitely, any Personal Information, including but not limited to financial account information and Protected Health Information (PHI/ePHI), collected about a consumer or other individual (Client), whether entered directly into our systems by the consumer, or entered by an authorized Practitioner user.  We may retain anonymized and aggregate data indefinitely.

Upon termination of a contract with a Covered Entity, we will remove any ePHI stored in our systems on behalf of that Covered Entity where required by applicable law or the Business Associate Agreement with the Covered Entity; any PHI that we continue to maintain, will be stored and protected per the terms of our Business Associate Agreement with the Covered Entity.

Security

CollaborateMD takes security very seriously and has security measures in place designed to protect against the loss, misuse and alteration of the information under our control. We protect your Personal Information by maintaining physical, technical and procedural safeguards to protect the confidentiality and security of your Personal Information. Such safeguards include use of secured socket layers (“SSL”), firewalls, data encryption, enforcing physical access controls to our buildings and files, and limiting access to Personal Information only to those employees, agents or third parties who need to know that information in order to process it for us. We are also a Level 2 PCI-DSS self-certified service provider.

CollaborateMD policies, processes, procedures and systems are designed to be in compliance with the HIPAA Rules.

CollaborateMD utilizes third-party service providers to provide payment processing services.  These providers are contractually required to maintain compliance with the PCI DSS, and with all NACHA rules for ACH transaction processing.  This includes secure transmission of credit card/bank account information, and encrypted storage of all payment account information.

However, you are also responsible for keeping your Personal Information confidential and secure. CollaborateMD cannot guarantee that your Personal Information will be 100% safe while using our Services. You should choose a password that is complex (e.g., special characters and numbers, sufficient length, etc.) and keep your password confidential. Do not leave your device unlocked so that other individuals may access your device or account. CollaborateMD is not in control of your Internet or wireless connection or the devices you use to log into the Services, so you should make sure you trust the devices and connections you use to access the Services. If you believe that you have experienced unauthorized access or use of your account, please contact us immediately at [email protected].

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted via our Sites or Services. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Sites or the Services.

Choice/Opt-Out

You may opt-out of receiving marketing communications from us by following the opt-out instructions we include in such communications.

If you wish to opt-out of communications from Practitioners utilizing our Services, you must contact the Practitioner directly to make such requests.  

You may opt-out of all of our information collection from your mobile device by uninstalling the Mobile App. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.

To the extent required by law, you may choose to opt out of sharing with any other parties with whom we may share your personal information; however, you may be unable to use the Services or certain features if you wish to limit such sharing.

Accessing, Correcting and Deleting your Information 

CollaborateMD acknowledges the right of individuals to access their personal data. If you are a Practitioner, you may access and modify your personal and other account information using your account settings page. You may also access, change and modify information previously provided or collected by sending an email to CollaborateMD at [email protected] to initiate changes or modifications or to obtain a file for review. Note that CollaborateMD will require you to verify your identity prior to releasing any personal information.

You may close your CollaborateMD account in accordance with the Accounting Agreement. To fully close your CollaborateMD account you may also be required to complete account closure forms with the third party providers of any services integrated with your CollaborateMD account.

Further, you may request that your personal information be removed from all CollaborateMD systems. This request must be made in writing to the address provided below. Note that if you request removal of your personal information you will no longer have access to any existing CollaborateMD account and will not be able to use any CollaborateMD product or service. CollaborateMD reserves the right to retain certain account information for its recordkeeping or compliance purposes.

If you are a patient, customer, or otherwise do business with or utilize the services of a Covered Entity that utilizes CollaborateMD Services as part of providing service to you, you can request that the Covered Entity provide you with access to the Personal Health Information (PHI/ePHI) stored in CollaborateMD systems on its behalf, that it make changes to that ePHI, and/or that the ePHI be deleted from CollaborateMD systems. CollaborateMD cannot honor such requests directly, but will assist Practitioners with addressing them.

Note that using the system delete function to remove any data related to your Clients, or to remove any personal data about your company or its authorized users, only restricts viewing that data from any system interface and prevents utilizing that data for any system function. It does not permanently delete the data from CollaborateMD systems. To have any personal data permanently deleted from CollaborateMD systems, you must make an official request in writing, to the address provided below or by emailing [email protected], that includes the specific information that you would like permanently deleted from CollaborateMD systems. Note that CollaborateMD will require you to verify your identity prior to executing any request to permanently delete data.

California residents may request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. You may make one request each year by contacting us as set forth below.

Dispute Resolution

If you have any questions or concerns, please contact CollaborateMD by e-mail at [email protected]. We will do our best to address your concerns. If you feel that your complaint has been addressed incompletely, we invite you to let us know for further investigation. If we are unable to reach a resolution to the dispute, you and CollaborateMD will settle the dispute exclusively as set forth in the Customer Software Agreement.

A Note about Children

We do not intentionally gather information about visitors who are under the age of 18, do not offer Practitioner accounts to children under the age of 18, and prohibit Practitioners from granting Payment Portal access to children under the age of 18 without explicit permission from an authorized parent or legal guardian. If you are under the age of 18 you should not use our Sites or Services without permission.

Internal Transfers

If you are accessing our Sites or Services from outside of the United States, any information provided will be transferred to us or our service providers in the United States. Regardless of where your information is collected or transferred, the information will be treated in accordance with this Privacy Policy. You consent to such transfer through your continued use of our Sites and/or Services. Please note that CollaborateMD processes information on behalf of its Practitioners. Practitioners may be responsible for obtaining your consents relating to the collection, use, transfer and other processing of your Personal Information, may provide additional notices affecting our processing of your Personal Information, and may provide for additional limitations or permissions with respect to our processing of your information in order to comply with applicable law.

Contacting Us

CollaborateMD, Inc.
111 N Magnolia Ave
Suite 1100
Orlando, FL 32801
E: [email protected]