Privacy Policy

HIPAA Compliance & Data Protection

PhysicianLink is designed and operated in full compliance with the Health Insurance Portability and Accountability Act (HIPAA). We implement technical, administrative, and physical safeguards to ensure the confidentiality, integrity, and availability of all Protected Health Information (PHI) transmitted or stored within this application. All messages are encrypted end-to-end using the Signal Protocol, ensuring that no message content can be read by PhysicianLink or any third party.

Data Storage & Retention

Messages and attachments are encrypted at rest and in transit. Message content is stored in encrypted form on your device and in our secure cloud infrastructure. We do not sell, share, or disclose your personal information or PHI to third parties except as required by law or with your explicit written consent. You may request deletion of your account and associated data at any time from within the app (Settings → Delete Account) or by contacting our support team. Upon account deletion, your personal data and message history will be permanently removed from our servers within 30 days. Audit logs are retained for six years as required by HIPAA §164.316(b)(2)(i).

Access Controls & Audit Logging

Access to your account is protected by multi-factor verification, optional biometric authentication, and session timeout controls. All access events, message sends, and file transfers are logged for audit purposes as required by HIPAA's Security Rule. Audit logs are retained for a minimum of six years and are accessible only by authorized compliance personnel. If you believe your account has been accessed without authorization, please contact us immediately at security@physicianlink.com.

Contact Us

For questions about this Privacy Policy or our data practices, please contact our Privacy Officer at privacy@physicianlink.com.