ReasonEMR
Sign InRequest Demo

Legal

Privacy Policy

Last updated: February 1, 2026

1. Introduction

Reason EMR, Inc. (“ReasonEMR,” “we,” “us,” or “our”) is committed to protecting the privacy of our users, their patients, and all individuals whose information is processed through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic health record system and related services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, professional credentials, practice name, phone number, and billing information.

Protected Health Information (PHI)

As a covered entity's business associate, we process PHI on behalf of healthcare providers using our platform. This includes patient demographics, clinical notes, diagnoses, treatment plans, prescriptions, and billing data. All PHI is handled in accordance with HIPAA and 42 CFR Part 2 regulations.

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, session duration, device type, browser type, and IP address. This data is used to improve our service and is never linked to patient records.

3. How We Use Your Information

  • Providing and maintaining the ReasonEMR platform
  • Processing and completing transactions
  • Sending administrative communications (e.g., account updates, security alerts)
  • Improving our services based on aggregated, de-identified usage patterns
  • Complying with legal obligations and regulatory requirements
  • Detecting and preventing fraud or security incidents

4. Data Sharing & Disclosure

We do not sell, rent, or trade personal information or PHI. We may share information only in the following limited circumstances:

  • With your practice's authorized users as required for patient care
  • With sub-processors who assist in delivering our services, under strict BAA agreements
  • When required by law, regulation, or valid legal process
  • To protect the safety, rights, or property of ReasonEMR, our users, or the public

5. Data Security

We implement administrative, technical, and physical safeguards to protect information, including AES-256 encryption at rest, TLS 1.3 encryption in transit, role-based access controls, multi-factor authentication, and comprehensive audit logging. Our infrastructure is SOC 2 Type II certified.

6. Data Retention

We retain account information for as long as your account is active. Clinical data is retained in accordance with applicable state and federal record retention requirements. Upon account termination, we will assist with data export and securely destroy copies within 90 days, unless retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data. Patients should direct data access requests to their healthcare provider. Providers may exercise these rights by contacting us at privacy@reasonemr.com.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email and update the “Last updated” date above. Your continued use of our services after changes constitutes acceptance of the revised policy.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Reason EMR, Inc.
Email: privacy@reasonemr.com
Phone: (555) 123-4567