Privacy Policy

At MedMagic, we are committed to protecting the privacy of healthcare providers, practices, and the patients they serve. This Privacy Policy describes how MedMagic (“we,” “us,” or “our”) collects, uses, protects, and discloses information in connection with our AI-powered medical receptionist and practice optimization services.

1. Healthcare Compliance & HIPAA

MedMagic operates in strict compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

In providing our services, we act as a Business Associate to our healthcare provider clients, who are Covered Entities. We execute standard Business Associate Agreements (BAAs) with all of our clients to govern the processing of Protected Health Information (PHI). All data transmissions and storage are fully encrypted in accordance with HIPAA Security Rules.

2. Information We Collect

We collect information in two main categories:

• Practice Information: Information about your healthcare practice, including clinic names, employee credentials, EHR systems, and contact details.
• Patient Interaction Data (PHI): Transcriptions, schedules, phone numbers, and call logs from patient calls answered or placed by the MedMagic AI receptionist. This data is handled in strict compliance with the BAA and is used solely to coordinate appointments and update your EHR system.

3. How We Use Information

We use the information we collect to:

• Configure, run, and optimize the AI receptionist to schedule patient appointments.
• Instantly write back scheduling details and patient intake parameters directly into your practice EMR/EHR system.
• Prevent missed patient opportunities by triggering automated follow-up messages and reactivation text loops.
• Maintain clinical safety records and perform service improvements, as permitted by HIPAA rules and the BAA.

4. Data Security

We employ enterprise-grade, HIPAA-aligned security protocols to protect your practice and patient data. This includes:

• Encryption: All data is encrypted at rest and in transit using AES-256 and TLS 1.3 encryption protocols.
• Access Control: Strict role-based access controls and multi-factor authentication (MFA) for administrative access.
• Hosting: Data is hosted in secure, HIPAA-compliant cloud facilities located in the United States.

5. Data Sharing & Third-Party Disclosure

We do not sell, rent, or trade EMR/EHR data, patient contact lists, or Protected Health Information to third parties. We only share information with authorized subcontractors (e.g., compliant cloud databases and messaging gateways) who have signed Business Associate agreements and strictly as necessary to deliver the MedMagic AI service.

6. Contact Information

If you have any questions or concerns regarding this Privacy Policy or our security compliance practices, please contact us at: