Last Updated: Nov 2024

React Strategies LLC ("we," "us," "our") is committed to ensuring that ReactEHR.com ("Platform") complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the associated Health Information Technology for Economic and Clinical Health (HITECH) Act. We recognize the importance of protecting the privacy and security of health information and are dedicated to safeguarding all Protected Health Information (PHI) within our systems.

This HIPAA Compliance Statement outlines the measures we take to adhere to HIPAA standards, ensuring the confidentiality, integrity, and availability of PHI for our users and their patients.

1. Administrative Safeguards

Risk Analysis and Management: We regularly assess risks and vulnerabilities that may impact the confidentiality, integrity, and security of PHI within our Platform and mitigate identified risks.
Employee Training and Awareness: All employees handling PHI receive HIPAA compliance training, including policies for protecting PHI and reporting any security incidents.
Access Control Policies: Access to PHI is strictly limited to authorized personnel only, and we enforce role-based access to ensure that users only have access to information necessary for their role.
Business Associate Agreements (BAAs): We enter into BAAs with any third-party vendors who may have access to PHI, ensuring that they meet HIPAA standards for data protection and confidentiality.

2. Physical Safeguards

Data Center Security: Our data centers use physical security measures, such as surveillance, restricted access, and monitoring systems, to prevent unauthorized access to servers storing PHI.
Workstation Security: Employee workstations that may have access to PHI are protected with appropriate security measures, including access controls, device monitoring, and secure configurations.

3. Technical Safeguards

Data Encryption: PHI is encrypted both in transit (using TLS/SSL) and at rest (using AES-256 encryption) to prevent unauthorized access and ensure data security.
Access Controls: We use robust access controls, including multi-factor authentication, to restrict access to PHI and monitor user activities within the Platform.
Automatic Logoff: Our Platform is designed to log users out after a period of inactivity to prevent unauthorized access to PHI.
Audit and Monitoring: We continuously monitor and log access to PHI to detect any unauthorized activity. Regular audits are conducted to review access logs and ensure compliance with security policies.

4. Breach Notification and Incident Response

Incident Response Plan: React Strategies LLC has a formal Incident Response Plan in place to quickly address and respond to any data breaches or security incidents that may impact PHI.
Breach Notification: In the event of a breach involving PHI, we will notify affected users and comply with all HIPAA breach notification requirements, including reporting to the Department of Health and Human Services (HHS) as applicable.

5. User Responsibilities

While we implement extensive safeguards to protect PHI, we remind users of the importance of following security best practices when accessing and using the Platform. This includes protecting login credentials, promptly reporting any security incidents, and ensuring that access to PHI is restricted to authorized personnel only.

6. Compliance Monitoring and Regular Audits

React Strategies LLC regularly reviews and updates its HIPAA compliance policies and procedures to ensure continued adherence to HIPAA standards. Periodic audits are conducted to assess the effectiveness of our security measures and to address any areas for improvement.

7. Contact Us

If you have any questions about our HIPAA compliance practices or this statement, please contact us.

End of HIPAA Compliance Statement

Terms of Service

Jan 2025

Welcome to ReactEHR.com, owned and operated by React Strategies LLC ("we," "us," or "our"). By accessing or using our electronic health record (EHR) platform and services ("Services") available at ReactEHR.com, you agree to comply with and be bound by the following terms of service ("Terms"). Please read these Terms carefully.

If you do not agree to these Terms, you may not access or use our Services.

1. Acceptance of Terms

By registering for, accessing, or using ReactEHR.com, you confirm that you have read, understood, and agree to these Terms and any additional terms and policies referenced herein, including our Privacy Policy and HIPAA Compliance Statement.

2. Description of Services

ReactEHR.com is an online EHR platform that provides healthcare professionals with tools to manage patient records, document clinical encounters, and generate medical notes. Our platform includes artificial intelligence (AI) capabilities to assist in completing medical documentation. However, the final responsibility for accuracy and completeness of the records lies with the healthcare provider.

3. Eligibility

To use our Services, you must:

Be a licensed healthcare provider or authorized healthcare administrator.
Be at least 18 years old.
Comply with all applicable laws and regulations, including HIPAA and other health data privacy regulations.

4. Account Registration and Security

When creating an account on ReactEHR.com, you agree to:

Provide accurate and current information.
Maintain the confidentiality of your account credentials.
Notify us immediately of any unauthorized use of your account.

React Strategies LLC is not liable for any losses or damages arising from your failure to protect your account information.

5. Permissible Use and Restrictions

You agree to use ReactEHR.com solely for lawful purposes and within the scope of your role as a healthcare provider or authorized healthcare administrator. You may not:

Use our Services to collect or manage personal information of patients without consent.
Attempt to reverse-engineer, modify, or tamper with any part of our platform, including the AI features.
Violate or circumvent any applicable data privacy, security, or health information regulations.

6. Artificial Intelligence (AI) Disclaimer

Our AI tools are designed to assist healthcare professionals by suggesting potential medical documentation for patient encounters. These AI-generated notes are suggestions only and should not be considered final or complete. You agree to review, edit, and validate all documentation before saving it as part of a patient's health record.

React Strategies LLC disclaims liability for any inaccuracies or adverse outcomes resulting from reliance on AI-generated suggestions.

7. Privacy and Security Compliance

We are committed to protecting patient privacy and ensuring compliance with relevant laws, including the Health Insurance Portability and Accountability Act (HIPAA). For details on our data collection, usage, and protection practices, please refer to our Privacy Policy.

8. Data Ownership and Access

All patient data and information entered into ReactEHR.com by you or your authorized users remain your property. By using our platform, you grant us a limited, non-exclusive license to use and store this data solely for the purpose of providing and improving our Services. We will not access, disclose, or transfer patient data unless legally required or authorized by you.

9. Subscription and Payment Terms

ReactEHR.com offers both free and subscription-based services. By subscribing, you agree to pay the specified fees for the chosen plan. We reserve the right to modify pricing or subscription terms with advance notice to current subscribers.

10. Service Availability and Limitations

While we strive to ensure that ReactEHR.com is accessible at all times, we do not guarantee uninterrupted access. Scheduled maintenance, technical issues, or other factors may cause temporary outages. We are not liable for any disruptions or loss of data resulting from these events.

11. Limitation of Liability

To the fullest extent permitted by law:

React Strategies LLC shall not be liable for any indirect, incidental, or consequential damages resulting from the use or inability to use ReactEHR.com, even if we have been advised of such damages.
Our liability for any claim arising out of or related to these Terms or the Services shall be limited to the fees you paid to us in the 12 months preceding the claim.

12. Indemnification

You agree to indemnify and hold React Strategies LLC harmless from any claims, damages, liabilities, and expenses (including attorney fees) arising from:

Your use of the Services.
Any violation of these Terms or applicable laws and regulations.
Your negligence, willful misconduct, or unauthorized use of patient information.

13. Intellectual Property

All rights to ReactEHR.com, including but not limited to text, graphics, software, and other content, are owned or licensed by React Strategies LLC. You may not copy, distribute, or otherwise exploit any part of our Services for commercial purposes without our written consent.

14. Modifications to Terms

We may modify these Terms at any time, and such modifications will be effective immediately upon posting on this page. Your continued use of ReactEHR.com constitutes acceptance of the revised Terms. We encourage you to review these Terms regularly.

15. Termination

We reserve the right to suspend or terminate your access to ReactEHR.com at any time and without notice if we believe you have violated these Terms or any applicable law. Upon termination, your right to use the Services will cease immediately, and you must discontinue any use of the platform.

16. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the state of Kansas, United States, without regard to its conflict of law principles.

17. Contact Information

If you have any questions or concerns about these Terms, please contact us.

React Strategies LLC

End of Terms of Service

Privacy Policy

Jan 2025

React Strategies LLC ("we," "us," or "our") operates ReactEHR.com ("Platform" or "Services"), an electronic health record (EHR) system with AI powered capabilities to assist in medical note completion. We are committed to protecting the privacy of our users and safeguarding personal and health-related information. This Privacy Policy explains how we collect, use, disclose, and protect your information.

By accessing or using ReactEHR.com, you agree to this Privacy Policy. If you do not agree, please do not use our Services.

1. Information We Collect

We collect the following types of information:

Personal Information: Information you provide directly, such as your name, contact details, and account credentials, necessary for account creation and management.
Patient Health Information: As part of our Services, users may input patient health information, including medical history, diagnosis, treatment plans, and notes. This information is considered Protected Health Information (PHI) under HIPAA and is handled with strict confidentiality.
Technical Information: Information collected automatically when you use our Platform, such as IP addresses, browser type, device information, and usage data. This helps us improve our Services and ensure compliance with security standards.
AI Data: Data entered to leverage our Smart note-completion feature, including medical notes or keywords. Smart AI generated suggestions are based solely on the data provided and are not stored or reused for other purposes.

2. How We Use Information

We use your information to:

Provide and Improve Services: Process and manage your account, facilitate your access to our Platform, and improve our features and user experience.
Assist with Documentation: Use our AI features to generate suggestions for medical documentation, allowing healthcare professionals to streamline patient record creation. Final responsibility for accuracy rests with the user.
Ensure Privacy and Security: Comply with HIPAA and other applicable laws to protect PHI. We also monitor and safeguard against potential security risks.
Comply with Legal Obligations: Fulfill regulatory requirements, comply with law enforcement requests, or defend our legal rights, if necessary.

3. Sharing and Disclosure of Information

We only share or disclose information under the following conditions:

With Your Consent: We may share information if you provide explicit consent or request us to do so.
Service Providers: We may share information with trusted third-party service providers who assist in operating the Platform (e.g., hosting providers or data security firms). These providers are bound by confidentiality agreements to ensure the protection of your data.
Legal Compliance: We may disclose information if required by law, regulation, or legal process, or to protect the rights, property, or safety of our users and the public.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, we may transfer your information, subject to the acquirer’s continued adherence to this Privacy Policy.

4. Your Rights and Choices

As a user, you have the following rights:

Access: You may access the information we hold about you and request a copy of your personal data.
Correction: You may request corrections or updates to your information.
Data Portability: You may request that we provide your information in a structured, commonly used, and machine-readable format.
Deletion: You may request the deletion of personal data in certain circumstances. Note that this may impact your ability to use some aspects of our Services.

Please contact us to exercise any of these rights, subject to verification of your identity and applicable legal exceptions.

5. Security of Your Information

We implement stringent technical and administrative safeguards to protect your information, including but not limited to:

Encryption: Data is encrypted in transit and at rest, following industry-standard encryption protocols.
Access Controls: Access to personal and patient data is restricted to authorized personnel only.
Audit and Monitoring: Regular audits and monitoring for potential security risks and breaches.
HIPAA Compliance: We follow HIPAA regulations to protect PHI and ensure data security.

Despite our efforts, no data transmission or storage can be guaranteed 100% secure. We encourage you to take steps to protect your account and to notify us of any suspected unauthorized access.

6. Use of Cookies and Similar Technologies

ReactEHR.com uses cookies and similar technologies to:

Enhance your experience by remembering your preferences.
Collect analytical data to improve our Platform.
Manage login and authentication functionality.

You can control cookie settings via your browser, but disabling cookies may affect the functionality of certain features on our Platform.

7. AI and Data Usage

Our AI tools are used exclusively to assist in medical note completion based on data you input. AI-generated notes are suggestions and are not final until reviewed by the healthcare provider. We do not retain or share AI-generated data beyond the scope of each individual session.

8. Data Retention

We retain your information only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Upon request, we may delete your data, subject to legal retention requirements.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page, and we will notify you by email or through the Platform if the changes are significant. Please review this Policy periodically to stay informed.

10. Children’s Privacy

Our Services are intended for healthcare professionals and are not directed to children under the age of 13. We do not knowingly collect information from children, and if we become aware of such data, we will delete it promptly.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us.

End of Privacy Policy

ReactEHR HIPAA Statement