do_not_disturb_onNo AI TrainingStrict opt-in only policy
shieldOur Role
1.Introduction and Scope of Processing
Patients Finder (www.patientsfinder.com) provides precision patient acquisition, automated scheduling workflows, and digital infrastructure for independent healthcare providers and clinical networks. We believe that modern digital healthcare must be built on an uncompromising foundation of absolute privacy, cryptographic security, and clinical data sovereignty. This Privacy Policy outlines our strict commitments to protecting the personal information and Protected Health Information (PHI) of both our clinical clients and their patients.
Unlike traditional health technology platforms, Patients Finder operates strictly as a data processor and a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We exist solely to route information securely between the patient and the healthcare provider. We do not harvest, rent, sell, or permanently store patient personal data for our own commercial purposes, nor do we claim ownership over the clinical data that flows through our systems.
memoryData Architecture
2.The Zero-Retention and Ephemeral Data Guarantee
2.1 Transient Processing Architecture
To provide the highest possible standard of security and to mitigate the risks associated with centralized data repositories, Patients Finder utilizes a strict "Zero-Retention" and "Transient Processing" architecture for all patient interactions.
2.2 No Persistent Storage of PII or PHI
When a patient utilizes our online scheduling widgets, digital intake forms, or communication tools, their Personally Identifiable Information (PII) and Protected Health Information (PHI) is processed strictly "in-flight." Data is temporarily held in ephemeral memory (RAM) solely for the milliseconds required to authenticate the request and securely transmit the information via encrypted APIs to the designated healthcare provider's native Electronic Health Record (EHR) or practice management system.
2.3 Immediate and Permanent Purging
Once the transmission is successfully confirmed by the provider's system, all PII and PHI is instantaneously and permanently purged from Patients Finder's active processing environments. We do not maintain, archive, log, or backup patient data in persistent databases. The safest data is the data that no longer exists on our servers.
lockYour Data, Your Control
3.Absolute Client Data Ownership and Sovereignty
3.1 Sovereign Control of Clinical Data
We believe that healthcare providers must retain sovereign control over their clinical and administrative data to ensure continuity of care and maintain absolute trust with their patients.
3.2 100% Client Ownership
At all times, the healthcare provider (the clinical client) retains total, unequivocal ownership of all patient lists, booking histories, medical records, intake responses, and digital interactions facilitated by our platform. Patients Finder claims no intellectual property rights, secondary licenses, or ownership stakes in your patient data.
3.3 Rejection of the De-Identification Loophole
We strictly prohibit the extraction of value from your patients. We do not aggregate, anonymize, or de-identify patient PHI to build proprietary longitudinal databases, sell market analytics, train commercial algorithms, or commercialize patient trends. Your patient data remains entirely your own.
3.4 Portability and Freedom from Lock-In
Because Patients Finder functions as a secure conduit rather than a data silo, our clients face no risk of vendor lock-in or data hostage situations. Your patient data resides exclusively within your own secure EHR systems, ensuring you maintain full operational independence.
psychologyAI Governance
4.Artificial Intelligence, Machine Learning, and Explicit Opt-In Consent
4.1 AI Integration Principles
Patients Finder leverages advanced Artificial Intelligence (AI) and Machine Learning (ML) technologies to optimize scheduling workflows, verify insurance eligibility with high speed, and enhance the digital front door experience. However, we impose strict, immutable boundaries on how AI interacts with sensitive health data.
4.2 Zero Training on Unconsented Data
We strictly prohibit the use of client data, PII, or PHI to train, fine-tune, or validate our internal AI models, or any third-party foundational models, without explicit, affirmative consent. By default, your data is never used to teach our algorithms.
4.3 Third-Party API Safeguards and Stateless Processing
Any third-party AI processors utilized to facilitate our real-time services (such as large language models used for intelligent routing or parsing) are governed by strict Enterprise API Agreements and Business Associate Agreements (BAAs). These agreements enforce a zero-retention policy, mathematically guaranteeing that your data is processed statelessly in real-time and immediately discarded. Third-party providers are contractually prohibited from using your data to train their models, preventing any risk of LLM data memorization or cross-client contamination.
4.4 The Strict Opt-In Mechanism
In the highly specific event that Patients Finder seeks to utilize distinct datasets to improve AI diagnostic speed, workflow automation, or model accuracy, we will deploy a rigorous dynamic consent protocol. Patient, clinic, or doctor data will only be utilized for model training if all relevant parties have executed a clear, specific, and voluntary "Opt-In" authorization. This authorization will never be buried in a terms of service agreement, will be presented clearly, and can be revoked at any time without impacting the quality of care or access to our standard software services.
gavelLegal Compliance
5.Statutory Rights and Consumer Privacy Compliance (CCPA, NJDPA, HIPAA)
5.1 Compliance with Comprehensive State Privacy Laws
Depending on your jurisdiction of residence—including California (CCPA/CPRA), New Jersey (NJDPA), Texas, and others—you are afforded specific statutory rights regarding your personal data. These generally include the right to know what data is collected, the right to correct inaccuracies, the right to delete your personal data, and the right to opt-out of the sale or sharing of your data.
5.2 Processing Data Subject Access Requests (DSAR)
Because Patients Finder operates on a strict zero-retention architecture, we do not store persistent profiles or historical databases of individual patients. If a patient submits a request to access, correct, or delete their data directly to Patients Finder, we will promptly verify the request and formally confirm that no historical PII or PHI exists on our servers. For comprehensive access to your medical records, scheduling history, or to request permanent deletion of your health data, patients must contact their healthcare provider directly, as the provider is the legal custodian and ultimate owner of the persistent clinical record. Patients Finder will fully cooperate with our clinical clients to facilitate any statutory privacy requests within their systems.
5.3 Prohibition on Data Sales and Targeted Advertising
Patients Finder does not sell personal information under any circumstances. Furthermore, we do not share personal information or PHI for cross-context behavioral advertising, targeted marketing, or third-party profiling. We utilize transient data strictly for the singular business purpose of providing the contracted scheduling and infrastructure software services.
5.4 HIPAA and Business Associate Obligations
When handling Protected Health Information (PHI), Patients Finder acts solely as a Business Associate to your licensed healthcare provider (the Covered Entity). All data transmitted through our systems is protected by administrative, physical, and technical safeguards that meet or exceed the requirements of the HIPAA Security Rule, including end-to-end TLS encryption.
contact_mailStay Informed
6.Contact Information and Policy Updates
6.1 Changes to this Policy
As technology and privacy legislation evolve, we may update this Privacy Policy. We will notify clinical clients of any material changes via email or platform notifications prior to the changes taking effect.
6.2 Privacy Inquiries
For questions regarding this Privacy Policy, our zero-retention architecture, or our AI governance protocols, please contact our Privacy Officer at:
