Privacy Policy

1. Is my information safe?

    Your data is Protected Health Information and according to our Business Associate Agreement, we protect that data using bank-level encryption and higher. Data would only be shared with a partner to enable a requested transaction, such as SMS generation, with your approval.  Even then, only the minimal information required to complete the transaction is shared.  We constantly monitor our servers, the data and transactions to ensure compliance.

    We do limit the number of recipients any one request can contain to prevent our servers from unwittingly participating in unsolicited e-mail/SMS/AVM events.

    MedEx from time to time will employ Captcha technology to identify and prevent spambots from entering our servers.

    2. We employ multiple advanced technologies to restrict access to our servers: 

    Our API servers are only accessible from internet addresses that have been "whitelisted".  Whitelisting is the process of requiring each client to register their server's internet address where requests will be initiated from.  We can allow subscribers whose servers have dynamic ip addresses to utilize our service but special provisioning is required to ensure military-grade encryption is in place.  These special installations are processed on a case-by-case basis.  Our database and Voice servers are maintained on secure private networks, which are not directly accessible from the internet.   Our servers use redundant RAID arrays to help avoid data loss in the event of failure.  There are multiple levels of redundancy through the system including power supplies, mirror servers and back-up protocols, as required provisions in our disaster protocols.  That being said, data loss, while very rare, is still possible.  In this case, all of our failed drives are securely wiped of any data and then shredded to ensure that no customer data is retained.

    3. Messages sent through social network affiliates:

    The website may in the future offer connections to partner networks, such as Share This, Facebook, UserEcho and Twitter for example, and may be tracked by these organizations. Users will be directed to review the individual privacy policies of these companies before utilizing these links.

    4. Opt-out Policy:

    We honor every request from any person to "opt-out" of receiving messages through  Every e-mail, SMS and AVM message we deliver includes an "Opt-out" option.  We do track these requests and directly update your server to reflect the patient's communication preferences.  In order to send a message of any type, we require permission from the patient.  If a patient has opted-out of a particular messaging modality, that type of message cannot be sent.  Additionally, we allow patients to directly opt-out of any or all MedEx messaging by sending a request directly to our Support Center.  Any patient request made directly to MedEx to opt-out of all communications generated by MedEx applies to all MedEx-subscribing practices. 

    5. Analytics:

    MedEx may utilize the services of Google to monitor our servers for broken links and visitor trends.  Tracking of e-mail status is handled internally: this information is shared exclusively with the subscribing practice.

    6. Cookies:

    This site employs cookies and Session variables to identify users and deliver unique personalized pages. This information is not publicly accessible and is not shared with any entity.

    7. Registered Practice Data:

    MedEx is built directly from your EHR, exporting your practice information to our servers.  We rely on your information being accurate but we protect all information.  Payments are processed off-site by PayPal on a monthly basis.  PayPal is a world leader in payment processing and is a PCI-compliant organization.  MedEx does not maintain a copy of your credit card information.  Please refer to PayPal's privacy policy for any specific questions regarding this issue. 

    8. Work-product:

    MedEx assumes no ownership or copyright claims to user-uploaded data including any PDFs generated by the users.  By way of an example, any surveys, intake forms or patient demographic forms created or uploaded by a practice to be included in a Campaign Event, are the sole ownership of that practice and cannot be accessed or distributed to other users by MedEx Bank without permission from the legal copyright holder.   At the same time, subscribers and their agents understand that material generated by MedEx Bank, including patient information brochures, MIPS Quality Surveys, and other related work product are owned by MedEx.  MedEx retains the copyrights and makes this data available to subscribers according to their service agreements.  

    9. Limitations of accounts/account sharing:

    Accounts are limited to a specific medical practice and cannot be shared. We monitor and store ip address information for each account and reserve the right to cancel any account violating this provision.

    10. Moderation of Forums and Review:

    At its own discretion, MedEx reserves the right to delete any reviews deemed offensive and to delete the account of any user violating this policy.

    11. Community Spirit:

    Everyone is encouraged to report any use of MedEx that they consider to be inconsistent with our mission to happily deliver the best and most affordable medical communication platform to all users.