EMRG LABS, LLC
PRIVACY POLICY
Last updated: June 11th, 2025
Table of Contents
1.Scope of This Privacy Policy
3.Information We Collect and How We Use It
4.How We Protect Your Information
8.Cookies and Tracking Technologies
EMRG Labs, LLC (“EMRG,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This privacy policy explains how we collect, use, and safeguard your personal information, and it outlines your rights under applicable laws including, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable federal and state laws, including the Gramm-Leach-Bliley Act (GLBA) and the Federal Trade Commission Act (FTC Act).
​
This Policy addresses three categories of users of our services and website (www.joinemrg.com): Customers (such as Medical Providers), Patients, and other Web Visitors. We comply with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA) for Protected Health Information (PHI) and other medical data protection regulations.
​
Our services include a Software-as-a-Service (SaaS) Electronic Medical Record (EMR) system, a secure Customer Portal for Customers, a secure Patient Portal for patients, and a public website. This policy outlines our practices regarding the collection and use of PHI and other personal information, including through the use of cookies and similar technologies.
1. Scope of This Privacy Policy
This Privacy Policy applies to:
​
-
Customers (such as medical providers): Medical service providers who use our SaaS EMR system and secure Customer Portal to manage patient records, including PHI.
​
-
Patients: Individuals who access their PHI and communicate with their healthcare providers through our secure Patient Portal.
​
-
Casual Web Visitors: Individuals who visit our public website (www.joinemrg.com).
​
This policy does not apply to information collected by third-party websites or services linked from our website or portals, unless explicitly stated.
2. Definitions
-
Protected Health Information (PHI): Individually identifiable health information as defined by HIPAA, including medical records, treatment details, and billing information.
​
-
Personal Information: Any information that identifies or can be used to identify an individual, such as name, contact details, or IP address.
​
-
Cookies: Small data files stored on your device to enhance website functionality, performance, and marketing.
3. Information We Collect and How We Use It
We collect and process different types of information based on your user category. Below, we describe the information collected, how it is used, and the legal basis for processing.
3.1 Information We Collect and How We Use It
Information Collected:
-
Account Information: Name, email address, phone number, practice name, billing information, and professional credentials.
​
-
Usage Data: Information about how you interact with the Customer Portal and EMR system, such as login history, feature usage, and system preferences.
​
-
PHI: Patient health information you input into the EMR system, accessible only to authorized users within your practice.
​
-
Technical Data: IP address, browser type, device information, and cookies or similar technologies used in the Customer Portal.
How We Use It:
-
To provide, maintain, and improve the SaaS EMR system and Customer Portal.
​
-
To authenticate and secure access to your account and patient PHI.
​
-
To process payments and manage subscriptions.
​
-
To communicate with you about updates, support, or account-related matters.
​
-
To comply with legal obligations, such as HIPAA, and contractual agreements (e.g., Business Associate Agreements).
​
-
To analyze usage trends and improve system functionality (anonymized data only).
3.2 Patients
Information Collected:
-
Account Information: Name, email address, phone number, geolocation data, and other identifiers provided when creating a Patient Portal account.
​
-
PHI: Health records, appointment details, test results, and communications with your healthcare provider, as entered by you or your provider.
​
-
Technical Data: IP address, browser type, device information, and cookies used in the Patient Portal.
3.3 Casual Web Visitors
Information Collected:
-
Personal Information: Information you voluntarily provide, such as name and email address, when submitting inquiries via contact forms.
​
-
Technical Data: IP address, browser type, device information, pages visited, and cookies or similar technologies used on our public website.
​
-
Usage Data: Anonymized data about how you interact with our website, such as pages viewed and time spent.
4. How We Protect Your Information
We implement robust physical, technical, and administrative safeguards to protect your information, including:
​​​
-
Encryption: Data transmitted to and from our portals and website is encrypted using industry-standard protocols (e.g., TLS).
​
-
Access Controls: Only authorized personnel and users have access to PHI, limited to their role and purpose.
​
-
HIPAA Compliance: We maintain HIPAA-compliant safeguards for PHI, including Business Associate Agreements with customers.
​
-
Regular Audits: We conduct regular security assessments and audits to ensure compliance with applicable laws.
​
-
Despite our efforts, no system is completely secure. If you suspect unauthorized access to your account, please contact us immediately.
5. Sharing Your Information
We do not sell your personal information or PHI. We may share information as follows:
​
Customers (Medical Providers):
​​​
-
With your authorized staff or subcontractors (e.g., billing services) as permitted under our Subscription Agreement and Business Associate Agreement.
​
-
With service providers (e.g., hosting or payment processors) bound by strict confidentiality and compliance applicable to the type of data shared.
​
-
To comply with legal obligations, such as responding to subpoenas or regulatory requests.
​
Patients:​
​
-
With your healthcare provider, as part of the EMR service.
​
-
With service providers supporting the Patient Portal, subject to HIPAA-compliant agreements.
​
-
With your consent or as required by law (e.g., public health reporting).
​
Casual Web Visitors:
​
-
With analytics or marketing providers (e.g., Google Analytics) for anonymized data or with your consent for personalized ads.
​
-
With service providers supporting website functionality (e.g., hosting providers).
6. Your Rights and Choices
6.1 Customers (Medical Providers)
-
Access, correct, or delete your account information by contacting us or using Customer Portal tools.
​​
-
Manage cookie preferences in the Customer Portal (except essential cookies).
​​
-
Request a copy of our HIPAA Business Associate Agreement.
​
6.2 Patients
-
Access, correct, or request deletion of your PHI through the Patient Portal or by contacting your healthcare provider.
​
-
Request restrictions on certain uses or disclosures of PHI, as permitted by HIPAA.
​​
-
Manage cookie preferences in the Patient Portal (except essential cookies).
​​
-
Contact us or your provider to exercise your HIPAA rights.
California Residents (CCPA/CPRA Rights):
-
Right to Know: Request information about personal information we have collected about you.
-
Right to Delete: Request deletion of personal information we have collected about you.
-
Right to Opt-Out: Opt-out of the sale or sharing of your personal information.
-
Right to Correction: Request correction of inaccurate personal information.
-
Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
7. Retention of Information
-
PHI: Retained as required by HIPAA and our agreements with customers, typically for a minimum of 6 years or as directed by your healthcare provider.
​
-
Customer Information: Retained for the duration of our contract with you and as required by law or for legitimate business purposes (e.g., billing records).
​
-
Web Visitor Information: Retained for as long as necessary for the purposes described (e.g., analytics or marketing), typically no longer than 2 years unless required by law.
8. Cookies and Tracking Technologies
We use cookies and similar technologies (e.g., web beacons) across our website and portals:
​
-
Essential Cookies: Necessary for website and portal functionality and security (cannot be disabled).
​
-
Analytics Cookies: Track usage to improve performance (anonymized data).
​
-
Marketing Cookies: Enable personalized ads (opt-in required for web visitors).\
​
You can manage cookie preferences through our website or portal settings. Disabling cookies may affect functionality.
9. Third-Party Links
Our website and portals may contain links to third-party sites. We are not responsible for their privacy practices. Please review the privacy policies of any third-party sites you visit.
10. Children's Privacy
Our services are not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately.
11. International Users
Our services are hosted in the United States. If you access our services from outside this region, your information may be transferred to and processed in our hosting location. We comply with data protection laws, including HIPAA for PHI, applicable to the United States.
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website with a revised “Effective Date” or through direct communication (e.g., email to customers or patients). Please review this policy periodically.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
EMRG LABS LLC
910 S. Pearl Expressway
Dallas, TX 75201
Email: Support@joinemrg.com
For HIPAA-related inquiries, you may also contact our Privacy Officer at support@joinemrg.com.