OutcomeMD provides a patient outcome tracking and management platform to help patients and clinicians understand treatment results in order to enhance care and communication.
This Patient Privacy Notice explains how OutcomeMD may collect, use, disclose, and secure information obtained through our website, located at www.outcomemd.com (the “Site”); our cloud-based patient outcome tracking and management platform, located at www.portal.outcomemd.com (the “Platform”); and web-enabled emails sent as part of, in connection with, or relating to such software and information services (collectively, the “Service”). The terms “OutcomeMD,” “we,” “us,” and/or “our” include OutcomeMD, Inc. and our affiliates and subsidiaries. This Patient Privacy Notice is incorporated by reference into the Site Terms for the OutcomeMD Service (including our Site, mobile app, and any other product offering that we may make). Any capitalized terms used and not defined in this Patient Privacy Notice shall have the meaning given to those capitalized terms in the Site Terms.
We act as a service provider to healthcare organizations and clinicians, and we receive, maintain, use, and disclose data on their behalf and limited by our agreements with them. This Patient Privacy Notice does not reflect the privacy practices of the healthcare organizations or clinicians using our platform, and we are not responsible for their privacy practices. We also do not review their instructions with respect to our processing of information to determine whether such instructions are in compliance or conflict with the terms of their applicable privacy notices. Please contact your healthcare organization or clinician if you have questions about their privacy practices.
“Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: name, address, email address, or phone number. Personal Information also includes any protected health information. We collect Personal Information when you register to use the Service, use the Service, or communicate with us. We may also receive Personal Information about you from your connected healthcare organizations and clinicians. In addition, we collect information, such as anonymous usage statistics, by using cookies, server logs, and other similar technology as you use the Service.
HOW OUTCOMEMD USES YOUR INFORMATION
We use Personal Information to facilitate and improve our Services or to communicate with you on our behalf and on behalf of healthcare organizations and clinicians.
THE SERVICE COLLECTS YOUR INFORMATION
Registration and Account Information. To use certain features of the Service, you must create a user account. To register, you need to provide Personal Information, such as your first and last name, birthdate, and email address or phone number. We may also request optional information, including your gender and details about your income level or educational background.
Using the Service. We collect information you provide when you use the Service, which may include information you submit about how you are feeling, which medications you are taking, and other health information related to treatment from a healthcare organization or clinician.
Communicate with Us. We may collect Personal Information through your communications with our customer-support team or through other communications with us, including through social media.
Surveys, Clinical Trials, and Research Studies. We may contact you to ask if you would be willing to participate in a survey, clinical trial, or other research study. If you appear to meet the eligibility criteria for a clinical trial and have agreed to be contacted, we may share your Personal Information (for instance, your name and email address) with the clinical trial team so they can follow up with you directly. If you choose to participate, the research team will provide its own consent and privacy documentation. If you participate in surveys, OutcomeMD conducts, you may be asked to provide demographic details, feedback on your experience, or other information relevant to that survey. Participation is entirely voluntary, and your responses will be used only for the purposes described in this Patient Privacy Notice or clearly disclosed at the time of the request. Survey results may be published in aggregated, de-identified form.
User-Generated Content. Our Service allows you to voluntarily share a review of your clinician, including the option to post your review on the clinician’s website or your own social media channels. If you choose to share a review, we will collect any information you choose to include. Please use good judgement when writing reviews. While it’s expected that you may reference your health or care experience, try to avoid including sensitive personal details (such as specific diagnoses, medications, or test results). The information you share, including Personal Information such as your first name and last initial, age and gender, and/or social media username may be accessible to your clinician and to the general public.
Information and Content from Your Computer or Mobile Device. The Service automatically collects information about your device, such as its model, operating system, device ID and browser type, so that we can provide and customize functionality, such as push notifications. With your permission, the Service may access and collect information from your device’s contact list so you can add contact information of clinicians and other caregivers, and your device’s photo storage so you can upload profile pictures.
Automatic Data Collection: Cookies and Related Technologies. When you visit our Service or open our emails, we and our third-party partners, such as analytics providers, may collect certain information by automated means, such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Service. We may use this information, for example, to determine how many users have visited certain pages or opened messages or newsletters, or to prevent fraud. We may link this data to your profile. Our third-party partners may also collect information about your online activities over time, on other devices, and on other websites or apps, if those websites and apps also use the same partners. When they provide such services, they are governed by their own privacy policies. We may use Google Analytics to collect and process certain Service usage data. Google provides additional privacy options regarding cookie use described at www.google.com/policies/privacy/partners/.
Clinicians Submit Information about Patients. Clinicians may submit information, including Personal Information and health-related information, about patients through the Service. This information helps us contact you and obtain information from you relevant to your treatment and medical condition.
Consent. By using the Service, you are authorizing us to gather, process, analyze, and retain data related to the provision of the Service. We may retain such information, including Personal Information, indefinitely.
Internal and Service-Related Usage. We use information, including Personal Information, for internal and service-related purposes, such as to operate, evaluate, and improve our business or the Service and to identify and protect against fraud. For example, we may provide you and your clinician with analyses and reports about your treatment and medical condition based on the information you provide through the Service. Subject to potential limitations in our other agreements, we may use and retain any data we collect to provide and improve any of our Services.
In Compliance with Agreements with Healthcare Organizations and Clinicians. We may use information we receive from you as permitted by our agreements with your healthcare organization and/or clinician using the Service.
Data Analysis. We analyze the information we collect to provide our Service, such as providing reports to you and clinicians. To the extent permitted by law and our partner agreements, we may de-identify and/or aggregate information, and use and disclose it for business purposes (for example, to perform research and provide statistical information and data regarding trends to our partners).
Our Communications. We may send email to the email address you provide to us, push notifications to your mobile device if they are enabled, and/or text messages to your mobile device to verify your account and for informational and operational purposes, such as account management, reminders, customer service, system maintenance, and other Service-related purposes.
Marketing. We may use information, including Personal Information, to send you information about our products and services we think you may be interested in, including promotional materials and information about events, programs, offers, surveys, and market research. You may opt out of email marketing by using the unsubscribe link in a marketing email.
Communications from Clinicians. We may facilitate communications from clinicians to patients for Service-related purposes, such as notifying patients about using the Service. These messages may be sent by email, push notification, or text message.
OUTCOMEMD MAY DISCLOSE YOUR INFORMATION
We may share your Personal Information with our third-party vendors and service providers; with your clinicians; to comply with legal obligations; to protect and defend our rights and property; and with your permission.
We do not rent, sell, or share Personal Information about you with other people or non-affiliated companies for their direct marketing purposes, unless we have your permission.
We Use Third-Party Vendors and Service Providers. We may share any information we receive with the third-party vendors and service providers we use to help us provide and improve the Service. For example, we will provide Personal Information to service providers that provide web and database hosting services. We will require any vendor or service provider receiving your Personal Information to respect the privacy of your Personal Information.
To Clinicians. Any information users submit on the Service may be accessible and exportable through the Service by their associated clinicians so the clinicians can use the information for treatment and healthcare-related purposes. We are not responsible for how clinicians access and use such information.
With Third Parties at the Direction of Your Healthcare Organization or Clinician. Healthcare organizations and clinicians may direct us to disclose information about their patients with third parties.
Marketing. We do not rent, sell, or share Personal Information about you that we collect on the Service with other people or unaffiliated companies for their direct marketing purposes, unless we have your explicit permission.
Legal and Similar Disclosures. We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; comply with the law; or protect your, our, or others’ rights, property, or safety.
Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of OutcomeMD assets, or transition of service to another provider, your information may be disclosed in connection with the negotiation of such transaction, and/or sold or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how such entities may use or disclose such information.
Companies Under Common Control. We may share information, including Personal Information, between and among any current or future parents, subsidiaries, affiliates, and other companies under common control and ownership with OutcomeMD.
With Your Permission. We may also disclose your Personal Information with your permission.
De-identified Information. We may share aggregate or de-identified information, which cannot reasonably be used to identify you, for various purposes, including compliance with various reporting obligations; for business or marketing purposes; or to assist third parties in understanding our users’ habits and usage patterns for certain features, content, services, advertisements, promotions, and/or functionality available through the Service.
From time to time, we may sell or license de-identified patient data derived from protected health information (PHI) as that term is defined in the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder (HIPAA) for research, analytics, or other commercial purposes beyond your individual care. This data is de-identified in accordance with the HIPAA Safe Harbor method, which requires the removal of all individually identifiable information. We may share this de-identified data with third parties, such as research institutions, life science or biopharmaceutical companies, or analytics partners. We require that these parties agree that they will not attempt to re-identify the data and will not transfer the de-identified data to another party unless that party also agrees in writing not to attempt to re-identify the de-identified data.
In some cases, your clinician or OutcomeMD may receive financial or other benefits from the use or licensing of de-identified data, including data derived from your health information. While you cannot be individually identified from this data, we believe it’s important to be transparent about these practices.
Because this data is de-identified under HIPAA, it is no longer considered protected health information, and individuals do not have a legal right to opt out of its use. However, if you have questions or concerns about this practice, please contact us at privacy@outcomemd.com.
YOUR CHOICES AND INFORMATION RETENTION
Access, Correction, and Deletion: Subject to applicable law and our agreements with clinicians, you may have the right to request access to and be informed about the information we maintain about you, update and correct inaccuracies in your information, and have the information deleted, as appropriate. If you wish to request access or an update to the information that we have concerning you, please email us at privacy@outcomemd.com. Your rights to your information may be limited in some circumstances by local legal requirements and our agreements with clinicians. Note however that if you exercise your right of deletion, decline to share certain information with us, or withdraw your consent to our use of certain information, we may not be able to provide to you some of the features and functionalities of the Service.
Promotional Communications. You may opt out of receiving our promotional emails and texts at any time. You may do so by submitting a request to privacy@outcomemd.com, adjusting the text and notification preferences in your mobile device’s settings, or by following the opt-out instructions in the promotional emails or texts we send you. Please be aware that it may take up to 10 days for us to process your request and you may continue receiving promotional communications from us during that period. Even after you opt out of receiving certain messages from us, you may continue to receive administrative messages from us regarding the Service as long as you or your healthcare provider or doctor has an account to use the Service. You may turn off push notifications through your device settings.
Restricting Cookies/Do Not Track: OutcomeMD does not change its behavior in response to web browser “do not track” signals. However, you can configure most browsers to reject cookies or to notify you when you are sent a cookie, giving you a chance to decide whether or not to accept it. You can consult the help section of your browser to learn how to do this. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
Account Termination. You may terminate your account at any time by contacting customer support at privacy@outcomemd.com. We will retain information in accordance with any agreements we have with applicable clinicians. We will continue to use de-identified and/or aggregated information, for business purposes as permitted under applicable law and to comply with our legal obligations, agreements with clinicians, resolve disputes, enforce our rights, or similar purposes.
ADDITIONAL DISCLOSURES FOR U.S. RESIDENTS
Certain U.S. state privacy laws – such as those in California, Colorado, Virginia, Connecticut, and other applicable jurisdictions – require businesses to provide certain disclosures to residents, including (i) the categories of Personal Information collected, (ii) the purposes for which Personal Information is used or disclosed, (iii) the categories of third parties with whom Personal Information is shared, (iv) your rights with respect to your Personal Information, including the rights to access, delete, correct, or opt out of certain data processing, and (v) how you can exercise those rights. To the extent these laws apply, we provide those disclosures below.
Please note that certain information we collect is protected health information (PHI) governed by HIPAA. When we act as a Business Associate (as that term is defined by HIPAA) to a healthcare provider, that information is not subject to state privacy laws, as it is exempt under those laws’ HIPAA carve-outs. As a result, the rights and choices described below may not apply to that information.
| Notice of Collection | While this information is covered in greater detail above, the categories of Personal Information that we have collected – as described by the California Consumer Privacy Act – are: · Identifiers, such as your name, email address, phone number, address, online identifiers (like social media usernames), and IP address. · Other individual records, such as your name and signature (for instance, if requested and provided as part of a survey or product research). · Protected Characteristics, such as age, self-identified gender, and race/ethnicity (for instance, if requested and provided as part of a survey or product research). · Commercial information, such as usage data and account details related to our platform. · Internet or other electronic network activity, such as authentication details, event timestamps, and behavioral patterns. · Audio, Electronic, Visual, or Similar Information, such an information collected if you call us on a recorded line or participate recorded meetings and webinars. · Inferences, such as information about your interests and preferences derived from your activity on the Service. · Sensitive Personal Information, such as age (over 40 years) or ethnicity if requested and provided as part of a survey or product research. |
| Business or Commercial Purpose for Collecting and Using Personal Information | We collect each category of Personal Information listed above for the business or commercial purposes described in section above titled “The Service Collects Your Information”. |
| Categories of Sources of Personal Information | We collect each category of Personal Information listed above directly from you, through automatic data collection means, or through the third-party sources described in the section above titled, “The Service Collects Your Information”. |
| Categories of Personal Information Disclosed | In the preceding 12 months, we have disclosed the categories of Personal Information listed above in the circumstances described in the section above titled, “OutcomeMD May Disclose Your Information”. |
| Right to Know | You have the right to request information about the categories and specific pieces of Personal Information we collect, use, disclose, and sell. |
| Right to Delete | You can request that your Personal Information be deleted, including from any third parties to whom your Personal Information has been sold, shared, or disclosed. |
| Right to Correct | You can request that we rectify, correct, or update your Personal Information. |
| Right to Opt-Out | You can opt out of processing for: · sales of your Personal Information; · sharing of your Personal Information for the purpose of cross-context behavioral advertising; and · profiling or the use automated decision-making technology in furtherance of decisions that produce legal or similarly significant effect. We do not “sell” your Personal Information for monetary consideration. However, we may disclose Personal Information (in the form of identifiers and internet activity information) with third-party advertising and analytics partners who may use this information to provide services to us and for their own purposes. Depending on the nature of these disclosures and our contractual arrangements, such activities may be considered a “sale” or “sharing” of Personal Information under California law. You have the right to direct us not to sell or share your Personal Information. You can exercise this right by emailing us using the contact information below or by using the Global Privacy Control (GPC). You can also adjust your cookie preferences to decline all non-essential cookies on our Services. If you notify us of your preference through GPC, we will honor your request with respect to the browser or device that sends us the GPC signal. If you are logged in, your preference will be associated with your account and if you log in from another device or browser, you will be automatically opted out. However, if you are not logged into your account, your request will only be associated with the browser you are currently using. If you believe a decision about you was made solely using automated tools and would like to request a human review or learn more, please contact us using the contact details below. |
| Universal Opt-Out | In some states, we must honor universal opt-out preference signals. As mentioned, above, you can opt out of targeted advertising by using the GPC. If you notify us of your preference through GPC, we will honor your request with respect to the browser or device that sends us the GPC signal. If you are logged in, your preference will be associated with your account and if you log in from another device or browser, you will be automatically opted out. However, if you are not logged into your account, your request will only be associated with the browser you are currently using. |
| Sensitive Data Consent | In some states, we must obtain your opt-in consent before processing sensitive data (e.g., race/ethnicity, precise geolocation, health data, etc.). Where required, we will request this consent before colleting or using such data. |
| Right to Limit Use of Sensitive Personal Information | You can request to limit the use of “sensitive personal information” to only what is necessary for providing goods or services. |
| Non-Discrimination | You have the right not to receive discriminatory treatment by us for the exercise of your rights conferred by the law of the state where you reside. |
| Authorized Agent | Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. To designate an authorized agent, please contact us as set forth in “Contact Us” below and provide written authorization signed by you and your designated agent. |
| Response Time & Extension | We will respond to your request within the time period required by applicable law. Generally, this is within 45 days, with a possible extension of another 45 days, if reasonably necessary. Where required, we will also acknowledge receipt of your request within the applicable time period. Generally, this is10 business days. |
| Right of Appeal | If we deny (or otherwise refuse to act on) your request to exercise your rights, we will provide you with information our reasons for not taking action and any rights you may have to appeal our decision or contact the attorney general for the state in which you reside. |
| “Do Not Track” Disclosure | Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. In the event that a universally accepted standard emerges on how organizations should respond to “do not track” or similar opt-out signals, we will assess and provide an appropriate response to those signals. |
| “Shine the Light” | The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. |
THIRD PARTY SERVICES
The Service may contain links to external websites or services. Your use of any third-party site or service, including the submission of Personal Information, will be governed by the terms and conditions of the such third party. OUTCOMEMD IS NOT RESPONSIBLE FOR THE PRACTICES OR CONTENT OF ANY THIRD-PARTY, EVEN IF WE PROVIDE A LINK FROM OUR SERVICE.
INFORMATION SECURITY
We seek to use reasonable organizational, technical, and administrative measures to protect your information, including to secure protected health information in compliance with HIPAA. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account with us has been compromised), please immediately notify us of the problem by contacting us using the contact information below.
By using the Service or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Service. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Service or sending an email to you.
CHILDREN’S PRIVACY
| The Service is primarily intended to be used by adults. We do not knowingly collect Personal Information from children without parental consent. |
The Service is intended to be used by adults. Parents or legal guardians may use the Service to provide health information about their children, including those under the age of 13. In some cases, a child may interact with the Service directly, such as when a mobile number is provided by a parent or clinician. Where we collect health information on behalf of a clinician, such collection is governed by HIPAA. Outside of that context, we do not knowingly collect Personal Information from children under 13 without parental consent. If you believe your child has provided such information, please contact us at privacy@outcomemd.com.
INTERNATIONAL USERS
Data is processed and stored in the United States.
The Service is not targeted to users outside of the United States. If you are using the Service, you agree to the transfer of your information to the United States and processing globally. By providing your information you consent to any transfer and processing in accordance with this Patient Privacy Notice.
UPDATE YOUR INFORMATION OR POSE A QUESTION OR SUGGESTION
If you would like to request that we update or correct any information that you have provided to us through your use of the Service or otherwise, or if you have suggestions for improving this Patient Privacy Notice, please send an email to privacy@outcomemd.com.
CHANGES TO PATIENT PRIVACY NOTICE
We may revise this Patient Privacy Notice, so please be sure to review it periodically.
Posting of Revised Patient Privacy Notice. We will post any adjustments to the Patient Privacy Notice on this web page, and the revised version will be effective when it is posted.
New Uses of Personal Information. From time to time, we may desire to use Personal Information for uses not previously disclosed in our Patient Privacy Notice. If our practices change regarding previously collected Personal Information in a way that would be materially less restrictive than stated in the version of this Patient Privacy Notice in effect at the time we collected the information, we will make reasonable efforts to provide notice and obtain consent to any such uses as may be required by law.
Last updated: October 27, 2025
Contact Information
OutcomeMD, Inc.
7500 Rialto Boulevard, Suite 1-250
Austin, TX 78735
privacy@outcomemd.com