Data Processing Agreement
This Data Processing Agreement ("DPA") governs how Cicini processes and protects your healthcare data in compliance with applicable privacy regulations.
Data Controller and Processor
You (the healthcare provider) are the data controller, and Cicini acts as a data processor when processing patient information on your behalf.
Types of Data Processed
- Patient personal information (names, contact details, medical history)
- Appointment scheduling and medical records
- Billing and insurance information
- Communication records between providers and patients
- Analytics and usage data (anonymized)
Processing Purposes
- Appointment scheduling and management
- Patient communication and reminders
- Medical record management
- Billing and payment processing
- Service improvement and analytics (anonymized)
Security Measures
- End-to-end encryption for data in transit
- Encryption at rest for all stored data
- Access controls and authentication
- Regular security audits and monitoring
- Employee training on data protection
- Incident response procedures
Data Retention
We retain your data only as long as necessary to provide our services and comply with legal obligations. You may request data deletion at any time.
Third-Party Subprocessors
We may use trusted third-party service providers who are bound by similar data protection obligations. A current list of subprocessors is available upon request.
Compliance
This DPA ensures compliance with applicable privacy laws including HIPAA, PIPEDA, and provincial healthcare privacy regulations.
Contact
For questions about this Data Processing Agreement, contact our Data Protection Officer at privacy@bookinglink.app