DrChrono gray logo Mobile menu icon

Website and Client Services Privacy Policy

Last updated: July 19, 2019

This Website and Client Services Privacy Policy (“Privacy Policy”) covers “Personal Information” collected by DrChrono from clients, third parties at the direction of users, and client systems as well as through the operation of websites, mobile applications, and software by DrChrono Inc. and its affiliates and subsidiaries (“DrChrono,” “we,” and “us”), including DrChrono and onpatient (collectively “DrChrono Service”). The Privacy Policy describes how DrChrono collects, uses, and discloses “Personal Information.”

Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: name, address, email address, phone number, social security number, and insurance-issued ID numbers. “Personal Information” also includes identifiable health information collected about you. We do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.

About DrChrono Inc.

DrChrono provides patients and health service providers with the DrChrono Service to manage appointments, personal health records, communications, and other related activities. Other than information gathered through our website at www.DrChrono.com, DrChrono acts as a service provider for health service providers and does not own or control the information that is submitted to us through the DrChrono Service. The information that is submitted through the DrChrono Service will be held subject to the requirements specified by our health service provider clients and applicable law, such as the Health Insurance Portability and Accountability Act (HIPAA).

This Privacy Policy does not reflect the privacy practices of DrChrono’s health service provider clients and DrChrono is not responsible for our clients’ privacy policies or practices. DrChrono does not review, comment upon, or monitor our health service provider clients’ privacy policies or their compliance with their respective privacy policies, nor does DrChrono review our client’s instructions to determine whether they are in compliance or conflict with the terms of a client’s published privacy policy or applicable law.

Collection of personal information

We may collect information, including Personal Information, about you:

  • when you use the DrChrono Service;
  • from your health service provider;
  • from third parties when you or your health service provider directs us to gather information from them; and
  • when you communicate with us.

We also collect information, such as anonymous usage statistics, by using cookies, server logs, and other similar technology as you use the DrChrono Service.

The DrChrono Website. You may visit the websites of DrChrono without revealing any Personal Information. However, in some instances, DrChrono may require certain Personal Information, such as business contact information, so we can respond to your inquiries or provide you with requested information.

The DrChrono Service. The DrChrono Service may collect information, including Personal Information and health information, about you in three ways: (1) from you directly, (2) from a health service provider, or (3) from a third party as directed by you or a health service provider.

Directly from Users. There are several ways you can submit data to the DrChrono Service. For example, you can:

  • type information into the DrChrono Service (examples: registering, updating your profile, sending a message to your provider, scheduling an appointment);
  • upload an image, a document, or any other data; or
  • when you provide feedback to help DrChrono improve its operations. You should exercise care in selecting the information that you share in a survey or feedback communication. We strongly recommend against providing DrChrono any personal health or other sensitive information that could be traced to you or any other individual.

Making Payments. When you make payments through the DrChrono Service, you may need to provide financial account information, such as your credit card number, to our third-party service providers.

Customer Support. We may collect Personal Information through your communications with our customer-support team.

Cookies, Automatic Data Collection, and Related Technologies. DrChrono and our third-party partners, such as analytics service providers, may automatically receive and record certain non-Personal Information from users using cookies, web beacons, server logs and other similar tools. For example, DrChrono may collect information about how you visit and navigate through the DrChrono Service, when you click on a link or open a web page, use certain elements of the DrChrono Service, or open an email sent by DrChrono. DrChrono may use this information to provide certain functionality, improve the tools and services, and monitor the use of the tools and services. For example, we use these tools to save user preferences, preserve session settings and activity, help authenticate users, allow users to auto-fill sign-in pages of websites they frequently visit, and debug and evaluate the performance of the DrChrono Service. Our partners also may collect such information about your online activities over time and on other websites or apps. You may be able to change browser settings to block and delete cookies when you access the DrChrono Service through a web browser. However, if you do that, the DrChrono Service may not work properly.

Use of personal information

We use Personal Information to:

  • facilitate and improve our services,
  • as permitted by our agreements with health service providers and applicable law; and
  • communicate with you.

We may use anonymized and aggregate information for business purpose.

Internal and Service-Related Usage. We use information, including Personal Information, for internal and service-related purposes and may provide it to third parties to allow us to facilitate the DrChrono Service. We may use and retain any data we collect to provide and improve our services.

For example, we may use Personal Information for the following purposes:

  • maintaining and operating the DrChrono Service (this may include registering you, processing payments, or providing you with customer support);
  • making announcements about features, terms, policies, or other aspects of the DrChrono Service;
  • responding to questions and communications, which we retain in the ordinary course of business; and
  • protecting the DrChrono Service, the information it protects, the rights of third parties and in response to legal process (more fully discussed below).

Consents and Authorizations. DrChrono may request your consent or authorization in connection with the use or sharing of Personal Information about you. In some instances, this will be because this Privacy Policy or applicable law or regulations require us to obtain such consent. In other instances, such consent will be for informational purposes. Any request to obtain your consent does not narrow the scope of this Privacy Policy. By using the DrChrono Service, you accept and agree to DrChrono’s information handling practices in the manner described.

Surveys and Ratings. The content of feedback you provide to DrChrono is presumed public. DrChrono will let you know in advance how it will use survey or rating feedback in any such request for such information.

Protect the DrChrono Service and data it stores. We may use the information collected through the DrChrono Service to investigate potential or suspected threats to the DrChrono Service or to the confidentiality, integrity or availability of the information DrChrono stores and maintains.

Communications. We may send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance. We may also send you marketing emails if you request more information about our products and services. Emails are often transactional or relationship messages, such as appointment requests, reminders and cancellations and other notifications. DrChrono may not offer you the option of opting out of receiving some of these messages although DrChrono may allow you to modify how often you receive such messages. If you opt-in to receiving marketing announcements from DrChrono, we will allow you to opt-out of receiving those announcements.

Anonymized and Aggregate Data. We may anonymize and aggregate any data collected through the DrChrono Service, and use it for business purposes. For example, we may use such data for evaluating and profiling the performance of the DrChrono Service, including analyzing usage trends and patterns and measuring the effectiveness of content, features, or services.

Information sharing and disclosure

We may share your information:

  • with our third-party vendors and service providers;
  • with your health service provider and, at your direction, to others;
  • to comply with legal obligations;
  • to protect and defend our rights and property; and
  • with your permission.

We do not rent, sell, or share Personal Information about you with other people or non-affiliated companies for their direct marketing purposes, unless we have your permission.

We Use Vendors and Service Providers. We may share any information we receive with vendors and service providers retained in connection with the provision of the DrChrono Service. When protected health information is shared, such vendors and service providers will be bound by appropriate confidentiality and security obligations which include business associate contract obligations as required by HIPAA.

Displaying or Disclosing to Health Service Providers and Others. The content you provide to the DrChrono Service may be displayed on the DrChrono Service or disclosed to others at your direction. Your health service provider (including his or her staff) will have access to your account information, including your Personal Information. However, your health service provider will not have access to any payment information, such as your credit card number, through the DrChrono Service. Your provider may: (i) receive and store your account information; (ii) change your password; (iii) restrict your ability to submit, delete or edit information; (iv) suspend or terminate your account access or (v) access or retain any information you provide or otherwise store as part of your account for any purposes required or permitted under applicable law. When you contact or schedule an appointment with a health service provider, the provider will need your name, contact information, as well as other information. You may also be permitted to share the content of your health records with others. We are not responsible for the privacy practices of the others who will view and use the information you disclose to others.

Marketing. We do not rent, sell, or share Personal Information about you with other people or non-affiliated companies for their direct marketing purposes, unless we have your permission.

As Required By Law and Similar Disclosures. We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; or protect your, our, or others’ rights, property, or safety.

Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how such entities may use or disclose such information.

With Your Permission. We may also disclose your Personal Information with your permission.

Information retention

DrChrono’s collection, use, and disclosure of information are generally governed by service agreements with our health service provider clients. Information maintained to provide these services to our business clients is retained only for as long as we have a valid business purpose and in accordance with applicable law. DrChrono may retain archived information for a period of five years (or longer if required by law) as necessary to comply with legal obligations, resolve disputes and enforce our agreements and other authorized uses under this Privacy Policy.

Account Deactivation. If you desire to deactivate your account please have your provider contact us. Upon receiving such a request, DrChrono will deactivate your account and archive your Personal Information, including any health information.

Limits to Your Requests for Access, Amendment, or Deletion. You may not be able to access, update, or delete information that you share with another user or other party through the DrChrono Service. Others may also submit personal information that identifies you (for example, when submitting medical family history). You will also not be able to access, update, or delete that information. Certain users, such as health service providers, may be required under HIPAA and other applicable laws to retain information about patients for extended periods of time. DrChrono will continue to retain such information on their behalf.

DrChrono indefinitely stores non-personal information, as well as any feedback you provide us.

Access / correction

In most cases, DrChrono obtains Personal Information on behalf of a health service provider. To request access to, correction, amendment, or deletion of this Personal Information, a patient or end user should make the change using the DrChrono Service or contact the health service provider to which the data was provided. For other inquiries, please contact us at privacy@DrChrono.com.


Please see our Security Policy located at here.

No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we take steps to ensure security on our systems. Please note this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such safeguards.

DrChrono provides its services to health service providers, and when we process “protected health information” as defined by HIPAA on behalf of such health service providers, we are acting as a “business associate” to them as regulated by HIPAA. Therefore, DrChrono must adopt and maintain appropriate physical, technical, administrative, and organizational procedures to safeguard and secure the protected health information we process. We also may not access, use, or disclose the protected health information except as permitted by health service provider clients, you, and/or applicable law. DrChrono strives to protect the privacy of the Personal Information it processes, and to avoid inadvertent disclosure.

If DrChrono learns of a security system’s breach, DrChrono maintains an incident response policy that includes notifications consistent with applicable law.

By using the DrChrono Service or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this website.


The DrChrono Service is intended for use in the United States only. By using the DrChrono Service, you will transfer data to the United States.

Access to the DrChrono Service is administered in the United States and is intended solely for users within the United States.

If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your information you consent to any transfer and processing in accordance with this Privacy Policy.

Persons under the age of 13

The DrChrono Service is not intended for or designed to attract persons under the age of 13 (“child” or “children”). DrChrono does not knowingly collect personal information from children. If DrChrono learns that it has obtained personal information from a child, DrChrono will delete that information as soon as practicable. If your child has provided us with personal information without your consent, please contact DrChrono immediately.

Without limiting the above, the DrChrono Service does allow persons above the age of 18 years—such as health service providers, parents and guardians—to provide, share and store personal information about others, including minors and children. Any user providing, storing or submitting information on behalf of a child assumes full responsibility over the submission, use, and transmission of such information.

Changes and updates to privacy policy

We may revise this Privacy Policy, so review it periodically.

Posting of Revised Privacy Policy. We will post any adjustments to the Privacy Policy on this web page, and the revised version will be effective when it is posted. If you are concerned about how your information is used, bookmark this page and read this Privacy Policy periodically.

New Uses of Personal Information. From time to time, we may desire to use Personal Information for uses not previously disclosed in our Privacy Policy. If our practices change regarding previously collected Personal Information in a way that would be materially less restrictive than stated in the version of this Privacy Policy in effect at the time we collected the information, we will make reasonable efforts to provide notice and obtain consent to any such uses as may be required by law.

Contacting DrChrono

If you have any questions, comments, or concerns about DrChrono or this Privacy Policy, please email us at privacy@DrChrono.com.

Get started with the nation's #1 EHR

Start a Free Trial