CirrusMD has developed and operates a mobile application and Internet-based healthcare communications software platform designed to offer secure patient-to-healthcare-provider messaging and video chat, scheduling, patient data capture/access and other related services and products (the "Platform").

By accepting CirrusMD's Terms of Use, you consent to the use and disclosure of personally identifiable information provided to us as outlined in this privacy policy (the "Privacy Policy").

CirrusMD takes the utmost care when it comes to patient data security and privacy. Only your health care plan, health care plan administrator, health care providers, their approved physician call groups, specifically approved members of a healthcare provider's staff (collectively "Providers"), any Business Associates (as such term is defined pursuant to the Health Insurance Portability and Accountability Act of 1996 – "HIPAA") of a Provider, and you will have access to your Protected Health Information ("PHI"). CirrusMD is HIPAA compliant, and we utilize industry best practices regarding data security. CirrusMD is in compliance with all pertinent laws and regulations associated with PHI and healthcare data security.


Because CirrusMD's service enables communications between patients and healthcare providers, we request that you provide similar information to what is required when you visit your doctor's office. At registration, you will be asked to provide specific information that falls under the category of PHI; this may include the collection of contact information, as well as certain health information, including health conditions, medications and allergies. This information may be checked and confirmed by Providers for accuracy. After initial registration is complete, both you and Providers may update your health profile within CirrusMD.

CirrusMD offers various forms of communication services, including messaging, phone and video chat, and the Platform contains an online personal health record. Your participation in these forms of communication is voluntary. Any information disclosed to any Provider via the Platform is at your sole discretion. Information provided via these communications may be used to update your personal health record.


CirrusMD may contact you by email or phone for a variety of reason, including to resolve service or billing issues, deliver information about our services, get your feedback on the Platform and our services, analyze site usage, provide you with administrative or system messages, or as otherwise described to you at the time of contact.


CirrusMD may request financial information from you. At registration, you may be required to provide credit card information to complete your registration for our service. This information is used for billing purposes. Please be sure to keep any such payment information up-to-date to guarantee continuity of service.

Use of Data

CirrusMD does maintain personal non-PHI information in an administrative account for record keeping purposes, including but not limited to name, address, email address and phone number. We may also maintain records dealing with site usage and activity, some of which are required for security purposes.

Private Communications

Certain communications (for example, messages) are recorded and maintained by CirrusMD. CirrusMD will not edit the content of the communication between you and any Provider. We consider these communications to be personal and private and will not use or disclose these communications except as provided for in this Privacy Policy or where required by law.

Based on our Terms of Use, CirrusMD reserves the right to terminate the account of any user for sending offensive, threatening, abusive or otherwise unacceptable communications via the Platform or otherwise.

Data Integration

Providers may utilize medical or other information contained in your medical records or patient files to update or supplement your health profile or other information about you within the Platform. In addition, information about you (including but not limited to PHI) may be shared via electronic or other forms of integration between the Platform and various systems used by Providers or other healthcare organizations (for example, medical record-keeping/storage systems, Electronic Health Records, Electronic Medical Records, health information exchanges and billing systems)..

HIPAA & Data Security

CirrusMD is in compliance with HIPAA and with all pertinent laws and regulations associated with the storage and transmission of PHI. All data is encrypted both in transit and at rest, whether on our servers or your mobile device or computer.


CirrusMD may collect and store: (i) the IP address of the computer you are using; (ii) the domain and host name from which you access the Internet; (iii) your browser software and your operating system; (iv) the date and time you access the service; and (v) the Internet address of the Web site from which you directly linked to CirrusMD. CirrusMD uses this log file information to analyze trends, administer the Platform, monitor service traffic and usage patterns for internal security purposes, and to help make the Platform function in an optimal manner.

Third Party Services

CirrusMD may work with third-party vendors in making the Platform available. It is our policy to ask companies with whom we do business to support the same privacy policy we do. These third parties are not allowed to use personally identifiable information except for the purpose of providing services to CirrusMD.

CirrusMD will not disclose personal information (contact, health and/or billing) to third parties other than as provided for in this Privacy Policy, except when we believe in good faith that the law requires it or you have otherwise consented to additional use or disclosure of the information.

Resale of Data

CirrusMD will not sell, share or disclose any of your PHI that is exchanged or stored within the Platform to any third parties in ways different than from what is disclosed in this Privacy Policy. We do not have the ability to access any of your PHI on a dis-aggregated basis.

We will never resell or rent your contact information to third-parties.

Aggregated Data

CirrusMD may use non-identifiable anonymous data that is taken from your personal health profile and combine it with other anonymous data. In aggregate this data may be provided or sold to third parties. This data will not identify you but will be used as statistical information to determine things like user demographics and usage patterns. CirrusMD may also use aggregated data within Platform to better understand the needs of you and other users.


You should make sure to create and use a password to access the Platform that is both sufficiently complex and private to ensure security. Some of our mobile services may also require a pincode in addition to a password. Do not disclose your password or pincode to any third parties. A CirrusMD representative will never ask you for your password or pincode.

For convenience, CirrusMD may allow you to stay signed in to our service for short periods of time, after which you will be logged out. You may be required to periodically reset your password or pincode for security purposes.

CirrusMD advises that you periodically change your password and any pincodes for security purposes.


If you have any questions or concerns about this Privacy Policy or about CirrusMD's approach to the privacy of your data in general, please email us at or call us at (800) 449-4512.