Skip to main content

Privacy Policy

Updated April 19, 2020

This privacy policy exists to explain what information we collect, what we do with it, and how we protect it.

What we collect and what we do with it

If you're a patient who books an appointment with a practice who uses NextPatient, your information will be saved in our database and transfered to the practice you've selected.

The combination of your name, email, phone number, and DOB will be used to uniquely identify you to the practice, which will allow them to determine if you're a new or existing patient.

Your "reason for visit" will be used by the practice to plan accordingly and confirm that the visit is appropriate.

We may use your phone number and email address to send appointment confirmations, reminders, and other messages related to your visit.

If we collect payment for a visit, we may send your information to financial partners to facilitate payment.

We do not:

  • run ads on our platform
  • sell patient or practice data to third parties
  • use cookies to follow patients on other sites

Data Retention

NextPatient will maintain practice data for at least as long as the practice is a customer of NextPatient.

NextPatient will maintain audit logs recording which practice employees accessed the NextPatient admin pages, and which patient records were viewed.

If a practice discontinues using NextPatient, they may request we delete all practice data beyond the practice's name, contact information, service dates, payment history, and anything else needed to maintain a record of the practice as a customer.

This deletion will be completed within 7 days of being requested. Note, however, practice data may be held for a longer period in backups maintained for disaster recovery.

If the practice does not request a deletion, the practice data may live in NextPatient's database indefinitely, and can be made available to the practice upon request.

How we protect your information

All web traffic is encrypted is encrypted via SSL.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems.

When we send emails regarding appointments, we will include your name, email, and name of the practice, but we won't include your date of birth or any medical information.

Your DOB and Reason for Visit will only be transfered to the medical practice over encrypted channels.

How we use cookies

We use cookies to:

  • Store login information that persists across the user's session.
  • Generate website traffic reports in Google Analytics (GA). GA uses their own cookies to provide this information.

If you disable cookies in your browser, you might not be able to make book appointments.

Third Party Disclosure

We will not sell, trade, or transfer your personally identifiable information unless we provide you with advance notice. This does not include:

  • any medical practices we're contacting on your behalf
  • website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

California Online Privacy Protection Act

According to CalOPPA we agree to the following:

  • Users can visit our site anonymously
  • Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.
  • Our Privacy Policy link includes the word 'Privacy', and can be easily be found on the page specified above.
  • Users will be notified of any privacy policy changes on our Privacy Policy Page
  • Users are able to change their personal information by logging in to their account

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under 13.

Fair information practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices, should a data breach occur, we will notify the users via email within 7 business days

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.


The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

To be in accordance with CANSPAM we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us at and we will promptly remove you from all correspondence.

Contacting Us

If there are any questions regarding this privacy policy you may contact us at

Learn more about NextPatient's integration with ModMed.