EMRDesk
Press / or Ctrl+K
Sign in
EMRDesk
Sign in
English (US)
MXDE

Legal

Terms of Service

Read the current document, see when it was updated, and use support if you need clarification.

These Terms of Service govern access to and use of EMRDesk, a web application designed for healthcare organizations, training programs, and authorized professionals.

Where applicable, the Business Associate Agreement governs EMRDesk's handling of Protected Health Information and controls over conflicting terms related to PHI.

Use of Service

You agree to use EMRDesk solely for its intended purposes and not for unlawful, fraudulent, infringing, or malicious activity.

Security and Privacy

EMRDesk applies industry-standard security controls, including encryption in transit and at rest, role-based access, and audit logging.

If you are a covered entity or business associate under HIPAA, EMRDesk acts as your business associate and the BAA applies.

AI-Assisted Features and PHI Controls

EMRDesk offers optional AI-assisted capabilities such as summarization of notes, encounters, claims, statuses, and reports. These features are configurable and not required to use the services.

  • Organizations may disable all AI-assisted features.
  • Organizations may restrict PHI from being sent to external AI processors.
  • EMRDesk maintains BAAs with AI processing vendors acting as Business Associates.
  • Customer data may not be used by third parties to train generalized models.
  • AI requests are recorded in audit trails.
  • Settings are available in-app under Settings > Privacy & AI or through support for organization-level changes.

Billing and Payment

You agree to pay all applicable fees, maintain accurate billing information, and authorize billing based on usage and subscription terms.

Accounts are billed for requests made through the account regardless of outcome. Cancellations must occur before the next billing cycle to avoid further charges. No refunds are issued for partial cycles or unused services.

Any undisputed amount unpaid for more than 30 days after invoice date may accrue interest from the due date at the lesser of 2 percent per month or the maximum rate permitted by law, plus reasonable collection costs.

If an account becomes 60 days past due, EMRDesk may suspend access to the services, including user logins and API access, until past-due amounts are paid. Data is preserved during suspension subject to the retention policy.

Auto-Renewable Subscriptions

When subscriptions are purchased through the Apple App Store or Google Play Store, payment is charged to the associated account at confirmation of purchase and subscriptions renew automatically unless disabled before the renewal window.

Subscription prices and lengths are displayed in the app at the time of purchase. Subscription management occurs through the relevant platform settings.

Third-Party Payer Downtime

EMRDesk connects with multiple third-party payers for eligibility, claims, and status information. Known issues and maintenance windows may affect availability.

Service Availability and Maintenance

EMRDesk targets high availability and schedules planned maintenance during low-traffic windows when practical. Availability may be affected by third-party outages or force majeure events.

Data Retention, Export, and Deletion

Customers own their data. During the subscription term, data may be exported in commercially reasonable formats such as CSV, JSON, or PDF where applicable.

EMRDesk retains medical and billing records for a minimum of 7 years, or longer where required by law or contract. For terminated accounts, certain non-clinical data may remain available for up to 30 days to support retrieval before secure deletion. During required retention periods, patient records are soft-deleted and access-restricted rather than immediately purged.

Disaster Recovery and Backups

EMRDesk maintains encrypted backups and a disaster recovery plan designed to support reasonable recovery objectives. Actual recovery times may vary based on incident scope and third-party dependencies.

Support

Standard support is available during business hours by email. Priority incidents related to service availability may be escalated at EMRDesk's discretion. Response times vary with severity and ticket volume.

Credentials and Customer Responsibilities

Customers are responsible for protecting account credentials, promptly revoking access for departing personnel, configuring appropriate role-based permissions, and ensuring that PHI is entered, accessed, and shared in compliance with applicable law and internal policy.

Acceptable Use

You will not upload malicious code, attempt to bypass security controls, probe or scan infrastructure without authorization, or transmit PHI through insecure channels contrary to policy. EMRDesk may suspend or terminate accounts for violations.

Breach Notification

In the event of a security incident involving PHI, EMRDesk will provide notice to affected customers without unreasonable delay and consistent with applicable law, including HIPAA notification requirements.

Audit Rights

Upon reasonable request not more than once annually, EMRDesk may provide compliance summaries or third-party reports under confidentiality.

Intellectual Property

The EMRDesk application, content, and associated trademarks are the property of EMRDesk or its licensors. Customers receive a non-exclusive, revocable license to use the services for internal business purposes, subject to these Terms and the BAA.

Limitation of Liability

To the maximum extent permitted by law, EMRDesk and its affiliates are not liable for indirect, incidental, special, consequential, or punitive damages, or loss of profits, revenue, or data, arising from or related to use of the services.

Indemnification

You agree to indemnify and hold EMRDesk harmless from claims, damages, liabilities, and expenses arising from your breach of these Terms or misuse of the services.

Termination

Customers may cancel accounts at any time, with cancellation effective at the end of the current billing period. EMRDesk may suspend or terminate accounts for material breach, unlawful activity, or persistent non-payment in accordance with these Terms.

Business Associate Agreement

The BAA is incorporated by reference and controls with respect to PHI to the extent of any conflict with these Terms.

Governing Law and Venue

These Terms are governed by the laws of the jurisdiction of EMRDesk's principal place of business, without regard to conflict-of-law rules. Exclusive venue for disputes lies in the competent courts of that jurisdiction.

Contact

By using EMRDesk, users agree to these Terms of Service and the incorporated Business Associate Agreement where applicable.

For questions, contact support@emrdesk.com.

Need help?

If you need the right trust document or support path, start here.

Support hubSystem status