Last updated June 2026
This Healthcare Services Supplement ("Supplement") applies to Nemedic Healthcare Products that are designed for healthcare organizations and may process Protected Health Information ("PHI"). This Supplement is incorporated into and forms part of Nemedic's Terms of Service and Privacy Policy.
In the event of a conflict between this Supplement and a fully executed Business Associate Agreement ("BAA"), the BAA will control with respect to the processing of PHI.
The Healthcare Products are designed to support healthcare operations, patient communications, scheduling, workflow automation, documentation, and related administrative functions. Use of the Healthcare Products may involve the creation, receipt, maintenance, or transmission of PHI.
All provisions of Nemedic's Terms of Service and Privacy Policy remain applicable except to the extent expressly modified by this Supplement or a signed BAA.
When a customer is a Covered Entity or Business Associate under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and uses the Healthcare Products to process PHI:
Organizations requiring HIPAA-compliant services must execute a Business Associate Agreement with Nemedic before transmitting PHI through the Healthcare Products.
Nemedic maintains administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of PHI in accordance with applicable HIPAA requirements.
These safeguards include, as appropriate:
Nemedic requires subcontractors that may access PHI on its behalf to be subject to contractual obligations that provide protections consistent with applicable HIPAA requirements.
Certain Healthcare Product features utilize artificial intelligence, document-processing, communication, cloud-hosting, and other technology providers that support the delivery of the Services.
Where PHI is processed through such providers:
Information regarding material subprocessors may be made available upon request or through applicable customer agreements.
The Healthcare Products are technology tools intended to assist healthcare organizations with operational, administrative, and communication workflows.
Nemedic does not provide medical advice, diagnosis, treatment, or clinical decision-making services. Any content generated by artificial intelligence or automation features is provided for informational and operational purposes only and may contain errors, omissions, or outdated information.
Healthcare professionals remain solely responsible for:
The Healthcare Products are not a substitute for professional medical judgment.
Customers using the Healthcare Products to send SMS, RCS, voice, email, or other patient communications are responsible for ensuring compliance with all applicable laws and regulations, including HIPAA, the Telephone Consumer Protection Act ("TCPA"), state privacy laws, carrier requirements, and applicable healthcare communication rules.
Customers are responsible for:
Nemedic does not sell patient phone numbers, messaging consent records, or similar patient contact information to third parties for their own marketing purposes.
Customers are responsible for:
Customers retain responsibility for determining whether information entered into the Healthcare Products constitutes PHI and whether applicable legal restrictions apply to its use.
Certain marketing, advertising, analytics, audience measurement, attribution, conversion-tracking, and related services offered by Nemedic may operate outside the scope of HIPAA-regulated services and outside the scope of any applicable BAA.
Customers are solely responsible for determining whether their use of any marketing, advertising, analytics, attribution, or conversion-tracking technologies complies with applicable law and regulatory guidance.
Nemedic does not knowingly disclose PHI to advertising or marketing platforms in connection with such services. Customers should not direct Nemedic to transmit PHI through advertising, analytics, attribution, or conversion-tracking technologies.
Additional terms governing marketing and analytics services may be provided in separate agreements or documentation.
Customers independently determine whether any advertising, analytics, attribution, conversion-tracking, audience-measurement, or similar technologies comply with applicable law. Nemedic acts solely as a technology provider implementing customer-directed configurations and does not determine whether a particular implementation complies with HIPAA, state privacy laws, FTC requirements, or advertising-platform policies.
Customer acknowledges and agrees that Nemedic may create, develop, analyze, aggregate, anonymize, de-identify, transform, benchmark, model, and commercialize operational, performance, utilization, workflow, specialty, provider, physician, practice-management, scheduling, revenue, marketing, and business intelligence information derived from Customer's use of the Healthcare Products.
Such information may be used by Nemedic for:
Nemedic may provide such de-identified or aggregated information, reports, benchmarks, analyses, insights, and intelligence products to third parties, including healthcare organizations, consultants, investors, researchers, pharmaceutical companies, medical device manufacturers, payors, and other commercial entities.
Nemedic shall not disclose Protected Health Information through such activities and shall implement reasonable measures designed to prevent patient identification.
Customer acknowledges and agrees that Nemedic owns all resulting de-identified datasets, benchmarks, analytical outputs, scoring systems, models, market intelligence products, and derivative analytical works generated through such activities.
Nemedic maintains incident-response procedures designed to identify, investigate, mitigate, and respond to security incidents affecting customer data.
Where required by applicable law or a BAA, Nemedic will provide notice of reportable breaches or security incidents in accordance with applicable contractual and legal requirements.
Nemedic makes no representations or warranties regarding the accuracy, completeness, reliability, legality, or fitness for a particular purpose of any AI-generated output. Customers are solely responsible for reviewing, validating, and approving all AI-generated content before use.
Customers are solely responsible for determining what information they submit to the Services, whether such information constitutes PHI, and whether applicable laws permit the collection, use, disclosure, or transmission of such information.
Nemedic does not provide legal, regulatory, privacy, compliance, reimbursement, or risk-management advice. Customers should consult their own legal, compliance, and healthcare advisors regarding applicable requirements.
Customers agree to defend, indemnify, and hold harmless Nemedic from claims, investigations, penalties, or liabilities arising from:
While Nemedic maintains security safeguards designed to protect customer information, no system can be guaranteed to be completely secure. Nemedic does not warrant that the Services will be uninterrupted, error-free, or immune from cyberattacks, unauthorized access, or other security events.
Nemedic may engage, replace, or update subprocessors, cloud providers, hosting providers, communication providers, and other service providers used to deliver the Healthcare Products, provided Nemedic remains responsible for maintaining appropriate contractual protections where required by applicable law.
Nemedic shall not be liable for delays, interruptions, or failures resulting from events beyond its reasonable control, including cyberattacks, internet outages, telecommunications failures, cloud-service disruptions, acts of government, labor disputes, natural disasters, or other force majeure events.
The Healthcare Products are not intended for emergency communications, emergency response, or life-critical monitoring. Customers should not rely on the Services for urgent medical situations, and patients should be directed to call 911 or contact emergency services when appropriate.
For questions regarding HIPAA compliance, Business Associate Agreements, privacy, or security matters, please contact:
Nemedic, Inc.
Email: security@nemedic.com