📋 Overview
MedConnect Pro manages data across the full lifecycle — from collection through storage, processing, archival, and secure disposal. Our data handling practices are designed to meet HIPAA requirements while providing flexibility for business operations.
This page covers data handling for both the MedConnect Pro telehealth platform and the optional Storefront e-commerce add-on.
📥 Data Collection
Platform Data
- Patient Records: Demographic information, medical history, intake form responses, consultation notes, and prescription records
- Provider Records: Professional credentials, license information, DEA numbers, and consultation activity
- Administrative Data: Tenant configuration, user accounts, audit logs, and system settings
- Verification Data: Government-issued photo IDs for identity verification (temporarily stored)
Storefront Data
- Customer Accounts: Name, email, phone, shipping addresses, and account preferences
- Order Data: Products ordered, quantities, pricing, shipping details, and order status
- Subscription Data: Active subscriptions, billing intervals, renewal dates, and payment status
- Payment Data: Payment tokens (not raw card numbers), transaction IDs, and billing history
- CMS Content: Marketing pages, product descriptions, and media uploads
💾 Data Storage
Storage Architecture
Data is stored in tiered storage based on access frequency and age:
| Tier | Data Age | Purpose | Access Speed |
|---|---|---|---|
| Hot Storage | 0-12 months | Active data, recent files, current consultations | Immediate |
| Warm Storage | 1-3 years | Older consultations, completed orders, archived forms | Minutes |
| Cold Storage | 3-7 years | Archived data, retained records, long-term compliance | Hours |
Encryption
- At Rest: AES-256 encryption for all stored data across all tiers
- In Transit: TLS 1.2+ for all data transmission
- Backups: Encrypted backups stored in geographically separated locations
🔧 Data Processing
- Consultation Data: Processed to match patients with providers, track consultation status, and generate prescriptions
- Payment Data: Processed securely — raw card data never touches our servers
- Analytics: Aggregated and de-identified data used for platform performance metrics and reporting
- Audit Logging: All data access events processed through PHI-safe sanitization before logging
🗑 Data Retention
Data is retained according to regulatory requirements and business needs:
| Data Type | Retention Period | Basis |
|---|---|---|
| Patient Health Information (PHI) | 7 years from last encounter | HIPAA requirement |
| Audit Logs | 6 years minimum | HIPAA requirement |
| ID Verification Photos | 90 days (auto-deleted) | Data minimization |
| Session Data | 90 days (auto-purged) | Data minimization |
| Storefront Order Data | Duration of relationship + tax retention | Business and tax requirements |
| Payment Tokens | Until customer requests removal | Service continuity |
| Tenant Business Data | Export window + retention period | Offboarding policy |
Per-Patient Tracking: Each patient record individually tracks last_medical_encounter_at and phi_retention_until to ensure precise compliance with retention requirements.
🔄 Data Lifecycle Automation
MedConnect Pro automates data lifecycle management to prevent data accumulation and ensure timely disposal:
- ID Photo Cleanup: Automated deletion of verification photos after 90 days
- Session Purge: Expired sessions automatically purged after 90 days
- Storage Tier Migration: Automatic migration from hot to warm to cold storage based on age thresholds
- Tenant Offboarding: Automated data export, archival, and purge workflows for cancelled tenants
- PHI Purge: Automated purge after retention period expires, with proof of disposal in audit logs
📤 Data Export & Portability
MedConnect Pro supports full data export to ensure you are never locked in:
- Tenant Export: Complete export of all tenant data including patients, consultations, prescriptions, forms, and audit logs
- Patient Export: Individual patient record export in structured format
- Storefront Export: Export of products, orders, customers, and subscription data
- Format: Exports provided in standard formats (CSV, JSON) for interoperability
- Offboarding Window: 30-90 day data export window provided during account cancellation
🛡 Data Protection Measures
- Cross-Tenant Isolation: Patient data from one tenant cannot be accessed by another tenant
- Cross-Tenant Patient Protection: If a patient exists in multiple tenants, core profile cannot be deleted if they have active records elsewhere
- Legal Hold: Data under legal hold cannot be purged regardless of retention schedule
- Secure Disposal: All purged data is securely destroyed and proof of disposal is recorded in audit logs
🛒 Storefront Data Handling
The optional Storefront e-commerce add-on handles the following additional data categories:
- Customer Data: Account information, addresses, and preferences are stored in the Storefront database
- Order Data: Order details, transaction records, and shipping information
- Payment Data: Processed securely — only payment tokens are stored, never raw card numbers
- API Data: Data exchanged between Storefront and Platform via API is encrypted in transit and authenticated
- ePHI Boundary: Customer data becomes ePHI when synced to the Platform for consultations, at which point HIPAA protections apply
📧 Questions
For questions about our data handling practices:
Data Protection Team: privacy@medconnectpro.com
Last updated: April 2026