AVO Works Logo

Privacy Policy

Effective Date: January 05, 2026

Last Updated: February 18, 2026

Mdical, LLC, doing business as AvoScribe (“AvoScribe,” “we,” “our,” or “us”), respects your privacy and is committed to protecting personal and health-related information. This Privacy Policy explains how information is collected, used, disclosed, and safeguarded when you use the AvoScribe mobile application, website, and related services (collectively, the “Services”).

By accessing or using AvoScribe, you agree to the practices described in this Privacy Policy.

1. Information We Collect
1.1 Information You Provide

We may collect information you voluntarily provide, including:

  • Name, email address, and phone number

  • Professional role, credentials, or organization affiliation

  • Account login and authentication information

  • Communications with customer support

1.2 Protected Health Information (PHI)

When used in a healthcare setting, AvoScribe may process Protected Health Information (PHI) on behalf of healthcare providers or organizations.

AvoScribe operates as a Business Associate and handles PHI in compliance with:

  • The Health Insurance Portability and Accountability Act (HIPAA)

  • Applicable federal and state privacy laws

  • Business Associate Agreements (BAAs), where required

AvoScribe does not use PHI for advertising, marketing, or data resale.

1.3 Automatically Collected Information

We may collect limited technical information automatically, including:

  • Device type, operating system, and app version

  • Log files, timestamps, and usage analytics

  • IP address and general location (not precise GPS)

2. How We Use Information

Information is used to:

  • Provide, operate, and maintain the Services

  • Support clinical documentation and administrative workflows

  • Communicate updates, notices, and support responses

  • Comply with legal, regulatory, and contractual obligations

AvoScribe does not sell personal information.

3. Healthcare Privacy & HIPAA Compliance

Where PHI is involved:

  • Access is restricted to authorized users only

  • Role-based access controls are enforced

  • Industry-standard safeguards protect data in transit and at rest

  • Audit and monitoring mechanisms may be applied

Healthcare providers are responsible for obtaining all required patient consents under applicable law.

4. Integrated Partners, Interoperability & Security Standards

AvoScribe may integrate with third-party systems, including Electronic Health Record (EHR) platforms, interoperability frameworks, and healthcare technology providers (“Integrated Partners”).

4.1 Compliance Requirements

  • Comply with HIPAA and applicable healthcare privacy laws

  • Execute Business Associate Agreements (BAAs) when PHI is involved

  • Maintain administrative, technical, and physical safeguards consistent with industry standards

4.2 HL7 & Interoperability Standards

Where interoperability is supported, AvoScribe aligns with recognized healthcare data exchange standards, including HL7-based frameworks (such as HL7 messaging or HL7-aligned APIs), to enable secure, standardized data exchange.

Interoperability connections utilize:

  • Secure authentication and authorization

  • Encrypted data transmission

  • Access limited to authorized systems and users

4.3 Data Minimization & Partner Responsibility

Integrated Partners are granted access only to the minimum necessary data to perform their intended function.

  • Its own compliance and security practices

  • Proper handling and storage of data within its systems

AvoScribe does not permit Integrated Partners to use data for advertising, marketing, or unauthorized secondary purposes.

4.4 Oversight

  • Vet Integrated Partners prior to enabling integrations

  • Monitor integration access for security and integrity

  • Restrict or disable integrations that fail to meet compliance or security expectations

5. Data Sharing

Information may be shared:

  • With authorized service providers under confidentiality obligations

  • With healthcare organizations you are affiliated with

  • To comply with legal obligations, subpoenas, or regulatory requests

  • To protect the rights, safety, and integrity of AvoScribe and its users

AvoScribe does not share data for advertising purposes.

6. Data Retention

Information is retained only as long as necessary to:

  • Provide the Services

  • Meet contractual and operational requirements

  • Comply with legal, regulatory, and audit obligations

PHI retention follows healthcare industry standards and applicable client agreements.

7. Security Measures

AvoScribe implements reasonable administrative, technical, and physical safeguards, including:

  • Encryption

  • Secure authentication

  • Role-based access controls

  • Ongoing monitoring and risk mitigation

No system can be guaranteed to be completely secure.

8. Your Rights

Depending on your role and applicable law, you may have the right to:

  • Access or update your account information

  • Request correction of inaccurate data

  • Request deletion of certain non-regulated personal data

  • Receive information regarding data use and disclosures

Requests may be subject to legal, regulatory, or contractual limitations.

9. Children’s Privacy

AvoScribe is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by other reasonable means. Continued use of the Services constitutes acceptance of the updated policy.

Contact Information

Mdical, LLC dba AvoScribe

2505 Anthem Village St, Unit 604

privacy@avowork.com