Privacy Policy

How we collect, use, and protect your information.

Provider: MSC Software Solutions LLC (“MSC,” “we,” “us,” “our”)

Address: 10913 Upland Retreat Dr, Houston, TX 77043
Site/Service: msccarepath.com and MSC CarePath (the “Service”)
Effective Date: January 1, 2025

1. Scope

This Privacy Policy explains how MSC Software Solutions LLC (“MSC,” “we,” “us,” “our”) collects, uses, discloses, and safeguards information when you visit msccarepath.com (the “Site”) or access and use MSC CarePath (the “Service”). This Policy does not apply to third-party sites or services that may be linked from the Site or Service.

2. HIPAA and PHI

The Service is intended for business-to-business healthcare workflows. Depending on how a customer organization uses the Service, data submitted to the Service may include “Protected Health Information” (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”).

Where MSC processes PHI on behalf of a customer organization that is a HIPAA “covered entity” or “business associate” (a “Customer”), MSC will do so under the applicable customer agreement and, where required, a Business Associate Agreement (“BAA”). If there is a conflict between this Policy and a BAA, the BAA governs MSC’s processing of PHI.

3. Information We Collect

We may collect the following categories of information:

3.1 Account and profile information. e.g., name, organization, role/title, phone number.

3.2 Authentication and security information. e.g., credentials, MFA settings, access logs.

3.3 Usage and device information. e.g., IP address, device/browser identifiers, diagnostics, timestamps.

3.4 Customer Data. submitted to the Service by or for a Customer, which may include PHI depending on Customer use.

3.5 Communications. e.g., support requests, feedback.

3.6 Cookies and similar technologies. used for session management, security, preferences, and analytics.

4. How We Use Information

We use information to:

4.1 Provide and maintain. the Site and Service.
4.2 Secure. the Service and prevent fraud, misuse, and unauthorized access.
4.3 Support and notify. Users of administrative and security matters.
4.4 Improve. performance, reliability, and functionality.
4.5 Comply and enforce. law and agreements.

5. How We Share Information

We may share information:

5.1 With Customers and authorized users. based on Customer-configured access and permissions.
5.2 With service providers (subprocessors). that host, support, secure, and operate the Site/Service under contractual safeguards.
5.3 For legal, compliance, and safety purposes. including lawful requests, investigations, and protection of rights.
5.4 In business transactions. such as merger, acquisition, financing, or sale of assets, with appropriate protections.

MSC does not sell personal information in exchange for monetary consideration.

6. Data Retention

We retain information as reasonably necessary to provide the Service, maintain security and audit logs, comply with legal and contractual obligations, resolve disputes, and enforce agreements. PHI retention is governed by applicable Customer agreements/BAAs and law.

7. Cookies

You can control cookies through browser settings. Disabling cookies may limit certain features.

8. Security

MSC maintains administrative, technical, and physical safeguards designed to protect information. No system is perfectly secure; Users are responsible for safeguarding credentials and reporting suspected compromise to their Customer administrator.

9. Your Choices and Rights

Depending on applicable law and your relationship to the data, you may request access, correction, or deletion of certain personal information. We may verify identity/authority and may deny requests where permitted (e.g., security logs or compliance obligations). Requests related to PHI should generally be directed to the healthcare provider Customer unless a BAA provides otherwise.

10. Children

The Site and Service are not intended for children under 13, and MSC does not knowingly collect personal information from children under 13.

11. International Use

MSC is U.S.-based. If you access the Site or Service from outside the U.S., information may be processed and stored in the U.S.

12. Changes

MSC may update this Policy from time to time. Material changes will be communicated through the Site/Service or other reasonable methods.

13. Contact

MSC Software Solutions LLC
10913 Upland Retreat Dr, Houston, TX 77043
Legal notices should be sent to the address above with “Attn: Legal” on the envelope.