What you can do with your data
Under HIPAA and our own privacy commitments, every patient and physician on ElderberryMD has three core data rights. All three are available directly from your account — no waiting period, no paper forms.
Export
Download a complete copy of your health records and account data in a machine-readable format. Useful for sharing with another provider or keeping a personal copy.
Delete
Request permanent deletion of your account and associated data. Deletion is irreversible. Certain data required by law (billing records, audit logs) is retained for the legally mandated period before destruction.
Audit log
See a complete record of every time your protected health information (PHI) was accessed — by whom, when, and why. ElderberryMD logs every PHI access event automatically.
Patient rights
If you are a patient on ElderberryMD, HIPAA grants you the right to access your records (45 CFR § 164.524) and receive an accounting of disclosures of your protected health information (45 CFR § 164.528). ElderberryMD also provides data deletion as a platform commitment — self-service, no waiting period.
Export your records
Download your complete health record — visit summaries, medication history, lab results, and clinical notes — as a structured data file. You can share this file directly with another provider.
Export my dataDelete your account
Request permanent deletion of your ElderberryMD account and all associated health data. This action is irreversible. Legally required retention periods (billing records, audit trails) apply before data is fully destroyed.
Request deletionView your audit log
See a timestamped record of every access to your PHI: who accessed it, when, and from which system. ElderberryMD logs every PHI access event — no access goes unrecorded.
View audit logPhysician rights
Physicians on ElderberryMD have the same three rights over the data they generate and store on the platform — prescriptions, clinical notes, and patient interaction records. Access these rights directly from your physician account.
Export your data
Download a complete export of your physician account: patient interaction records (de-identified per your permissions), prescription history, and clinical notes you authored. Use this to migrate to another platform or keep a local archive.
Export my dataDelete your account
Request permanent deletion of your physician account and practice data. Patient records you authored remain with patients per HIPAA requirements; your physician-specific data is destroyed after the legally mandated period.
Request deletionView your audit log
Review all access events tied to your physician account — logins, patient record views, prescription submissions, and API calls from your EHR integration. Every action is logged automatically.
View audit logHow we protect your data
Encryption everywhere
All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Encryption keys are managed separately from the data they protect. No PHI is ever stored in plaintext.
Audit log on every PHI access
Every read, write, and disclosure of protected health information generates an immutable audit log entry. This is not optional and cannot be disabled — it is built into the data layer of the platform. You can review your own audit log at any time from your account.
Access controls
PHI is accessible only to the patient it belongs to, the physician(s) treating that patient, and ElderberryMD staff with a documented clinical or operational need. Access grants are time-limited and logged.
Submitting a request
All data rights requests are handled directly from your account at app.elderberrymd.com. Log in and navigate to Account → Privacy & Data to find the export, delete, and audit-log options.
Requests are processed automatically. Export and audit-log access are immediate. Deletion requests are confirmed within 24 hours and completed within 30 days per our platform policy.
Part of the ElderberryMD Trust & Privacy commitment.