CaseMgmt

Acceptable Use Policy

Last updated: May 21, 2026

1. Purpose

This Acceptable Use Policy ("AUP") sets out the rules governing your use of the CaseMgmt platform. It applies to all users of the Service, including paid customers, trial users, and any individuals accessing the Service through a tenant account.

By using CaseMgmt, you agree to comply with this AUP. Violations may result in suspension or termination of your access, as further described in our Terms of Service.

2. Permitted Use

CaseMgmt is intended for use by:

  • Nurse case management firms managing patient cases
  • Licensed healthcare professionals coordinating care
  • Authorized billing staff managing invoices and reimbursements
  • Authorized administrative staff supporting the above functions
  • Referral sources (attorneys, adjusters, insurance carriers) submitting referrals

You may use CaseMgmt only for the legitimate business purpose of managing healthcare cases and related operations, and only in compliance with all applicable laws and regulations, including HIPAA, HITECH, state privacy laws, and the terms of any Business Associate Agreement between you and us.

3. Prohibited Conduct

You agree NOT to:

3.1 Legal and Regulatory Violations

  • Use the Service in violation of HIPAA, the HITECH Act, state privacy laws, or any other applicable law
  • Store, transmit, or process Protected Health Information (PHI) without a signed Business Associate Agreement with us
  • Use the Service to engage in fraudulent billing, identity theft, or other illegal activity
  • Violate any third party's intellectual property, privacy, or other rights
  • Engage in any activity that would constitute the unauthorized practice of medicine, nursing, or law

3.2 Security & System Integrity

  • Attempt to access another tenant's data, accounts, or systems
  • Attempt to bypass, disable, or circumvent any security features, access controls, audit logs, or rate limits
  • Probe, scan, or test the vulnerability of the Service without prior written authorization
  • Upload, transmit, or distribute viruses, malware, ransomware, or any other malicious code
  • Use the Service to launch attacks against any other system or network
  • Share your account credentials with any other person, including coworkers
  • Use automated tools (bots, scrapers, crawlers) to extract data or interact with the Service except where expressly permitted
  • Reverse engineer, decompile, or disassemble any part of the Service

3.3 Data & Content

  • Upload content that is illegal, defamatory, obscene, harassing, or that infringes on others' rights
  • Falsify, misrepresent, or alter audit log entries
  • Use the Service to send unsolicited bulk messages, spam, or unauthorized marketing communications
  • Use the Service to send SMS messages to individuals who have not consented to receive them per our SMS Consent Policy
  • Upload PHI of individuals from whom your organization has not obtained proper authorization

3.4 Service Abuse

  • Use the Service in a manner that imposes an unreasonable load on our infrastructure
  • Resell, sublicense, or redistribute access to the Service without our written permission
  • Use the Service to develop a competing product
  • Create multiple accounts to evade plan limits, suspensions, or other restrictions
  • Misrepresent your identity or affiliation when registering or using the Service

4. HIPAA-Specific Responsibilities

As a HIPAA-eligible platform, CaseMgmt processes Protected Health Information ("PHI") on behalf of our customers acting as Covered Entities. You, the customer, remain responsiblefor:

  • Maintaining your own HIPAA compliance program (Privacy and Security Rules)
  • Obtaining all necessary patient authorizations before submitting PHI to the Service
  • Ensuring your workforce members are trained in HIPAA and understand their responsibilities
  • Providing your own Notice of Privacy Practices to patients
  • Promptly reporting any suspected security incident or breach to us at security@casemgmt.io
  • Maintaining the confidentiality of your own users' credentials
  • Properly terminating workforce access when employees leave or change roles
  • Reviewing your audit logs and access reports periodically

We provide technical safeguards (encryption, audit logging, access controls, etc.) but cannot prevent or detect every form of misuse by your own authorized users. Insider misuse by your workforce remains your responsibility under HIPAA.

5. Workforce User Conduct

If you are a workforce member (employee, contractor, or volunteer) of a CaseMgmt customer:

  • Access PHI only for legitimate business purposes — never "browse" patient records out of curiosity
  • Use your own unique user account — never share or use someone else's credentials
  • Lock your workstation when stepping away
  • Use the platform only on devices you are authorized to use for work
  • Report any suspected security incident or policy violation to your organization's Security Officer or to security@casemgmt.io

Curiosity browsing of patient records is a HIPAA violation and may result in termination of your access and disciplinary action by your employer.

6. Reporting Violations

If you become aware of or suspect a violation of this AUP — whether by another user, a third party, or yourself — please report it immediately to:

Security & Abuse Reports

Email: security@casemgmt.io

For confidential or sensitive reports, you may also use our contact page.

All reports are reviewed promptly. We do not retaliate against good-faith reporters.

7. Enforcement

We investigate suspected violations of this AUP. Depending on the severity and nature of the violation, we may take any of the following actions, with or without prior notice:

  • Issue a warning to the user or account
  • Restrict specific features or capabilities of the account
  • Suspend the user account or the entire tenant
  • Terminate the account or tenant subscription
  • Preserve evidence and cooperate with law enforcement for criminal violations
  • Initiate legal action to recover damages
  • Report HIPAA violations to the U.S. Department of Health and Human Services Office for Civil Rights as required by law

Suspension or termination for violations of this AUP does not entitle you to any refund of prepaid fees. See our Subscription, Refund & Cancellation Policy for details.

8. Modifications to this Policy

We may update this AUP from time to time. Material changes will be communicated via email to account administrators or by notice on the platform at least 30 days before taking effect, except that changes addressing security threats may take effect immediately upon posting.

9. Contact

CaseMgmt

Acceptable Use questions: legal@casemgmt.io

Abuse reports: security@casemgmt.io

Web: https://casemgmt.io/contact