echo
Demo

Acceptable Use Policy

Effective Date: February 25, 2026 Last Revised: February 25, 2026 Company: Echo Health Solutions, Inc. ("Echo Health Solutions," "we," "our," or "us")

This Acceptable Use Policy ("AUP") governs the access to and use of Echo Health Solutions' AI-powered practice management platform, including all associated software, tools, APIs, voice and SMS communication features, prior authorization automation, digital forms, and browser-based automation services (collectively, the "Services").

This AUP applies to all users of the Services, including healthcare providers, clinic staff, administrative personnel, and any other individuals or entities accessing the Services under a customer account (collectively, "Users"). This AUP is incorporated by reference into the Echo Health Solutions Terms of Service and, where applicable, the applicable Business Associate Agreement ("BAA").

By accessing or using the Services, you agree to comply with this AUP. Violation of this AUP may result in suspension or termination of access to the Services.

1. Eligibility and Account Responsibility

1.1 Authorized Users Only

Access to the Services is limited to:

  • Licensed healthcare providers and their authorized clinical and administrative staff
  • Entities that have executed a valid agreement with Echo Health Solutions, including an applicable BAA where required by HIPAA

You may not share your account credentials with unauthorized individuals. You are responsible for all activity conducted under your account, including activity by any personnel to whom you grant access.

1.2 Accurate Information

You must provide accurate, current, and complete information when registering for an account and must promptly update such information if it changes. Echo Health Solutions reserves the right to suspend accounts created with false or misleading information.

2. HIPAA and PHI Obligations

2.1 Covered Entity Responsibility

If you are a Covered Entity under HIPAA, you are solely responsible for ensuring that your use of the Services complies with HIPAA and all applicable state health information privacy laws. This includes, without limitation:

  • Obtaining all required patient authorizations or identifying an applicable legal basis before submitting Protected Health Information ("PHI") to the Services
  • Ensuring your Notice of Privacy Practices accurately reflects your use of third-party technology vendors such as Echo Health Solutions
  • Maintaining policies and procedures governing your workforce's access to and use of the Services

2.2 BAA Requirement

You may not use the Services in any manner that involves the creation, receipt, maintenance, or transmission of PHI unless you have executed a valid BAA with Echo Health Solutions. Operating without an executed BAA where one is required constitutes a material violation of this AUP.

2.3 Minimum Necessary Standard

You must apply the HIPAA minimum necessary standard when configuring access to PHI within the Services, including limiting staff access to only the PHI necessary to perform their job functions.

3. Permitted Uses

You may use the Services only for the following purposes, and only in compliance with applicable law, this AUP, and your agreement with Echo Health Solutions:

  • Scheduling patient appointments and managing appointment reminders via online, voice, and SMS channels
  • Conducting authorized inbound and outbound patient communications for treatment, care coordination, and related healthcare operations purposes
  • Submitting and processing prior authorization requests on behalf of patients for whom you are the treating or referring provider
  • Collecting patient intake information and consents through digital forms
  • Managing and accessing patient-related administrative records within your practice
  • Using analytics and reporting features for lawful healthcare operations

4. Prohibited Uses

You may not use the Services, or permit any third party to use the Services, for any of the following purposes:

4.1 Unauthorized or Illegal Activity

  • Violating any applicable federal, state, local, or international law or regulation, including HIPAA, the Telephone Consumer Protection Act ("TCPA"), CAN-SPAM, or state consumer protection laws
  • Accessing, collecting, or transmitting PHI or Personal Information without a lawful basis or required patient consent
  • Submitting patient communications without obtaining required prior express written consent for automated calls or texts where required by the TCPA or applicable state law
  • Impersonating any person or entity, or misrepresenting your affiliation with a person or entity

4.2 Misuse of Voice and SMS Features

  • Initiating or facilitating unsolicited commercial messages ("spam") or bulk outreach unrelated to legitimate healthcare communications
  • Using our voice or SMS tools to contact individuals who have opted out of communications or who have not provided required consent
  • Using automated dialers or messaging features in violation of the TCPA, FCC regulations, or applicable state telemarketing laws
  • Failing to honor STOP/opt-out requests received through our platform in a timely manner
  • Using our telephony features to conduct calls that constitute harassment, threats, or abusive conduct under applicable law

4.3 AI and Automation Misuse

  • Relying solely on AI-generated outputs, including scheduling recommendations, form pre-fills, transcription results, or prior authorization suggestions, as a substitute for independent clinical, administrative, or legal judgment
  • Using AI features to make or communicate clinical diagnoses, prescriptions, or treatment decisions without appropriate provider review and sign-off
  • Attempting to manipulate, deceive, or adversarially exploit our AI or automated systems, including through prompt injection, adversarial inputs, or deliberate attempts to generate false outputs
  • Using automation features to access, extract, or transmit data in ways not authorized by your agreement with Echo Health Solutions

4.4 Security and System Integrity

  • Attempting to probe, scan, test, or penetrate the security of our systems without prior written authorization from Echo Health Solutions
  • Circumventing or disabling authentication, access controls, or security measures
  • Introducing malware, ransomware, viruses, Trojan horses, or any other harmful or malicious code into the Services
  • Using the Services to engage in distributed denial-of-service (DDoS) attacks or other attempts to disrupt the platform or third-party services
  • Accessing or attempting to access accounts, data, or systems belonging to other users without authorization

4.5 Unauthorized Data Activities

  • Scraping, bulk downloading, or exporting PHI or other data from the Services outside of authorized export tools or data portability mechanisms
  • Using the Services to compile or aggregate patient data for purposes unrelated to the treatment, payment, or healthcare operations of your practice
  • Sharing login credentials, API keys, or access tokens with unauthorized individuals or third parties
  • Attempting to reverse engineer, decompile, or extract the source code of the Services

4.6 Harmful or Deceptive Communications

  • Using the Services to send communications that are fraudulent, misleading, defamatory, harassing, or abusive
  • Falsely representing that communications sent through the platform originate from Echo Health Solutions or any other entity
  • Using the Services to discriminate against patients on the basis of race, color, national origin, sex, disability, age, or any other characteristic protected by applicable law, including Section 1557 of the Affordable Care Act

4.7 Unauthorized Commercial Activity

  • Reselling, sublicensing, or otherwise commercializing access to the Services without prior written consent from Echo Health Solutions
  • Using the Services to operate or facilitate a competing service or to benchmark our Services for publication without prior written authorization

5. User Responsibilities for Patient Communications

You are solely responsible for:

  • Ensuring your practice's patient communication practices comply with HIPAA's Privacy and Security Rules, as well as applicable state privacy laws
  • Maintaining complete and accurate records of patient consents and opt-ins for voice, SMS, and email communications
  • Promptly implementing opt-outs and revocations of consent within the timeframes required by applicable law
  • Configuring the Services appropriately to reflect your patients' communication preferences
  • Ensuring that communications sent through the platform are accurate, not misleading, and appropriate for the patient audience

6. AI Output Review and Clinical Responsibility

Echo Health Solutions' AI features are designed to assist administrative and operational workflows. AI-generated outputs are not a substitute for qualified human judgment. Users are responsible for:

  • Reviewing all AI-generated transcriptions, form completions, scheduling recommendations, and prior authorization determinations before acting on them
  • Ensuring that any clinical information derived from AI-assisted interactions is reviewed and validated by a qualified healthcare provider before it is incorporated into a patient record or used to inform clinical decisions
  • Reporting material inaccuracies or anomalies in AI outputs to Echo Health Solutions through our support channels

Echo Health Solutions does not practice medicine and assumes no clinical responsibility for patient outcomes arising from your use of the Services.

7. Reporting Violations

If you become aware of any use of the Services that violates this AUP, including by other users within your account or by third parties, please report it promptly to:

Echo Health Solutions, Trust & Safety Email: info@echobooking.com

We take all reports seriously and will investigate promptly. We maintain the confidentiality of reporters to the extent practicable and legally permissible.

8. Consequences of Violation

Echo Health Solutions reserves the right, in its sole discretion and without prior notice (except where notice is required by your agreement or applicable law), to take any of the following actions upon a violation or suspected violation of this AUP:

  • Issue a written warning
  • Suspend or restrict access to specific features or your entire account, with or without notice
  • Permanently terminate your account and access to the Services
  • Report conduct to applicable regulatory authorities, including the HHS Office for Civil Rights, the FTC, the FCC, or state health or consumer protection agencies
  • Pursue any legal remedies available under applicable law or your agreement with Echo Health Solutions

Echo Health Solutions is not liable for any losses or damages arising from enforcement actions taken in good faith under this AUP.

9. Cooperation with Investigations

In connection with any investigation of a potential AUP violation or security incident, you agree to:

  • Cooperate in good faith with Echo Health Solutions' reasonable requests for information
  • Preserve and produce records relevant to the investigation as required by law or your agreement
  • Not take any action designed to obstruct, delay, or compromise an investigation

10. Changes to This AUP

We may update this AUP from time to time to reflect changes in our Services, business practices, or applicable law. When we make material changes, we will notify registered account holders via email or in-platform notification at least 30 days before the updated AUP takes effect. Continued use of the Services after the effective date of a revised AUP constitutes acceptance of the updated terms.

11. Contact

For questions about this Acceptable Use Policy:

Echo Health Solutions Email: info@echobooking.com Mailing Address: 120 Bretano Way, Greenbrae, CA 94904

This Acceptable Use Policy should be read together with the Echo Health Solutions [Privacy Policy], [Terms of Service], and applicable Business Associate Agreement.