Responsible Disclosure Policy

eClinicalWorks asks its clients and security researchers to allow eCW the opportunity to investigate and correct a vulnerability within a reasonable timeframe. This research period enables eClinicalWorks to develop, test, and distribute a corrective patch to its clients.

In the event of software vulnerabilities, eClinicalWorks determines the best course of action to remediate the situation and provide the necessary patch.

Reporting a System Vulnerability to eClinicalWorks

Please note that this report should not be construed as encouragement or permission to perform any of the following activities:

eClinicalWorks does not waive any rights or claims with respect to such activities or any others. This document is not intended to, and does not, replace contracted for terms and conditions previously negotiated between eClinicalWorks and its Customers.

Your help is appreciated in disclosing vulnerabilities to eClinicalWorks in a responsible manner.

Thank you,