Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last Updated: December 14, 2024

1. Introduction

Neuraforz ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Healthcare & Revenue Cycle Management (RCM) Compliance

As a provider of Revenue Cycle Management (RCM) services, Neuraforz is committed to maintaining the highest standards of compliance with healthcare regulations and protecting sensitive patient information.

2.1 HIPAA Compliance

Neuraforz complies with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations, including:

  • Privacy Rule: We implement policies and procedures to protect the privacy of Protected Health Information (PHI) and ensure it is used only for authorized purposes.
  • Security Rule: We maintain administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic PHI (ePHI).
  • Breach Notification Rule: We have procedures in place to detect, report, and respond to any breaches of unsecured PHI in accordance with regulatory requirements.
  • HITECH Act: We comply with the Health Information Technology for Economic and Clinical Health Act requirements for enhanced privacy and security protections.

2.2 Protected Health Information (PHI)

In the course of providing RCM services, we may process Protected Health Information on behalf of our healthcare clients. PHI includes any individually identifiable health information such as:

  • Patient names and contact information
  • Social Security numbers and other identifiers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Dates of service and treatment information
  • Diagnosis and procedure codes
  • Billing and claims data
  • Insurance information

We process PHI only as necessary to perform our contracted RCM services and in accordance with applicable law and our Business Associate Agreements.

2.3 Business Associate Agreements (BAA)

When providing RCM services that involve access to PHI, Neuraforz enters into Business Associate Agreements with covered entities as required by HIPAA. Our BAAs establish:

  • Permitted uses and disclosures of PHI
  • Safeguards we implement to protect PHI
  • Breach notification procedures and timelines
  • Requirements for subcontractors who may access PHI
  • Obligations upon termination of the agreement
  • Individual rights regarding their PHI

2.4 RCM-Specific Data Handling

Our Revenue Cycle Management services involve processing sensitive healthcare and financial data. We implement specific controls for:

  • Claims Processing: Secure handling of insurance claims, including electronic submission through encrypted channels
  • Payment Processing: PCI-DSS compliant handling of payment card information
  • Denial Management: Secure storage and processing of claim denial information
  • Patient Billing: Protection of patient financial information and billing records
  • Coding Compliance: Accurate and compliant medical coding practices (ICD-10, CPT, HCPCS)
  • Audit Trails: Comprehensive logging of all access to and modifications of healthcare data

2.5 Additional Healthcare Compliance

Beyond HIPAA, we adhere to additional healthcare industry standards and regulations:

  • State Privacy Laws: Compliance with state-specific healthcare privacy regulations that may provide additional protections
  • CMS Requirements: Adherence to Centers for Medicare & Medicaid Services guidelines for claims submission and processing
  • False Claims Act: Commitment to accurate billing practices and prevention of fraudulent claims
  • Anti-Kickback Statute: Compliance with federal anti-kickback regulations in healthcare transactions
  • STARK Law: Adherence to physician self-referral regulations where applicable
  • OIG Compliance: Following Office of Inspector General guidance for healthcare compliance programs

Our Compliance Commitment

Neuraforz maintains a comprehensive compliance program that includes regular training for all employees who handle PHI, periodic risk assessments, and ongoing monitoring of our security controls. We are committed to continuous improvement of our privacy and security practices to meet evolving regulatory requirements and industry best practices.

3. Information We Collect

3.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Fill out contact forms on our website
  • Book a consultation or meeting with our team
  • Subscribe to our newsletter or communications
  • Interact with our chatbot or support services
  • Engage with us for business purposes

This information may include:

  • Name (first and last)
  • Email address
  • Phone number
  • Company name
  • Job title
  • Message content and inquiry details

3.2 Automatically Collected Information

When you visit our website, we may automatically collect certain information, including:

  • IP address and location data
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages
  • Referring website or source
  • Click patterns and navigation behavior

4. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide customer support
  • Schedule and conduct consultations or meetings
  • Deliver the services you have requested
  • Send you relevant communications about our services
  • Improve our website and user experience
  • Analyze website traffic and usage patterns
  • Protect against spam, fraud, and security threats
  • Comply with legal obligations

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our website and conducting our business (e.g., email services, analytics, hosting).
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • Protection of Rights: We may disclose information to protect our rights, privacy, safety, or property, or that of others.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. These technologies help us:

  • Remember your preferences and settings
  • Understand how you use our website
  • Improve our services and content
  • Provide security features

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our website.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (SSL/TLS) and at rest (AES-256)
  • Secure data storage practices
  • Access controls and authentication
  • Regular security assessments

7.1 HIPAA Security Safeguards for RCM Services

For our Revenue Cycle Management services involving PHI, we maintain additional security controls as required by HIPAA:

  • Administrative Safeguards:
    • Designated Privacy and Security Officers
    • Workforce training and awareness programs
    • Access authorization and management procedures
    • Incident response and contingency planning
    • Regular risk assessments and audits
  • Physical Safeguards:
    • Facility access controls
    • Workstation security policies
    • Device and media controls
    • Secure disposal of PHI
  • Technical Safeguards:
    • Unique user identification and authentication
    • Automatic session timeouts
    • Audit controls and activity logging
    • Encryption of ePHI in transit and at rest
    • Integrity controls to prevent unauthorized alteration

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When your information is no longer needed, we will securely delete or anonymize it.

8.1 Healthcare Data Retention

For Protected Health Information processed through our RCM services, we adhere to applicable federal and state retention requirements, which may include:

  • HIPAA requires retention of documentation for a minimum of six (6) years
  • Medicare/Medicaid records may require retention for up to ten (10) years
  • State-specific medical record retention laws may apply
  • Billing and claims records are retained as required by payer contracts and regulatory requirements

Upon termination of our Business Associate Agreement with a covered entity, we will return or securely destroy all PHI as directed and in accordance with HIPAA requirements.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Opt-out: Unsubscribe from marketing communications
  • Portability: Request transfer of your data in a portable format

9.1 HIPAA Patient Rights

If you are a patient whose PHI is processed through our RCM services, you have specific rights under HIPAA, which are exercised through the healthcare provider (covered entity) that holds your records. These include:

  • Right to Access: Request access to and obtain a copy of your PHI
  • Right to Amend: Request amendments to your PHI if you believe it is incorrect or incomplete
  • Right to an Accounting of Disclosures: Request a list of certain disclosures of your PHI
  • Right to Request Restrictions: Request restrictions on certain uses and disclosures of your PHI
  • Right to Confidential Communications: Request that communications be sent to you at an alternative address or by alternative means
  • Right to a Paper Copy: Obtain a paper copy of the Notice of Privacy Practices
  • Right to File a Complaint: File a complaint with the covered entity or the U.S. Department of Health and Human Services if you believe your privacy rights have been violated

To exercise these HIPAA rights, please contact the healthcare provider directly. As a Business Associate, we will assist covered entities in responding to patient rights requests as required.

To exercise any of these rights, please contact us using the information provided below.

10. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Neuraforz

Chicago, IL

Email: support@neuraforz.com

Phone: +1 (773) 888-9957