Privacy Policy

1. Introduction

AuthRx ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our prior authorization platform and services.

As a healthcare technology provider, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy regulations.

2. Information We Collect

2.1 Protected Health Information (PHI)

In the course of providing our services, we may collect and process Protected Health Information, including:

• Patient demographic information
• Medical history and diagnosis codes
• Prescription and treatment information
• Insurance and payer information
• Prior authorization request details

2.2 Account and Contact Information

We collect information you provide when creating an account or contacting us:

• Name, email address, and phone number
• Organization name and address
• Job title and role
• Login credentials

2.3 Usage Data

We automatically collect certain information about your use of our services:

• IP address and device information
• Browser type and operating system
• Pages viewed and features used
• Date and time of access
• Referring URLs

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our prior authorization services
• To process authorization requests and communicate with payers
• To communicate with you about your account and our services
• To ensure compliance with HIPAA and other regulations
• To detect, prevent, and address technical issues and security threats
• To analyze usage patterns and improve our platform
• To fulfill legal obligations and protect our rights

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Healthcare Operations

We share PHI with insurance payers and healthcare organizations as necessary to process prior authorization requests.

4.2 Service Providers

We work with Business Associates who provide services on our behalf (e.g., cloud hosting, analytics). All Business Associates sign HIPAA-compliant agreements.

4.3 Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect our rights and safety.

4.4 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Security

We implement industry-leading security measures to protect your information:

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication and role-based access controls
• Regular security audits and penetration testing
• SOC 2 Type II certified infrastructure
• HIPAA-compliant AWS hosting environment
• 24/7 security monitoring and incident response
• Regular employee security training

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• PHI is retained for a minimum of 6 years as required by HIPAA
• Account information is retained while your account is active
• Usage data is retained for up to 2 years for analytics purposes
• Upon request, we will delete your data subject to legal retention requirements

7. Your Rights

Under HIPAA and applicable privacy laws, you have the following rights:

• Access: Request access to your PHI
• Amendment: Request corrections to inaccurate information
• Accounting: Request an accounting of PHI disclosures
• Restriction: Request restrictions on certain uses and disclosures
• Confidential Communications: Request communications by alternative means
• Breach Notification: Be notified of any breach affecting your PHI

To exercise these rights, please contact us at privacy@authrx.io.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for platform functionality
• Analytics Cookies: Help us understand usage patterns
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, though this may limit platform functionality.

9. Third-Party Services

Our platform integrates with third-party EHR systems and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect information from minors without parental consent as required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our platform. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: