Privacy Policy

1. Introduction

AchieveMSO ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Data Request Portal service.

This policy applies to all users of our service, including patients, healthcare providers, and authorized data requesters.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Patient Information: Name, date of birth, contact information, medical record numbers, and health information
• Provider Information: Name, credentials, practice information, contact details, and professional licenses
• Account Information: Username, email address, password (encrypted), and account preferences
• Contact Information: Phone numbers, email addresses, and mailing addresses

2.2 Technical Information

• IP addresses and device information
• Browser type and version
• Operating system information
• Usage patterns and service interactions
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide and maintain our data request portal services
• Authentication: To verify user identities and manage access to the platform
• Data Requests: To facilitate secure data requests between patients and providers
• Compliance: To ensure HIPAA compliance and meet regulatory requirements
• Communication: To send important updates, notifications, and service-related communications
• Security: To monitor and protect against fraud, abuse, and security threats
• Improvement: To analyze usage patterns and improve our services

4. HIPAA Compliance

As a healthcare data management platform, we are fully committed to HIPAA compliance. We implement:

• Administrative Safeguards: Policies, procedures, and training programs
• Physical Safeguards: Secure data centers and access controls
• Technical Safeguards: Encryption, access controls, and audit logs
• Business Associate Agreements: With all third-party service providers

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

5.1 Authorized Data Requests

• With healthcare providers when patients authorize data sharing
• With authorized researchers when proper consent is obtained
• With legal representatives when authorized by patients

5.2 Legal Requirements

• When required by law or legal process
• To protect our rights, property, or safety
• To prevent fraud or abuse
• In case of emergency situations

5.3 Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform, subject to strict confidentiality agreements.

6. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: AES-256 encryption for data at rest and in transit
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and secure protocols
• Regular Audits: Security assessments and penetration testing
• Employee Training: Regular security awareness training
• Incident Response: Comprehensive breach response procedures

7. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory requirements
• Resolve disputes and enforce our agreements
• Maintain audit trails for compliance purposes

When information is no longer needed, we securely delete or anonymize it according to our data retention policies.

8. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Request a copy of your data in a portable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to certain types of processing

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze how you use our service
• Improve our service functionality
• Ensure security and prevent fraud

You can control cookie settings through your browser preferences, but disabling cookies may affect service functionality.

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

11. International Data Transfers

If you are located outside the United States, please note that your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our service

Your continued use of our service after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us: