Prorenata

ProrenataProrenataProrenata

Prorenata

ProrenataProrenataProrenata
  • Home
  • Our Mission & Vision
  • Privacy Policy
  • Contact Us

Privacy Policy

 

Prorenata Privacy Policy

Effective Date: 9/15/2025
Last Updated: 9/14/2025

 

1. Introduction

Prorenata, Inc. ("Prorenata," "we," "us," or "our") is committed to protecting the privacy and security of personal information, including Protected Health Information (PHI), in accordance with applicable laws and regulations. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our AI-powered healthcare automation platform and services.

IMPORTANT: This Privacy Policy applies to our platform and services. Healthcare organizations using our services remain responsible for their own privacy obligations under HIPAA and other applicable laws.


2. Information We Collect

2.1 Personal Information

  • Contact information (name, email, phone number, business address)
  • Professional credentials and licensing information
  • Account authentication information
  • Billing and payment information

2.2 Protected Health Information (PHI)

We may process PHI solely as a Business Associate under HIPAA on behalf of covered entities. This includes:

  • Patient identifiers and demographic information
  • Medical records and clinical data
  • Treatment and diagnosis information
  • Healthcare payment and billing information

2.3 Technical Information

  • Device identifiers and IP addresses
  • Browser type and operating system
  • Usage patterns and system performance data
  • Security logs and access records

2.4 Automatically Collected Information

  • Platform usage analytics
  • System performance metrics
  • Error logs and debugging information

3. How We Use Information

3.1 Service Provision

  • Delivering AI automation and workflow services
  • Processing healthcare data as directed by covered entities
  • Maintaining platform functionality and performance
  • Providing customer support and technical assistance

3.2 Business Operations

  • Account management and billing
  • Service improvement and development
  • Security monitoring and incident response
  • Legal compliance and regulatory reporting

3.3 Limitations on Use

We do NOT use PHI for:

  • Marketing purposes
  • Research without explicit authorization
  • Any purpose not specified in our Business Associate Agreement
  • Training AI models (unless specifically de-identified and authorized)

4. Information Sharing and Disclosure

4.1 No Sale of Personal Information

We do not sell, rent, or trade personal information or PHI to third parties.

4.2 Permitted Disclosures

We may disclose information only in the following circumstances:

  • As directed by the covered entity we serve
  • To authorized users within your organization
  • To service providers under strict confidentiality agreements
  • As required by law or valid legal process
  • To prevent serious threats to health or safety
  • For business transfers (with appropriate protections)

4.3 Service Providers

Third-party service providers with access to personal information must:

  • Sign confidentiality agreements
  • Comply with HIPAA requirements (for PHI)
  • Implement appropriate security measures
  • Use information only for specified purposes

5. Data Security

5.1 Technical Safeguards

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication for all user accounts
  • Regular security assessments and penetration testing
  • Continuous monitoring for security threats
  • Automated backup and disaster recovery systems

5.2 Administrative Safeguards

  • Role-based access controls with minimum necessary access
  • Regular employee security training
  • Incident response and breach notification procedures
  • Vendor management and oversight programs
  • Regular risk assessments and security audits

5.3 Physical Safeguards

  • Secure data centers with restricted access
  • Environmental controls and monitoring
  • Secure workstation and media controls
  • Device and media disposal procedures

6. Data Retention and Deletion

6.1 Retention Periods

  • PHI: Retained only as long as necessary for service provision or as required by law
  • Personal Information: Retained for the duration of the business relationship plus applicable legal requirements
  • Technical Data: Retained for operational purposes, typically 12-24 months

6.2 Secure Deletion

Upon termination of services or upon request:

  • All PHI is securely deleted or returned as directed
  • Personal information is securely deleted according to our retention schedule
  • Deletion is performed using industry-standard methods

7. Individual Rights

7.1 HIPAA Rights (for PHI)

When we process PHI, individuals may have rights to:

  • Access their PHI
  • Request amendments to PHI
  • Request restrictions on use/disclosure
  • Request confidential communications
  • File complaints with covered entities or HHS

7.2 General Privacy Rights

Depending on applicable law, you may have rights to:

  • Access personal information we maintain
  • Correct inaccurate information
  • Request deletion of personal information
  • Object to certain processing activities
  • Data portability (where applicable)

8. International Data Transfers

If we transfer personal information internationally, we ensure appropriate safeguards through:

  • Standard contractual clauses
  • Adequacy decisions
  • Binding corporate rules
  • Other legally recognized transfer mechanisms

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18 without parental consent.

10. State-Specific Privacy Rights

10.1 California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information. Please contact us for details about exercising these rights.

10.2 Other State Laws

We comply with applicable state privacy laws, including those in Virginia, Colorado, Connecticut, and other jurisdictions with comprehensive privacy legislation.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will:

  • Notify you of material changes via email or platform notification
  • Post the updated policy with the effective date
  • Obtain consent for changes that affect PHI processing (where required)

12. Contact Information

For privacy-related questions, concerns, or requests:

Privacy Officer
Prorenata, Inc.
[Address]
Email: privacy@prorenata.com
Phone: [Phone Number]

Data Protection Officer (if applicable)
Email: dpo@prorenata.com

13. Regulatory Compliance

This Privacy Policy is designed to comply with:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • California Consumer Privacy Act (CCPA/CPRA)
  • General Data Protection Regulation (GDPR) (where applicable)
  • Other applicable federal and state privacy laws

14. Business Associate Responsibilities

When processing PHI, Prorenata acts as a Business Associate and:

  • Complies with all applicable HIPAA requirements
  • Maintains separate Business Associate Agreements with covered entities
  • Implements appropriate safeguards for PHI
  • Reports security incidents as required
  • Provides access to PHI as directed by covered entities

This Privacy Policy is a legal document. Please consult with qualified legal counsel to ensure it meets your specific regulatory and business requirements before implementation.

Copyright © 2025 Prorenata - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept