Privacy Policy

Protected Health Information

As a Business Associate under HIPAA, we collect and process Protected Health Information ("PHI") through our Services. This includes health information created or received by healthcare providers, health plans, employers, or healthcare clearinghouses that relates to past, present, or future physical or mental health conditions, healthcare provision, or payment for healthcare.

PHI we may collect includes health-related identifiers such as patient names and demographic information, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, device identifiers, voice recordings and transcripts, full face photographic images, and other unique identifying characteristics or codes.

Personal Data You Provide

We collect Personal Data when you voluntarily provide information to us through the Services, including contact information, account credentials, payment details, employment information, and communications preferences. This may occur when you create an account, make a payment, or communicate with us through the Services.

Information Collected via Technology

When you interact with our Services, we automatically collect technical information about your equipment, browsing actions, and usage patterns. This includes your browser type and version, operating system, IP address, device identifiers, usage data and patterns, communication preferences, and voice recordings and transcripts.

Cookies and Tracking Technologies

Our Services employ various technologies to collect and store information, including cookies, web beacons, local storage, analytics tools, session replay software, and voice recording technology. We use both persistent cookies (which remain after you close your browser) and session cookies (which expire when you close your browser).

Telephone Numbers and Call Data

For our AI voice agent services, we collect phone numbers and call records to provide the Services, comply with legal obligations, and maintain opt-out records. We retain call logs to demonstrate compliance with applicable regulations.

Use of PHI

We handle PHI in strict compliance with HIPAA and our Business Associate Agreements. Our use and disclosure of PHI is limited to specific permitted purposes, including providing our Services, supporting healthcare operations, processing payments, and complying with legal requirements.

Use of Personal Data

We use Personal Data to operate, maintain, and improve our Services. This includes processing payments, communicating with you about our Services, enhancing our AI systems, and ensuring the security of our platform.

AI Voice Agent Data Usage

Information collected through our AI voice agents serves several specific purposes in our healthcare revenue cycle services. We use this data to train and improve our AI systems, monitor compliance, optimize service delivery, and maintain accurate records.

HIPAA-Compliant Disclosures

We disclose PHI as permitted by HIPAA and our Business Associate Agreements. This includes disclosures to covered entities, other business associates, and regulatory authorities as required by law.

Service Providers and Subprocessors

We carefully select and oversee third-party service providers who help us deliver our Services. Our current subprocessors include Amazon Web Services (hosting), Twilio (communications), and AssemblyAI (speech processing).

We will notify users of legal demands for PHI unless prohibited by law. For non-PHI data, we may disclose information as required by valid subpoenas or court orders.

Security Measures

We implement comprehensive security measures to protect your information. We maintain strict access controls, require strong authentication, and conduct regular security monitoring. Our physical and administrative safeguards include employee training, incident response procedures, and quarterly access log reviews.

Data Breach Procedures

In the event of a data breach, we follow a documented incident response plan. This includes promptly investigating the incident, taking appropriate corrective action, and providing all required notifications.

HIPAA Rights

Under HIPAA, you have specific rights regarding your PHI. These include the right to access your health information, request amendments, receive an accounting of disclosures, and request restrictions on certain uses or disclosures.

State Privacy Rights

Residents of certain states (including California, Colorado, Connecticut, Utah, and Virginia) may have additional privacy rights under applicable state laws. To exercise these rights, please contact us at privacy@vodera.ai.

Communication Preferences

You can control your communication preferences through several methods. To opt out of marketing communications, you may use the unsubscribe mechanism in our messages, adjust your account settings, or contact us directly.