How We Can Help

Purpose

MedCBO, Inc. (“MedCBO,” “we,” “our,” or “us”) is committed to protecting the privacy and security of individuals’ personal information. This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of personal data. MedCBO is an S-Corporation organized under the laws of the State of Colorado and conducts business in all 50 states.

Scope

This Privacy Policy applies to all personal information collected, used, or disclosed by MedCBO through our website, services, communications, and third-party tools such as HubSpot and Microsoft Office 365. This policy complies with applicable federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), and other similar state-specific privacy laws.

Responsible Departments

Procedure: Legal

Impacts: All

Definitions

1. NPI – National Provider Identifier

2. PHI – Protected Health Information

3. HIPAA – Health Insurance Portability and Accountability Act, enacted 1996

4. HITECH – Health Information Technology for Economic and Clinical Health

Procedure

1. Information We Collect

a. We may collect the following types of personal information:

                 i.         Contact information (i.e., name, email address, phone number)

                 ii.         Professional details (i.e., practice name, NPI, job title)

                 iii.         Technical information (i.e., IP address, browser type, device identifiers)

                  iv.         Communications and correspondence

                   v.         Any other information provided voluntarily by users or clients

2. Use of Personal Information

a. We use personal information to:

           i.         Provide, operate, and improve our services

                   ii.         Respond to inquiries and provide customer support

                   iii.         Communicate important updates and marketing materials

                   iv.         Comply with legal obligations

                    v.         Analyze website usage and trends

3. Sharing of Information

a.        We do not sell personal information. We may share information with third parties only as necessary for:

                            i.         Service providers (e.g., Microsoft, HubSpot) to perform services on our behalf

                            ii.         Legal or regulatory requirements

                            iii.         Protection of rights, safety, and property

                            iv.         Business transfers or reorganizations

4. Data Retention

a. We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. When information is no longer needed, it is securely deleted or anonymized.

5. Your Rights

a.        Depending on your state of residence, you may have the right to:

                        i.         Access the personal information we hold about you

                      ii.         Request correction or deletion of your information

                       iii.         Opt out of data sharing for targeted advertising

                       iv.         Lodge a complaint with a supervisory authority

                      v.         Requests can be submitted by contacting us at Legal@medcbo.com.

6. Security

a. We implement appropriate technical and organizational security measures to protect personal information from unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the internet is entirely secure.

7. Changes to This Privacy Policy

a. We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website.

8. Contact Us

a. If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact: MedCBO: Legal@medcbo.com

9. Healthcare and Health IT Compliance

a. If you believe your HIPAA rights have been violated, you may also contact our HIPAA Privacy Officer at the above email address.

b. As a company operating in the healthcare and healthcare IT sectors, MedCBO, Inc. complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and other applicable federal and state laws governing the privacy and security of protected health information (PHI).

c. In the course of providing services, MedCBO may receive, create, maintain, or transmit PHI on behalf of covered entities and is therefore committed to upholding the highest standards of confidentiality and data protection. We implement administrative, physical, and technical safeguards as required by HIPAA to ensure the integrity and security of PHI.

d. MedCBO enters into Business Associate Agreements (BAAs) with covered entities and other business associates as necessary to comply with HIPAA and HITECH regulations. These agreements define our responsibilities in handling PHI and provide assurances that we will use the information only for permitted purposes and protect it in accordance with the law.

e. Our systems and processes are designed to support the secure exchange and management of healthcare data in compliance with applicable healthcare privacy and security regulations. MedCBO also adheres to industry best practices for data governance and undergoes periodic audits and assessments to ensure ongoing compliance.

Relevant Links

1. US Department of Health and Human Services

Appendices List (attached to Policy)

There are no appendices to this policy.

Compliance Standards

1. Evaluation of policy at a minimum annually.

2. Full Legal Review at a minimum every five (5) years.