Introduction

PrismIQ Labs, Inc. ("PrismIQ," "we," "us," or "our") is committed to protecting the privacy and security of the information we collect, including Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our AI-powered denial management platform.

HIPAA Compliance

PrismIQ operates as a Business Associate under HIPAA. We are committed to maintaining the confidentiality, integrity, and availability of all PHI we process on behalf of our Covered Entity clients (healthcare providers, practices, and billing companies).

We maintain administrative, physical, and technical safeguards to protect PHI in accordance with the HIPAA Security Rule. Our systems are designed to ensure that PHI is accessed only by authorized personnel for authorized purposes.

Business Associate Agreement (BAA)

Prior to processing any PHI, PrismIQ will execute a Business Associate Agreement (BAA) with your organization. The BAA outlines our responsibilities for protecting PHI, permitted uses and disclosures, breach notification procedures, and termination provisions. A BAA is available upon request and must be signed before any pilot program involving patient data can commence.

Information We Collect

Pilot Request Form Data

When you submit our "Request a Pilot" form, we collect the following information:

• Name: Your full name for communication purposes
• Email Address: To respond to your inquiry and send pilot materials
• Practice Name: To understand your organization and customize our services
• Monthly Denial Volume: To assess pilot scope and provide relevant recommendations

This information is used solely to evaluate your pilot request and communicate with you. It is not PHI and is stored separately from any healthcare data.

Platform Usage Data (After BAA Execution)

Once a BAA is in place, our platform may process:

• ERA/835 remittance data including denial reason codes
• Claim information necessary to generate appeal letters
• Patient identifiers as required for appeals (treated as PHI)
• Payer policy references and coverage determinations

How We Use Your Information

• To provide our AI-powered denial management services
• To generate policy-cited appeal letters on your behalf
• To analyze denial patterns and improve recovery rates
• To communicate with you about your account and our services
• To comply with legal obligations and enforce our agreements

Data Security

We implement industry-standard security measures including:

• End-to-end encryption for data in transit (TLS 1.3)
• AES-256 encryption for data at rest
• Role-based access controls and audit logging
• Regular security assessments and penetration testing
• SOC 2 Type II compliance (in progress)

Data Retention

PHI is retained only for the period necessary to provide our services and comply with legal requirements. Upon termination of a BAA, PHI will be returned or destroyed in accordance with HIPAA requirements and the terms of our agreement.

Third-Party Disclosures

We do not sell, trade, or otherwise transfer your information to outside parties except as necessary to provide our services, comply with the law, or protect our rights. Any subcontractors with access to PHI are bound by Business Associate Agreements.

Your Rights

Under HIPAA, you have rights regarding your PHI, including the right to:

• Access and obtain a copy of your PHI
• Request amendments to your PHI
• Receive an accounting of disclosures
• Request restrictions on certain uses and disclosures

To exercise these rights, please contact your healthcare provider (the Covered Entity). We will assist them in fulfilling these requests as required by our BAA.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

PrismIQ Labs, Inc.
Email: hello@prismiqlabs.ai
Privacy Officer: privacy@prismiqlabs.ai

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.