Privacy Policy
Last Updated: January 15, 2025
1. Introduction
MRO Connect ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical review officer platform and related services.
We comply with all applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), and are committed to maintaining the confidentiality of protected health information (PHI).
2. Information We Collect
2.1 Personal Information
We may collect the following types of personal information:
- Name, email address, and contact information
- Professional credentials and licensing information
- Employment information and organizational affiliations
- Account credentials and authentication data
- Payment and billing information
2.2 Protected Health Information (PHI)
In the course of providing our services, we may process:
- Patient medical records and test results
- Medical review documentation
- Diagnostic and laboratory data
- Other health-related information necessary for medical review processes
2.3 Usage Information
We automatically collect certain information about your use of our platform:
- IP address and device information
- Browser type and operating system
- Access times and dates
- Pages viewed and features used
- Referral URLs
3. How We Use Your Information
We use the collected information for the following purposes:
- Providing and maintaining our medical review services
- Processing and managing medical review workflows
- Authenticating users and maintaining account security
- Communicating with you about our services
- Improving our platform and developing new features
- Complying with legal and regulatory requirements
- Preventing fraud and ensuring platform security
4. HIPAA Compliance
As a business associate under HIPAA, we maintain strict safeguards for PHI:
- We use PHI only as permitted by our Business Associate Agreements (BAAs)
- We implement administrative, physical, and technical safeguards
- We limit access to PHI to authorized personnel only
- We maintain audit logs of all PHI access and modifications
- We provide breach notification as required by law
5. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share information in the following circumstances:
- With your consent: When you explicitly authorize us to share information
- For treatment purposes: As necessary for medical review processes
- With service providers: Who assist us in operating our platform under strict confidentiality agreements
- For legal compliance: When required by law, regulation, or legal process
- To protect rights: When necessary to protect our rights, safety, or property
6. Data Security
We implement industry-standard security measures to protect your information:
- Encryption of data in transit and at rest
- Secure data centers with physical access controls
- Regular security assessments and penetration testing
- Employee training on data security and privacy
- Incident response and disaster recovery procedures
7. Data Retention
We retain personal information and PHI for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal requirements. Medical records and related documentation are retained in accordance with applicable healthcare regulations and professional standards.
8. Your Rights and Choices
You have the following rights regarding your information:
- Access: Request access to your personal information
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your information (subject to legal requirements)
- Portability: Request a copy of your information in a portable format
- Opt-out: Opt-out of certain communications
To exercise these rights, please contact us at privacy@mroconnect.net
9. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience:
- Essential cookies: Required for platform functionality
- Analytics cookies: Help us understand platform usage
- Preference cookies: Remember your settings and preferences
You can control cookies through your browser settings, though some features may not function properly without them.
10. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.
11. International Data Transfers
If you access our services from outside the United States, your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy and updating the "Last Updated" date. Your continued use of our services constitutes acceptance of the updated policy.
13. Contact Information
For questions or concerns about this Privacy Policy or our privacy practices, please contact us:
MRO Connect Privacy Team
Email: privacy@mroconnect.net
Phone: 1-800-MRO-CONNECT
Address: [Your Business Address]
14. State-Specific Rights
California Residents
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information (which we do not do).
Other States
Residents of other states may have additional rights under applicable state privacy laws. Please contact us to learn more about exercising your rights under applicable law.