‍

Verus Surgical Consultants, Inc.
‍

Our Commitment to Your Privacy

At Verus Surgical Consultants, we understand that you’re trusting us with sensitive health information at a critical time in your healthcare journey. This Privacy Policy explains how we collect, use, protect, and share your information when you use our services at verusheart.com.

This policy works together with our Terms and Conditions and HIPAA Notice of Privacy Practices to provide complete information about how we handle your data.

Please read carefully before engaging in a second-opinion consultation.

1. Information We May Collect

Information You Provide to Us
When you use our services, you may provide:

• Contact information (name, email address, phone number, physical address)
• Medical information (medical history, test results, imaging studies, surgical history)
• Account information (username, password, profile preferences)
• Optional profile photo
• Payment information (billing details processed securely through Stripe)
• Communications (messages or information shared during consulting sessions)

Information Collected Automatically
When you visit our website, we may automatically collect:

• Usage information (pages visited, time spent, features used)
• Device information (browser type, operating system, device type)
• Location information (general IP-based location)
• Cookies and analytics data to improve user experience

2. How We Use Your Information

We use the information we collect to:

• Provide our services, including generating your MyVerus™ Report
• Facilitate consultations with board-certified surgeons and cardiologists
• Calculate STS risk scores and guideline mapping
• Send appointment reminders and report notifications
• Process payments through secure third-party providers
• Improve our platform and AI algorithms
• Maintain platform security and prevent fraud
• Comply with healthcare and privacy regulations, including HIPAA

3. How We Protect Your Health Information

HIPAA Compliance
We maintain physical, technical, and administrative safeguards in accordance with HIPAA standards. When we receive protected health information (PHI) from a covered entity, we act as a Business Associate and will execute a Business Associate Agreement (BAA) upon request.

Security Measures

• SSL/TLS encryption for all data transmission and encryption at rest
• Role-based access with least-privilege controls
• Multi-factor authentication for authorized personnel
• PHI stored in HIPAA-compliant systems separate from administrative tools
• SHA-256 hashing to verify authorship and timestamp of reports
• Comprehensive audit logging and ongoing security reviews

Important Notes

• No PHI is stored in Outseta, Airtable, or RingCentral
• PHI is exchanged only via secure portal unless you explicitly request otherwise
• PHI is never sent by unencrypted email or SMS

4. How We Share Your Information

We Never Sell Your Data
We will never sell your personal or health information.

Limited Sharing for Service Delivery
We may share information only as needed to provide our services:

• Consulting physicians reviewing your case (minimum necessary data)
• Your treating physicians, if you authorize sharing your report
• Payment processors and secure communications providers
• De-identified data for platform and AI improvement
• As legally required by public health, oversight, or law enforcement authorities

Referral Program Compliance
All referral acknowledgments comply with the Stark Law and Anti-Kickback Statute.

• Flat-fee referrals only ($200 for cardiologists, $100 for PCPs)
• Applies to self-pay customers only
• Never linked to federal health programs

You maintain full control of your MyVerus™ Reports through your patient portal and can manage or revoke sharing permissions at any time.

5. Your Privacy Rights

For All Users
You have the right to access, correct, delete, or download your data, request restrictions on its use, and opt-out of marketing communications.

HIPAA Rights
See our HIPAA Notice of Privacy Practices for full details about your rights to access, amend, and receive an accounting of disclosures.

California Residents (CCPA)
If you reside in California, you have additional rights under the California Consumer Privacy Act. You may:

• Request details about collected and shared personal information
• Request deletion or correction
• Opt-out of certain sharing activities
• Exercise these rights without discrimination

Nevada Residents
You may opt-out of the sale of covered information. Although we do not sell personal data, you can submit a request to record your preference.

Response times: 30 days for general requests, 45 days for CCPA requests.

6. Data Retention

We retain information as required by healthcare and legal regulations (typically seven years for patient records). After expiration, data is destroyed securely using industry-standard methods.

7. Cookies and Tracking

We use cookies and related technologies as described in our Cookies Policy. You can review, manage, or disable cookies through your browser settings.

8. Third-Party Services and Links

Our website may include links to third-party services. We are not responsible for their privacy practices. Please review their policies before sharing personal information.

9. Children’s Privacy

Our services are not intended for users under 18 without parental consent. If you believe we’ve collected information from a child, please contact us immediately.

10. International Users

If you access our services from outside the United States, your data will be processed in the U.S., where privacy laws may differ. By using our services, you consent to this transfer.

11. Communications Preferences

By using our services, you consent to receive administrative messages, secure portal notifications, and essential service emails. You may unsubscribe from marketing communications at any time. Essential service communications cannot be disabled.

12. Breach Notification

We will notify you of any data breach or security incident in accordance with HIPAA and applicable privacy laws.

13. Complaints and Questions

If you believe your privacy rights have been violated, you may:

• Contact our Privacy Officer at privacy@verusheart.com
• File a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights

We investigate all complaints promptly and respond within 30 days.

Contact information:
Verus Surgical Consultants, Inc.
2831 St. Rose Parkway, Suite 200
Henderson, NV 89052
Phone: (720) 277-0419

14. Changes to This Policy

We may update this Privacy Policy periodically. When changes occur, we will:

• Update the “Last Updated” date on this page
• Notify registered users via email
• Offer an opportunity to review before continued use

15. Integration with Other Policies

This Privacy Policy should be read together with:

• Terms and Conditions
• HIPAA Notice of Privacy Practices
• Cookies Policy
• Telehealth Consent (for applicable licensed states)

Your privacy and trust are central to our mission. Thank you for trusting Verus with your healthcare journey.

‍