Privacy Policy

1. Information we may collect

Information You Provide to Us

When you use our services, you may provide:

• Contact Information: Name, email address, phone number, physical address
• Medical Information: Medical history, test results, imaging studies, catheterization reports, surgical history (maintained separately in HIPAA-compliant storage)
• Account Information: Username, password, profile preferences
• Profile photo (optional)
• Payment Information: Billing details processed securely through Stripe
• Communications: Any information you provide during chats, messages, or consulting sessions

Information Collected Automatically

When you visit our website, we may automatically collect:

• Usage Information: Pages visited, time spent, features used
• Device Information: Browser type, operating system, device type
• Location Information: General location based on IP address
• Cookies and Analytics: To improve your experience and our services

2. How We Use Your Information

We use the data we collect to:

Provide our Services

• Generate your MyVerus™ Report
• Facilitate consultations with board-certified surgeons and cardiologists
• Calculate STS risk scores and guideline mapping
• Provide 24/7 concierge support (for applicable packages)

• Send appointment reminders within our 60-minute callback target
• Deliver report notifications
• Provide service updates
• Respond to your questions
• Process Payments: Handle billing and payment processing through secure third-party processors
• Improve Our Services: Analyze usage patterns to enhance our platform and AI algorithms
• Ensure Safety: Maintain security, prevent fraud, and protect against unauthorized access
• Comply with legal obligations: Meet healthcare regulatory obligations, including HIPAA

3. How We Protect Your Health Information

HIPAA Compliance

We maintain physical, technical, and administrative safeguards to protect your Protected Health Information (PHI) in accordance with HIPAA requirements. When we receive PHI from a covered entity, we act as a Business Associate and will execute a Business Associate Agreement (BAA) upon request.

Our Security Measures

• Encryption: SSL/TLS encryption for all data transmission; encryption at rest for stored data
• Access Controls: Role-based access limited to authorized personnel with minimum necessary standard
• Authentication: Multi-factor authentication (MFA) for all staff accessing systems
• Secure Storage: Medical records stored separately from administrative systems in HIPAA-compliant storage
• Tamper-Proof Verification: MyVerus™ Reports are cryptographically hashed using SHA256
• Audit Logs: Comprehensive logging of all access to PHI
• Regular Audits: Ongoing security assessments and updates

Important Security Notes

• No PHI in Administrative Systems: We do not store PHI in Outseta, Airtable, RingCentral, or other customer relationship management systems
• Secure Communications: PHI is exchanged only through our secure portal unless you specifically request alternative methods and accept the associated risks
• No PHI via Standard Email / SMS: We don't send PHI through unencrypted email or text messages

4. How We Share Your Information

We Never Sell Your Information

We will never sell your personal or health information to anyone.

Limited Sharing for Service Delivery

We may share your information with:

For Treatment Purposes:

• Consulting Physicians: Board-certified surgeons and cardiologists reviewing your case (minimum necessary information only)
• Your Healthcare Team: When you explicitly authorize sharing your MyVerus™ Report with treating physicians

For Operations:

• Service Providers: Payment processors, secure messaging services (administrative data only)
• Quality Improvement: De-identified data for improving our AI algorithms and services

For Legal and Safety Reasons:

• Legal Requirements: If required by law, subpoena, court order, or government request
• Public Health: As required by public health authorities
• Health Oversight: For audits, investigations, inspections, licensure
• Abuse or Neglect: When required to report suspected abuse, neglect, or domestic violence
• Serious Threats: To prevent or lessen serious threats to health or safety

Referral Program Compliance

In accordance with Stark Law and Anti-Kickback Statute requirements:

• We maintain flat-fee referral acknowledgments ($200 for cardiologists, $100 for PCPs)
• Paid only to non-physician referrers for self-pay customers
• Never connected to federal health program business
• Transparent disclosure of all referral arrangements

Your Control

You maintain control over your MyVerus™ Reports and can manage sharing permissions through your patient portal at any time. You can grant or revoke permission to share reports, though revocation applies only to future sharing.

5. Your Privacy Rights

For All Users

You have the right to:

• Access: Request a copy of your personal information
• Correct: Update or correct inaccurate information
• Delete: Request deletion of your account and data (subject to legal retention requirements)
• Port: Receive your data in a portable format (PDF for reports, CSV/JSON for account data)
• Opt-Out: Unsubscribe from marketing communications
• Download Your Information: Request copies of your reports and personal data we have on file
• Restrict: Request limits on certain uses/disclosures (we'll honor when legally required)
• Accounting: Receive a list of certain disclosures of your PHI
• Confidential Communications: Request contact by alternate means or locations
• Paper Copy: Request a paper copy of this Privacy Policy at any time

HIPAA-Specific Rights

See our HIPAA Notice of Privacy Practices for detailed rights to access, amend, receive an accounting of disclosures, request restrictions, request confidential communications, obtain a copy of the NPP, and receive breach notifications.

You may submit HIPAA requests to us by email at this email address or call 1 (720) 277 0419

California Residents (CCPA Rights)

If you're a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: Details about personal information collected, used, and shared
• Right to Delete: Request deletion of personal information (with certain exceptions)
• Right to Opt-Out: We don't sell personal information, but you can opt-out of certain sharing
• Right to Non-Discrimination: Equal service regardless of exercising privacy rights
• Right to Correct: Request correction of inaccurate personal information
• Categories of Information: We collect identifiers, medical information, commercial information, and usage data as described above

To exercise your California privacy rights, contact us at this email address or call 1 (720) 277 0419

Nevada Residents

Nevada residents may opt-out of the sale of covered information. We don't sell your information, but you may register your preference by contacting us.

Response Timeframes

• General requests: Within 30 days
• California requests: Within 45 days
• Complex requests: We'll notify you if additional time is needed

6. Data Retention

We retain information as described in our Terms and Conditions and as required by healthcare regulations (patient records typically 7 years, longer if required).

After retention periods expire, we securely destroy information using industry-standard methods.

7. Cookies and Tracking

What We Use

We use cookies and similar technologies as described in our Cookies Policy. You can learn about the specific types of cookies we use, how to manage your preferences, and what happens when you disable cookies by reviewing our Cookies Policy.

8. Third-Party Services and Links

Our website may contain links to third-party services. We're not responsible for their privacy practices. Please review their policies before providing personal information.

9. Children's Privacy

Our services are not intended for individuals under 18 without parental consent. We don't knowingly collect information from children. If you're a parent or guardian and believe we've collected information from your child without proper consent, please contact us immediately.

10. International Users

Our services are operated from the United States. If you're accessing our services from outside the U.S.:

• Your information will be transferred to and processed in the U.S.
• U.S. privacy laws may differ from your country's laws
• By using our services, you consent to this transfer

11. Communications Preferences

Electronic Communications

By using our services, you consent to receive:

• Administrative Messages: Service updates, appointment reminders, report notifications
• Portal Messages: Secure communications about your consultation
• Email Communications: Non-PHI administrative information
• SMS Messages (if opted in): Appointment reminders, callback notifications (standard message/data rates apply)

Managing Preferences

• Email: Unsubscribe links in marketing emails
• All Communications: You may contact us by email.

Note: You cannot opt out of essential service communications (e.g., report delivery notifications, security alerts).

12. Breach Notification

We'll notify you of security incidents per applicable law and our HIPAA Notice of Privacy Practices.

13. Complaints and Questions

Privacy Complaints

If you believe your privacy rights have been violated:

1. Contact our Privacy Officer by email.
2. File a complaint with us - we won't retaliate
3. File with the U.S. Department of Health and Human Services, Office for Civil Rights

We'll investigate all complaints and respond within 30 days.

Contact Information

Privacy Contact:vChief Technical Officer
Phone: 1 (720) 277 0419
Address: Verus Surgical Consultants, Inc, 2831 St. Rose Parkway, Suite 200, Henderson, NV, 89052, USA

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our practices
• New legal requirements
• Service improvements
• User feedback

When we make material changes:

• We'll update the "Last Updated" date
• Send email notification to registered users
• Provide opportunity to review before continued use

15. Integration with Other Policies

This Privacy Policy works together with:

• Our Terms and Conditions: Which governs use of our services
• Our HIPAA Notice of Privacy Practices: Which details PHI handling
• Our Cookie Policy: Which contains specific cookie management information
• Telehealth Consent: When applicable for licensed states

All policies together form our complete privacy framework.