1. Introduction

RAF Code IQ ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Risk Adjustment Factor (RAF) coding platform.

As a healthcare technology platform operating in California that processes Protected Health Information (PHI), we comply with the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and other applicable federal and state privacy laws.

2. Information We Collect

2.1 User Account Information

• Name, email address, and professional contact information
• Organization and role within your healthcare practice
• Username and password for account access
• Multi-factor authentication settings

2.2 Protected Health Information (PHI)

In the course of providing RAF coding services, we process PHI on behalf of covered entities, including:

• Patient demographic information (name, date of birth, member ID)
• Diagnosis codes (ICD-10) and HCC (Hierarchical Condition Category) codes
• Clinical documentation and encounter records
• Risk adjustment and coding history

2.3 Usage and Audit Information

• Browser type, device information, and IP address
• Login times, session duration, and features accessed
• Coding actions, reviews, and workflow interactions
• Export and reporting activities

3. How We Use Your Information

We use your information to:

• Provide RAF coding services, including HCC gap identification and workflow management
• Generate reports and analytics on coding opportunities and team productivity
• Maintain comprehensive audit trails for HIPAA compliance
• Authenticate users and manage access permissions
• Improve our services and develop new features
• Comply with legal and regulatory requirements
• Detect and prevent fraud, security threats, and unauthorized access

4. Information Sharing and Disclosure

We do not sell your personal or health information. We may share your information with:

• Your Organization: Administrators at your healthcare organization who manage your account access
• Business Associates: Third-party service providers who assist in our operations (under HIPAA Business Associate Agreements), including cloud hosting and infrastructure providers
• EMR Integrations: Electronic Medical Record systems that you authorize us to connect with (e.g., Practice Fusion)
• Legal Authorities: When required by law or to protect rights and safety

5. Your Privacy Rights

5.1 HIPAA Rights

• Right to access and obtain a copy of your health records
• Right to request corrections to your health information
• Right to receive an accounting of disclosures
• Right to request restrictions on uses and disclosures

5.2 CCPA Rights (California Residents)

• Right to know what personal information we collect, use, and share
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

6. Data Security

We implement industry-standard security measures to protect your information:

• 256-bit SSL/TLS encryption for data transmission
• Encrypted data storage with access controls
• Regular security audits and vulnerability assessments
• Employee training on HIPAA compliance and data security
• Multi-factor authentication for sensitive operations

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

8. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Health records are typically retained for 7 years as required by California law.

9. Children's Privacy

Our platform is not directed to individuals under 18, except when enrolled as dependents. Parent or guardian consent is required for minors.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use of our services constitutes acceptance of the updated policy.