CertifyMed

Documentation / Legal

Privacy Policy

Last Updated: March 23, 2026CertifyMed Inc.

Privacy Policy

CertifyMed Inc. ("CertifyMed," "we," "us," or "our") is committed to protecting personal information processed through the CertifyMed platform.

This Privacy Policy explains:

  • What information we collect;
  • How we use and process that information;
  • How we protect it;
  • How organizations and authorized users may access or export their data.

This Privacy Policy applies to:

  • Visitors to https://certifymed.com (the "Site"); and
  • Users of the CertifyMed software platform and related services (the "Platform").

CertifyMed provides software infrastructure used by government entities, managed care organizations, healthcare providers, and other enterprises to administer assessments, case management workflows, quality measures, and compliance programs.

This Policy is intended to describe our data handling practices. The Terms of Service govern platform usage and contractual rights.

1. Our Role in Data Processing

CertifyMed primarily operates as a service provider and data processor on behalf of its organizational customers.

In most cases:

  • The Customer (e.g., agency, provider, managed care organization) determines what data is collected and how it is used.
  • CertifyMed processes that data solely to provide and maintain the Platform.

For visitors to our website and individuals who contact us directly, CertifyMed acts as the data controller for that limited information.

If you are an individual whose information has been entered into the Platform by a government entity, healthcare provider, or other organization, please direct privacy-related requests to that organization. We will support our customers in responding to lawful requests as required.

2. Information We Collect

We collect information in the following categories:

A. Information Provided by Organizational Customers

Customers may enter or upload information into the Platform, including:

  • Assessment responses and scoring data
  • Case management documentation
  • Participant or member records
  • Demographic information
  • Social determinants of health screening responses
  • Quality measure tracking information
  • Compliance monitoring documentation
  • Supporting files and attachments

We process this information only in accordance with the Customer's instructions and for purposes of providing the Services.

B. Account and Administrative Information

We collect information necessary to manage organizational accounts, including:

  • Organization name
  • Administrator contact details
  • User names and credentials
  • Role and permission settings
  • Billing and subscription information

C. Automatically Collected Technical Information

When the Platform or Site is used, we may automatically collect:

  • IP address
  • Device and browser type
  • Log-in and activity timestamps
  • Platform usage metrics
  • System performance data

This information is used to:

  • Maintain security
  • Monitor system integrity
  • Diagnose technical issues
  • Improve functionality

D. Website and Communications Information

If you contact us, request information, or interact with our website, we may collect:

  • Name
  • Email address
  • Organization
  • Inquiry content
  • Website analytics information

3. How We Use Information

We use collected information to:

  • Provide, operate, and maintain the Platform;
  • Authenticate and manage user access;
  • Enable assessment, case management, quality tracking, and compliance workflows;
  • Provide customer support and technical assistance;
  • Maintain system security and prevent unauthorized access;
  • Improve platform functionality and performance;
  • Fulfill contractual and legal obligations.

We do not sell personal information.

We do not use Customer-submitted assessment or case data for unrelated marketing purposes.

4. Data Access and Export

Organizational Customers and authorized users may access and export their data at any time through available Platform functionality, subject to subscription terms and technical limitations.

Upon termination of services, Customers may request export of their data within a commercially reasonable timeframe.

CertifyMed does not restrict Customer access to their own data except as required by law or valid legal process.

5. Disclosure and Sharing of Information

CertifyMed does not sell personal information.

We may disclose information in the following circumstances:

A. Service Providers

We may share information with trusted third-party service providers that support our operations, such as:

  • Cloud hosting providers
  • Infrastructure and security vendors
  • Analytics and monitoring providers
  • Payment processors
  • Technical support vendors

These service providers are contractually obligated to use information only for authorized purposes and to protect it with appropriate safeguards.

B. At the Direction of Customers

Because CertifyMed primarily acts as a data processor, we may disclose information as directed by the Customer, including:

  • Authorized users within the Customer's organization
  • Regulatory agencies, auditors, or oversight bodies
  • Government entities administering programs

C. Legal Requirements

We may disclose information when required to:

  • Comply with applicable law
  • Respond to lawful requests from public authorities
  • Enforce our agreements
  • Protect the security or integrity of the Platform

Where permitted, we will provide notice of such disclosures.

D. Business Transfers

If CertifyMed is involved in a merger, acquisition, restructuring, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality protections.

6. HIPAA and Regulatory Considerations

CertifyMed may process information that constitutes Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA") where applicable.

Where required:

  • CertifyMed will enter into a Business Associate Agreement ("BAA") with the relevant Customer.
  • We will process PHI solely in accordance with the BAA and applicable law.

Customers remain responsible for:

  • Determining whether HIPAA applies to their use of the Platform;
  • Ensuring lawful collection and disclosure of PHI;
  • Meeting their own regulatory obligations.

The Platform is designed to support compliance workflows but does not replace independent regulatory oversight.

7. Data Retention and Access

A. Retention

We retain information:

  • For the duration of the Customer's active subscription;
  • As necessary to fulfill contractual obligations;
  • As required by applicable law.

Retention periods may vary depending on Customer configuration and regulatory requirements.

B. Data Access and Export

Organizational Customers and their authorized users may access and export their data at any time through available Platform functionality, subject to subscription terms and technical capabilities.

Upon termination of Services:

  • Customers may request export of their data within a commercially reasonable period;
  • After that period, data may be securely deleted in accordance with our retention policies.

CertifyMed does not restrict Customers from accessing or exporting their own data except where required by law.

C. Deletion Requests

If CertifyMed acts as a data processor, requests for deletion or modification of participant data should be directed to the relevant Customer organization. We will assist Customers in fulfilling lawful requests where required.

8. Data Security

CertifyMed implements commercially reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction.

These safeguards may include:

  • Encrypted data transmission;
  • Access controls and authentication mechanisms;
  • Role-based access configurations;
  • System monitoring and logging;
  • Secure hosting infrastructure.

While we take reasonable steps to protect information, no method of transmission over the Internet or method of electronic storage is completely secure. Customers and authorized users share responsibility for safeguarding account credentials and properly configuring user permissions within their organizations.

9. Individual Rights

Depending on applicable law, individuals may have certain rights regarding personal information, including the right to:

  • Request access to personal information;
  • Request correction of inaccurate information;
  • Request deletion of personal information;
  • Restrict or object to certain processing;
  • Receive a copy of their information in a portable format.

Because CertifyMed generally acts as a data processor on behalf of organizational Customers, requests concerning participant or member information should be directed to the relevant Customer organization.

CertifyMed will support Customers in responding to lawful requests where required.

For information collected directly by CertifyMed (such as website inquiries), individuals may contact us directly at support@certifymed.com.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our Site and within the Platform to:

  • Maintain user sessions;
  • Authenticate access;
  • Improve user experience;
  • Analyze system performance;
  • Monitor security.

Where required by law, we obtain consent for non-essential cookies.

Users may control cookie settings through their browser. Disabling certain cookies may affect Site functionality.

11. International Data Transfers

CertifyMed operates in the United States. Information may be processed and stored in the United States or other jurisdictions where our service providers operate.

Where information is transferred across borders, we implement reasonable safeguards consistent with applicable data protection laws.

12. Children's Privacy

The Platform is intended for use by organizations and authorized users. CertifyMed does not knowingly collect personal information directly from children without appropriate authorization.

Where Customers enter information relating to minors into the Platform, they are responsible for ensuring compliance with applicable laws governing parental consent and data protection.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

Updates will be posted on this page with a revised "Last Updated" date. Continued use of the Site or Services after changes are posted constitutes acceptance of the updated Policy.

14. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact:

CertifyMed Inc. / 11750 W 135th St, #5198 / Overland Park, KS 66221 / Dallas, TX / Email: support@certifymed.com

← DocumentationTerms of Service →