Timberas

Prior Authorization System

Privacy Policy

Last Updated: 3/22/2025

Contents

  1. 1.Introduction
  2. 2.Information We Collect
  3. 3.How We Use Your Information
  4. 4.How We Process PHI
  5. 5.Information Sharing and Disclosure
  6. 6.Data Security
  7. 7.Data Retention
  8. 8.Your Rights and Choices
  9. 9.Children's Privacy
  10. 10.Changes to Our Privacy Policy
  11. 11.Contact Information

1. Introduction

At Timberas, we are committed to protecting your privacy and the security of your information. This Privacy Policy describes how we collect, use, disclose, and protect the information of users of our prior authorization system, including our website, mobile applications, and related services (collectively, the "Services").

As a healthcare technology company handling sensitive medical and patient information, we take our privacy obligations very seriously and comply with all applicable laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

2. Information We Collect

We collect several types of information from and about users of our Services:

2.1 Protected Health Information (PHI)

As a Business Associate to healthcare providers under HIPAA, we may process Protected Health Information (PHI) when providing our Services. This includes patient demographic information, medical record numbers, health insurance information, diagnosis codes, treatment information, and other health-related data necessary for prior authorization processing.

2.2 User Account Information

When you register for an account, we collect your name, email address, professional credentials, organization affiliation, and contact information.

2.3 EHR Integration Data

With your permission, we integrate with your EHR system to access the information necessary to complete prior authorization forms. This integration is conducted securely and in compliance with applicable data protection laws.

2.4 Usage Information

We collect information about how you use our Services, including log data, device information, IP addresses, cookies, and analytics data related to your interactions with our platform.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our Services
  • To process and complete prior authorization requests
  • To train and improve our AI systems for form completion accuracy
  • To authenticate users and manage user accounts
  • To communicate with you about our Services
  • To meet legal and regulatory requirements
  • To detect, prevent, and address technical issues or security incidents

4. How We Process PHI

As a Business Associate under HIPAA, we process PHI only for the purposes of providing our Services to healthcare providers. We maintain appropriate physical, technical, and administrative safeguards to protect the privacy and security of PHI in accordance with HIPAA requirements.

Our use of AI technology to process and complete prior authorization forms involves automated processing of PHI. This processing is conducted in a secure environment with appropriate safeguards to ensure the confidentiality and integrity of the information.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • With insurance companies and other payers as necessary to process prior authorization requests
  • With our service providers who help us deliver our Services
  • As required by law, regulation, legal process, or governmental request
  • In connection with a merger, acquisition, or sale of assets
  • With your consent or at your direction

We do not sell PHI or use it for marketing purposes without appropriate authorization.

6. Data Security

We implement and maintain reasonable and appropriate administrative, technical, and physical safeguards to protect the information we process. These measures include encryption of data at rest and in transit, access controls, regular security assessments, and employee training.

7. Data Retention

We retain information only for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information, including:

The right to access and receive a copy of your information
The right to correct inaccurate information
The right to request deletion of certain information
The right to restrict or object to certain processing activities
The right to data portability

For PHI, patients should contact their healthcare provider directly to exercise their rights under HIPAA.

9. Children's Privacy

Our Services are not intended for children under 18 years of age, and we do not knowingly collect information from children under 18. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.

10. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Services or by other means, such as email. We encourage you to review the Privacy Policy whenever you access the Services.

11. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer at:

Timberas, Inc.

TimberasAI@gmail.com
123 Healthcare Plaza, Suite 300, San Francisco, CA 94107
(800) 555-0123