Privacy Policy

AuthFlow360 Privacy and Security Policy 

Effective Date: May 12, 2025

Last Updated: May 12, 2025

1. Overview

AuthFlow360 is committed to protecting the privacy, security, and integrity of all health information handled through our platform. Our policies ensure compliance with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act, and GDPR (where applicable).

2. Information Collected

a. User Information

• Name, email address, job title, organization
• Login credentials (encrypted)

b. Patient Health Information (PHI)

• Demographics (e.g., name, DOB)
• Medical records necessary for prior authorization
• Insurance and payer details

c. System Usage Data

• IP addresses
• Device/browser types
• Time of access and actions taken

3. Use of Information

AuthFlow360 uses collected information to:

• Process and manage prior authorizations
• Improve workflow and efficiency for users
• Communicate with users regarding status updates and notifications
• Enhance platform functionality and security

We do not sell or share data with third parties for marketing or non-operational purposes.

4. Data Protection Measures

a. Encryption

• Data at rest is encrypted using AES-256
• Data in transit is encrypted using TLS 1.2 or higher

b. Access Controls

• Role-based access (e.g., Admin, Staff, Payer Rep, Patient)
• Multi-factor authentication (MFA)
• Automatic session timeouts

c. Secure Infrastructure

• Hosted on AWS HIPAA-compliant infrastructure
• Regular patching, backups, and system monitoring
• Firewalls and intrusion detection systems

d. Audit Logs

• All access and actions are logged and monitored
• Tamper-proof logs are maintained for compliance audits

5. HIPAA Compliance

AuthFlow360 adheres to all HIPAA Privacy and Security Rule requirements:

• Minimum Necessary Standard for data access
• Business Associate Agreements (BAAs) with all third-party service providers
• Internal training and HIPAA awareness for all staff

6. User Responsibilities

Users agree to:

• Maintain the confidentiality of their login credentials
• Report any suspicious activity or data breaches immediately
• Only access data as needed for their professional role

7. Data Retention & Deletion

• PHI is retained only as long as necessary for operational or legal purposes
• Users may request data deletion, subject to HIPAA retention laws
• Upon contract termination, data will be exported or securely destroyed

8. Breach Notification Policy

In the event of a data breach:

• Affected users will be notified within 72 hours
• A full investigation will be conducted
• Corrective actions and incident documentation will follow HIPAA guidelines

9. GDPR (if applicable)

For users in the EU:

• Data subjects may request access, rectification, or deletion of their personal data
• AuthFlow360 appoints a Data Protection Officer (DPO) for GDPR oversight

10. Updates to This Policy

We may revise this policy from time to time. Users will be notified of significant changes and prompted to review updated terms.

11. Contact Information

Privacy Officer

Email: privacy@authflow360.com

Phone: (817) 458-8933