1. Introduction

At MedFlow IO, we understand and value the trust you place in us when you provide your personal and medical information. Upholding the highest standards of confidentiality and security is integral to our mission. This Privacy Policy is designed to explain the nature of the data we collect, how we use it, and the steps we take to protect that data. Your privacy rights are always at the forefront of our considerations. For any inquiries, comments, or concerns related to our privacy practices, you can always reach out to our dedicated team at contact@medflowio.com.

2. Information We Collect

MedFlow IO's primary purpose is to facilitate seamless medical billing services. The types of information we collect to achieve this include:

• Personal Information: Such as name, address, contact details, and date of birth.
• Medical Information: Pertinent data like the health services received, medical history, treatment plans, and other essential details required for precise medical billing.
• Billing Information: This encompasses payment details, insurance data, and other relevant financial details aiding our billing process.

This information might come directly from you, from healthcare providers, or from third-party services you have accounts with, alongside MedFlow IO. All data transfers are conducted with utmost respect to your privacy and adhere to strict regulatory standards. We also automatically collect certain data like IP addresses, browser types, device details, and logs, primarily for the purposes of analysis, safety, and enhancing our services.

3. How We Use Your Information

We leverage the information collected for a variety of reasons, with a primary focus on offering the best medical billing services possible. Here are the key purposes:

• Service Delivery: We utilize your data to process medical bills, provide accurate invoicing, and facilitate communication between healthcare providers and insurance companies.
• Customer Support: Your information aids our team in offering support tailored to your needs. Whether you have questions about a bill or need assistance with our platform, your data helps us serve you better.
• Enhancements & Features: Data analytics allow us to continuously improve our services. By understanding how you use MedFlow IO, we can develop new features, streamline our processes, and enhance user experience.
• Legal & Compliance: We may use the information to comply with regulatory requirements, respond to legal requests, and ensure the integrity of our operations.
• Marketing & Communication: Occasionally, with your consent, we might use your contact details to send updates, newsletters, promotional offers, or information about our services. You always have the option to opt out of such communications.

Your trust is paramount to us. MedFlow IO will never sell, rent, or share your personal information with third parties for their promotional purposes without your explicit consent. Should you have concerns or wish to know more about how we handle specific types of data, please reach out to our privacy team at contact@medflowio.com.

4. Disclosure to Third Parties

MedFlow IO is committed to ensuring your information remains protected. However, there are instances where we might share some data with third parties:

• With healthcare providers to ensure accurate billing and provision of services.
• With third-party service providers who assist in various aspects of our service, including payment processors and IT services. We ensure these entities respect and protect your privacy in alignment with our standards.
• For legal reasons or in response to valid requests by public authorities, especially if essential for national security or law enforcement.
• In case of a merger, acquisition, or asset sale, users will be notified and given an option concerning their data.

We never sell or rent your data. Any third-party involvement is scrutinized to guarantee the security and privacy of your information.

5. Data Security and Protection

Ensuring the security of your data is a top priority at MedFlow IO. We have taken comprehensive measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

• Utilization of encryption protocols and secure methods to store and transfer data.
• Regular audits and reviews of our data collection, storage, and processing practices to counter any vulnerabilities.
• Restricted access to personal information, allowing only employees, contractors, and agents who need that information to process it for us, and who are subject to strict contractual confidentiality obligations.
• Continuous training of our staff about the importance of maintaining privacy and security.
• Use of multi-factor authentication and secure password policies for all accounts.

In the unfortunate event of a data breach, we have protocols in place to notify affected users and authorities promptly, in accordance with relevant regulations.

6. Data Retention and Deletion

MedFlow IO retains your data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements:

• Your data is stored as long as your account remains active or as needed to provide you with our services.
• Upon request, we can provide details of the retention periods for different aspects of your personal data.
• Under certain circumstances, you have the right to ask us to delete your data. However, there might be legal or other legitimate reasons for retaining some information.

We continuously review our retention policies to ensure compliance with our obligations under data protection laws and other regulatory requirements. We routinely delete or anonymize unused data.

7. Third-party Services and Data Sharing

While we take utmost care in choosing our service partners, MedFlow IO occasionally collaborates with third-party service providers to enhance our offerings and operations:

• Service providers such as payment processors, software vendors, data analysis firms, and others may access and process your data to provide their services to us.
• MedFlow IO ensures that these third-party entities maintain the highest standards of data privacy and adhere to strict data protection guidelines.
• We never sell or rent your personal information to third parties for their promotional purposes without your explicit consent.
• Any sharing of data outside of MedFlow IO is either mandated by law or necessary for the smooth operation of our services, always keeping your best interests in mind.

We strongly advise you to review the privacy policies of third-party websites or services that you visit or use, as we do not have control over and assume no responsibility for the content, policies, or practices of any third-party entities.

8. Your Data Rights and Choices

We respect your data rights and provide you with several choices concerning your information:

• Access: You can request access to your personal data and obtain a copy of it.
• Correction: If you believe any data we hold about you is inaccurate or incomplete, you can ask us to make necessary corrections.
• Deletion: You have the right to request the deletion of your data, with certain exceptions.
• Objection: You can object to the processing of your personal data for specific reasons.
• Data Portability: Under certain conditions, you can request a transfer of your data to another service provider.

To exercise any of these rights or to get more information, please reach out to us at contact@medflowio.com. We aim to respond to legitimate requests within one month, but this might take longer if the request is particularly complicated or if you have made multiple requests.

9. Data Security and Breach Procedures

MedFlow IO places the utmost importance on the security of your data:

• We employ state-of-the-art encryption, secure servers, and advanced security protocols to protect your data against unauthorized access, alterations, disclosure, or destruction.
• Regular security audits, penetration tests, and system updates are conducted to further strengthen our defenses.
• In the unlikely event of a data breach, we are committed to notifying affected users and appropriate authorities within 72 hours, in line with legal requirements. Our team will take immediate steps to mitigate the risks and prevent any future breaches.
• We advise all users to create strong, unique passwords for their MedFlow IO accounts and to avoid sharing these credentials with anyone.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We, therefore, cannot guarantee its absolute security but pledge our continuous efforts in ensuring it remains safeguarded.

10. Children's Privacy

Our services are not directed to individuals under the age of 18:

• We do not knowingly collect or solicit personal data from anyone under the age of 18 or knowingly allow such individuals to use our services.
• If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to remove that data from our servers immediately.
• Parents or guardians who believe that their child has provided us with personal data without their consent should contact us at contact@medflowio.com.

Protecting the privacy of young children is especially crucial. For that reason, we take special precautions to ensure their safety online.

11. HIPAA Compliance

Our commitment to safeguarding your medical and personal information aligns with the stringent standards set forth by the Health Insurance Portability and Accountability Act (HIPAA):

• Protected Health Information (PHI): We understand the sensitivity and importance of PHI. We handle PHI with utmost care and ensure it is shared only with entities that are compliant and have a legitimate need to access it.
• Business Associate Agreements (BAA): MedFlow IO is open to signing BAAs with healthcare providers and other entities to ensure that all parties involved understand and commit to safeguarding PHI as per HIPAA guidelines.
• Training: All MedFlow IO employees undergo rigorous HIPAA training to understand the importance of protecting PHI and the potential repercussions of not doing so.
• Encryption: All PHI stored in our databases or transmitted through our services is encrypted both in transit and at rest. This ensures that even in the unlikely event of a breach, the data remains unreadable.
• Audit Controls: We employ continuous monitoring and logging of access to PHI. Regular reviews of these logs help us ensure that the data is only accessed by authorized personnel and for legitimate purposes.

We remain committed to continuous adherence and periodic reviews of our policies to ensure compliance with evolving HIPAA guidelines. For more details on our HIPAA practices or to request a BAA, please reach out to contact@medflowio.com.

12. Changes to this Privacy Policy

From time to time, it may become necessary to update or modify this Privacy Policy:

• Any significant changes to this policy will be communicated via email or through notifications on our platform.
• We encourage users to periodically review this policy to stay informed about how we are protecting the personal and medical information we collect.
• Your continued use of our service after the posting of any amendments to this policy will signify your acceptance of those changes.

It's always a good idea to stay updated on how your information is being used and protected. We're here to help if you have any questions or concerns.

13. User Rights

As a user of MedFlow IO, you possess a range of rights regarding your personal data. These rights ensure you have control and transparency over your information.

• Right to Access: You can request a copy of the personal information we hold about you.
• Right to Rectify: If you believe any of the information we have is incorrect or incomplete, you can request to have it corrected.
• Right to Erase: In certain situations, you can ask for your personal data to be deleted from our systems.
• Right to Restrict Processing: You can ask us to limit how we use your data.
• Right to Data Portability: You have the right to request that we transfer the data we've collected to another organization or directly to you.
• Right to Object: You can object to our processing of your personal data for particular purposes.

For any inquiries regarding these rights or to exercise them, please reach out to our dedicated privacy team at contact@medflowio.com.

14. Data Retention and Deletion

MedFlow IO retains your personal and medical data only for as long as necessary to fulfill the purposes for which it was collected. Once our professional relationship concludes, we will either delete or anonymize your data, unless there's a regulatory or legal obligation for us to retain it.

• We will periodically review and update our data retention policies to ensure compliance with industry standards and legal regulations.
• Any data no longer required is securely deleted or anonymized.
• If you wish to have your data deleted before this period, or if you have questions about our data retention policies, please contact us.

Data security and privacy is our top priority. We're here to address any concerns or queries you may have regarding your data.

15. Contact Information

Should you have any questions or concerns regarding this Privacy Policy or our practices related to your personal information, please feel free to contact us at:

• Physical Address: 7214 N Main St., Camden, OH, 45311
• Phone: +1 513-202-3019
• Email: contact@medflowio.com

Your privacy is of utmost importance to us. We're committed to addressing any concerns or feedback you might have in a timely manner.