Privacy Policy

1. Introduction

Detego Health (“we,” “us,” or “our”) is committed to protecting the privacy and security of the personal and health-related information you provide through the Detego Health Provider Portal (“Portal”). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Portal.

2. Information We Collect

We collect the following categories of information:

• Registration Information: First name, last name, email address, Tax Identification Number (TIN), and National Provider Identifier (NPI).
• Verification Data: Information from an Explanation of Benefits (EOB) used to verify your provider identity during registration. This data is used solely for verification and is not retained after the process completes.
• Usage Data: IP address, browser type, pages visited, timestamps, and actions taken within the Portal.
• Protected Health Information (PHI): Member IDs, dates of birth, claim information, and eligibility data accessed through the Portal in the course of your authorized use.

3. How We Use Your Information

• To verify your identity and register your Portal account.
• To authenticate your access and maintain secure sessions.
• To provide claim status, eligibility, and coverage information.
• To operate and improve the Portal, including the DANA AI coverage assistant.
• To comply with legal and regulatory requirements, including HIPAA.
• To detect and prevent fraud, unauthorized access, and security incidents.

4. How We Protect Your Information

We implement administrative, technical, and physical safeguards designed to protect your information, including:

• Encryption of all data in transit (TLS 1.2+) and at rest.
• Multi-factor authentication (MFA) required for every login.
• Session timeouts after 30 minutes of inactivity.
• Audit logging of all access to PHI, with logs retained per compliance requirements.
• Credentials managed exclusively through Microsoft Entra External ID—passwords are never stored by or transmitted to our application.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share information only as follows:

• Service Providers: With trusted third parties that assist in operating the Portal (e.g., Microsoft Azure for hosting and authentication), under agreements that require them to protect your data.
• Legal Compliance: When required by law, regulation, or legal process.
• HIPAA Permitted Uses: As permitted or required under the Health Insurance Portability and Accountability Act (HIPAA) for treatment, payment, and healthcare operations.

6. Data Retention

Audit logs are retained for 7 years per healthcare compliance standards. Application logs are retained for 90 days. Session data is purged immediately upon logout or session expiration. Registration verification data is deleted upon successful account creation.

7. Your Rights

You may request access to, correction of, or deletion of your personal information by contacting us at the address below. Requests related to PHI will be handled in accordance with HIPAA requirements.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via the email address associated with their account. Continued use of the Portal after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Detego Health — Privacy Office
privacy@detegohealth.com