AVER CLOUD™ PRIVACY POLICY

Aver Cloud is a suite of web-based applications of analytics tools and services accessible at home.aver.io, portal.aver.io, and *.avercloud.com (together, the applications and website, “Aver Cloud”), operated by Aver Inc. (“Aver”), a Delaware corporation headquartered in the State of Ohio. Here, “we,” “us,” and “our” refer to Aver and any subsidiaries and affiliates of Aver involved in providing Aver Cloud services; “you” refers to you, a business entity and/or individual, as a user of Aver Cloud (i.e., health care provider, plan, payer, and/or its staff member). Aver Cloud collects and shares only the minimum necessary amount of information required to provide our services to our users.

The servers that host Aver Cloud are located in the United States, and any personal details you provide to us will be processed by us in the United States. By using Aver Cloud, you agree that the laws of the State of Delaware, without regard to conflict of laws principles, will govern all matters between you and us relating to your use of Aver Cloud.

If, after reviewing this Privacy Policy, you have questions, please contact us at the email address listed at the end of this document.

PLEASE NOTE: Your continued use of Aver Cloud constitutes your approval of and agreement to this Privacy Policy. Use of Aver Cloud is further governed by the applicable Aver application end user agreement(s) and Aver software/services agreement(s).

ALSO, PLEASE NOTE: Any capitalized terms used but not specifically defined in this Privacy Policy have the same meanings as in the federal Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations, as amended from time to time (collectively, referred to as “HIPAA”). For convenience, this Privacy Policy refers to your information and your patients’/members’ information collectively as “your information.”

What information do we collect about you?

In order to activate the services provided by Aver Cloud, you may need to register, and in connection with the registration process and your use of Aver Cloud, we will collect personal information about you. The personal information we collect about you consists primarily of demographic information, such as your name, affiliation, email address, telephone number, identification number (such as NPI or NABP/NCPDP number), your role in the care delivery and/or claims processes, and contact information for other health care providers, plans, payers, and/or their staff members with whom you work and/or share patient/member information, so that we may streamline data entry for you. We only collect this personal information if you voluntarily submit it to us when you register for and use the application and the service we provide. Your login password is encrypted and not stored in “plain text” that can be seen. From time to time we may also conduct surveys where we will collect your answers, ideas, and preferences if you elect to participate in the surveys. We may also collect non-personally identifiable information through the use of “cookies.” For more details about this type of data collection, please refer to the section below on how we collect information. To protect your security and privacy, we require that you, as the registrant, enter the personal information that you provide to us and that the information be current, complete, and accurate, although we disclaim any legal duty to verify the accuracy of any personal data that you provide to us. You are free to access your personal information that we have on file by contacting us at the email address below. In addition, at any time you can update your information or delete your account in the Preferences tab after you log in, or if you request that we modify or delete your personal information by contacting us at the email address below with the words “UPDATE MY INFORMATION” in the subject line. Please note, however, that information that is updated or deleted may be retained by us due to compliance and legal requirements. Also, please be aware that, to protect your privacy and ensure information is kept secure, we will take reasonable steps to verify your identity prior to making changes to your personal information.

What information do we collect about patients/members?

Through use of Aver Cloud, we collect information about the patients/members of the health care providers, plans, payers, and/or staff members participating on the Aver Cloud platform, including patient/member name, address, other demographic information, diagnosis and/or medical condition, treatment/medical history (including prescription medications), health insurance information, and/or financial or other relevant information, as necessary to submit coverage determination requests. The information we collect includes “Protected Health Information,” as defined HIPAA. Your submission — and our collection — of patient/member information is governed by applicable laws, including HIPAA, and the applicable Aver application end user agreement(s) and Aver software/services agreement(s).

How do we collect information?

As described above, you provide personally identifiable information about you and the patients/members of your health care provider, plan and/or payer participating on the Aver Cloud platform. Information that you provide to us is stored on our servers for later retrieval and use with Aver Cloud.

Aver Cloud collects personal information when a health care provider, plan, payer, and/or its staff member starts or participates in the care delivery and/or claims processes.

Cookies may be required for use of Aver Cloud. A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.

We may use cookies to collect general, non-personal, statistical information about the use of the website, such as how many visitors visit a specific page, how long they stay on that page, the sequence of pages accessed, and which hyperlinks, if any, they “click” on. We may also use cookies for purposes of identification of your computer when you revisit our website and to recall your authentication information. Depending on the type of browser you are using, your browser may be set to alert you to the use of cookies. You do not have to accept all cookies sent to you by this website; however, depending on the particular cookie you reject, you may not be able to use some of the features of this website.

“Do Not Track” Disclosures

Please note that, while you may have the opportunity to opt out of communications from us and you may be able to control the use of cookies through your browser, some browsers may also give you the ability to enable a “do not track” setting that sends a special signal to websites you encounter while browsing the Internet. This “do not track” setting is different from disabling certain forms of cookies in your browser settings, as browsers with the “do not track” setting enabled still have the ability to accept cookies.

At this time, we do not respond to “do not track” signals or similar mechanisms. We may collect certain information about our users over time and across third-party websites or online services, regardless of whether such users enable “do not track” signals or similar mechanisms. In the future, if we decide to respond to “do not track” signals and similar mechanisms, we will describe how we do so in this Privacy Policy.

How do we use information?

We use your username and password for purposes of authentication and security.

We use your patient’s/member’s information for Treatment, Payment and/or Health Care Operations purposes. Generally, Aver Cloud services can be used to coordinate the submission of coverage determination forms and to share this information with other health care providers, plans, payers, and/or their staff members. You initiate the process of Aver Cloud sharing or disclosing information to these parties. Also, we may process your information to Standard or Non-Standard Data Elements, to be used by Health plans, payers, and other third parties to make coverage determinations. Finally, we may use aggregated, de-identified information from you and our other for business research and analysis, such as trend identification and performance enhancements. This information is blended with information from other users and is not linked to any particular individual. For example, information collected on the ways health care providers, plans, payers, and/or their staff members use our online tool is blended with other user data to improve the functionality, speed, convenience, and overall value of Aver Cloud services. Information collected in response to survey questions you answer may also be aggregated and used to improve Aver Cloud services or for research and development purposes associated with, for example, new products or published studies.

We will not contact any patients/members whose information we have collected from you in connection with your use of Aver Cloud, unless you have requested that we interact with the patient/members.

You can delete your registered account with Aver Cloud at any time. Such deletion will take effect immediately, rendering your account inaccessible; however, our system maintains the record of your account for audit purposes, and we may maintain backup copies of your information for legal and compliance purposes.

What information is disclosed and/or shared with third parties?

We do not sell, rent, or share your information (identified or de-identified) with parties who are not affiliated with Aver, except in rare situations when permitted or required to do so by law. We may share the personal information you provide to us with trusted companies we have hired to provide services for us, such as hosting our servers and collecting and processing information on our behalf. These companies — our vendors — are contractually bound to use personal information that we share with them only to perform the services we have hired them to provide and are required to comply with HIPAA’s privacy and security provisions to protect such personal information.

We may share de-identified information you provide with our clients or prospective clients that use this data to understand how our services are performing and to improve their efforts at promoting our services to other health care providers, plans, payers, and/or their staff members. We do not share any Protected Health Information (PHI) with our clients or prospective clients. We share limited demographic information about you and other users with our clients. Specifically we share the type of user, a numeric ID, and a zipcode/state, but do not share your name, practice name, or employer.

We may also collect and group demographic and preferences information, responses to surveys and other personal information into an aggregated, non-personally identifiable form for disclosure to our clients, existing or potential business partners, affiliates, sponsors or other third parties. However, please be assured that this aggregate data will in no way personally identify you or other users of Aver Cloud. Other non-personally identifiable information that is collected through our use of “cookies” may be disclosed to our clients, existing or potential business partners, affiliates, sponsors or other third parties, but this aggregated data will in no way personally identify you or other users of Aver Cloud.

In some special circumstances, we may be required to share your information with third parties. For example, it is sometimes necessary to share general or personally identifiable information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the terms of agreements, or as otherwise required by law. We reserve the right to share your information with third parties in such instances without first obtaining your consent.

Also, we may transfer information about you if Aver or Aver Cloud is ever acquired by or merged with another company, or in the event that Aver files for bankruptcy. In such event, you will be notified before information about you is transferred and becomes subject to such other company’s privacy policies.

What about links to other websites?

On Aver Cloud, we may provide links to other websites we believe are helpful to users of the application. When you click such a link, you will be leaving Aver Cloud. Please be aware that the privacy policies of any third-party websites you visit through links provided on Aver Cloud, if any, may differ from this Privacy Policy. Therefore, you should consult the other websites’ privacy policies, as we have no control over information that is submitted to, or collected or used by, these third parties.

How do we store data and maintain its integrity?

Our internal staff, third-party vendors, and hosting partners provide the hardware, software, networking, storage, security, backup, and related technology required to reliably and safely run Aver Cloud. Although we own or otherwise have license to the code, databases, and rights of Aver Cloud, you retain rights to the personal and patient/member data you submit through Aver Cloud.

We retain your information for no longer than necessary to fulfill the purposes stated above, or for any period otherwise specifically required by law or regulation. After that time, we will destroy your information in a manner reasonably certain to prevent loss, theft, misuse, or unauthorized access, except any information that Aver Cloud has used and retains in an aggregated, de-identified fashion as described above, or if destruction is not feasible, in which case, as applicable we will extend any protections required by HIPAA to such information.

How is information protected?

Aver Cloud collects, stores, and uses personal information in accordance with the applicable Aver application end user agreement(s) and Aver software/services agreement(s).

Information you submit to Aver Cloud is protected in several ways, including by the authentication of your username and password.

All personal information that is stored or transmitted by Aver Cloud is encrypted in accordance with standards provided by the National Institute of Standards and Technology (NIST), using the encryption technologies that comply with NIST Federal Information Processing 140-2 Security Requirements for Cryptographic Modules and applicable state and federal regulations. In addition, information processing and transfer complies with all payer rules and HIPAA standards, if Aver Cloud is used in accordance with the applicable Aver application end user agreement(s) and Aver software/services agreement(s).  As already stated, we utilize the competencies of third-party vendors and hosting partners to provide physical security and backup of data, and store our equipment at a secured facility designed for such purpose. Despite the security measures employed by Aver Cloud, you should be aware that it is impossible to guarantee absolute security with respect to information sent over the Internet.

Are changes made to this Privacy Policy?

We reserve the right to update and/or change our privacy practices, including this Privacy Policy, from time to time without prior notice. In the event that we update or modify this Privacy Policy, we will post the modified policy on this page, along with the date this Privacy Policy was last modified to identify when the policy was last revised. Changes are effective immediately so you are hereby advised to review this Privacy Policy regularly. If you do not agree to the modified Privacy Policy, you should discontinue your use of Aver Cloud and delete your account with us. For information on how to do so, please contact us at the addresses provided below. Your continued use of Aver Cloud shall constitute your acceptance of the terms of this Privacy Policy.

How can I ask questions or contact Aver?

We are happy to address questions about this Privacy Policy. Please send your questions to talk@aver.io. Alternatively, you may write to us at:

Aver Cloud — Privacy Matters

Aver Inc.

41 S. High Street

Suite 1400

Columbus OH 43215

Phone: (877) 841-2775


Updated as of September 21, 2017, PPv0.2