HIPAA & Data Handling Overview

1. Our Role

We provide marketing, traffic, and qualification workflows for behavioral health and recovery organizations. We are not a clinical provider and do not operate as a patient data platform.

2. PHI Minimization

Our workflows are designed to avoid collecting or storing Protected Health Information (PHI). Intake data is routed directly into the client’s existing HIPAA-compliant admissions or CRM systems.

3. Intake & Routing

Patient inquiries generated through campaigns are submitted through forms that post directly into the center’s intake workflow. Admissions teams receive leads in real time within their existing systems. We do not duplicate or retain intake submissions outside of the client’s systems.

4. Data We Access

We monitor performance at an aggregate level only, such as:

• inquiry volume

• source and campaign performance

• high-level qualification signals (e.g., PPO vs non-PPO)

We do not store patient records, clinical details, or insurance policy data.

5. Business Associate Agreements

When required by a client’s compliance policy, we are able to execute Business Associate Agreements (BAAs) and align with additional safeguards.

6. Security & Access

Access to internal tools is limited, role-based, and used solely for performance monitoring and optimization.