Privacy Policy

1. Introduction

Midwest Medical Reviews PLLC ("we," "our," or "us") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical case review platform and services.

As a healthcare-related service provider, we are subject to the Health Insurance Portability and Accountability Act (HIPAA) and maintain strict standards for protecting Protected Health Information (PHI).

2. Information We Collect

2.1 Personal Information

• Name, email address, phone number, and business address
• Professional credentials and licenses
• Payment and billing information
• Account login credentials

2.2 Protected Health Information (PHI)

• Medical records and case files submitted for review
• Patient information necessary for case analysis
• Diagnostic codes, treatment records, and medical opinions
• Any health information that could identify an individual

2.3 Technical Information

• IP address, browser type, and device information
• Usage patterns and platform interaction data
• Log files and system performance metrics
• Cookie and tracking technology data

3. How We Use Your Information

• Service Delivery: To provide medical case review services and facilitate communication between clients and consultants
• Platform Operation: To maintain, improve, and secure our platform and services
• Communication: To send service-related notifications, updates, and support communications
• Billing and Payment: To process payments and manage financial transactions
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Quality Assurance: To monitor and improve the quality of our medical review services

4. HIPAA Compliance and PHI Protection

We are committed to full HIPAA compliance and implement the following safeguards:

4.1 Administrative Safeguards

• Designated Privacy and Security Officers
• Regular staff training on HIPAA requirements
• Business Associate Agreements with all third-party vendors
• Incident response and breach notification procedures

4.2 Physical Safeguards

• Secure data centers with restricted access
• Workstation security and access controls
• Media and equipment disposal procedures

4.3 Technical Safeguards

• End-to-end encryption for all PHI transmission and storage
• Multi-factor authentication for all user accounts
• Audit logs and access monitoring
• Regular security assessments and penetration testing

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

• Service Providers: With consultants assigned to review your cases (under strict confidentiality agreements)
• Business Associates: With HIPAA-compliant third-party service providers who assist in platform operations
• Legal Requirements: When required by law, court order, or legal process
• Emergency Situations: To protect health and safety in urgent circumstances
• Business Transfers: In connection with mergers, acquisitions, or asset sales (with continued privacy protection)

6. Data Security and Retention

6.1 Security Measures

• AES-256 encryption for data at rest and in transit
• Regular security updates and vulnerability assessments
• Network firewalls and intrusion detection systems
• Secure backup and disaster recovery procedures

6.2 Data Retention

• Medical case files: Retained for 7 years after case completion
• User account information: Retained while account is active plus 3 years
• Financial records: Retained for 7 years as required by law
• System logs: Retained for 2 years for security and audit purposes

7. Your Rights and Choices

Under HIPAA and applicable privacy laws, you have the right to:

• Access: Request access to your PHI and account information
• Amendment: Request corrections to inaccurate information
• Restriction: Request limitations on how we use or disclose your information
• Portability: Receive your data in a portable format
• Deletion: Request deletion of your information (subject to legal requirements)
• Opt-out: Unsubscribe from marketing communications

To exercise these rights, please contact us at privacy@midwestmedicalreviews.com

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain user sessions and platform functionality
• Remember user preferences and settings
• Analyze platform usage and performance
• Enhance security through fraud detection

You can control cookie settings through your browser preferences, though disabling certain cookies may affect platform functionality.

9. International Data Transfers

Our services are based in the United States. If you access our platform from outside the US, your information may be transferred to, stored, and processed in the United States in accordance with US privacy laws and this Privacy Policy.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we discover that we have collected information from a minor, we will promptly delete it.

11. Privacy Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify users of material changes through platform notifications or email. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Information