1. Overview
Georgia Hero ("we", "us", "our") is committed to protecting your privacy and the privacy of patient information entrusted to us. This Privacy Policy describes how we collect, use, store, and protect information in compliance with HIPAA and applicable state laws.
2. Information We Collect
Account Information
- Name, email address, phone number
- Account credentials (passwords are hashed and never stored in plain text)
- Referral history and earnings data
Protected Health Information (PHI)
- Patient first and last name
- Parent/guardian phone number
- Medical condition or diagnosis
- Referral notes and clinical information
3. How We Use Information
- Process and manage referrals for clinical care
- Contact parents/guardians to facilitate care
- Verify Medicaid eligibility
- Track and process referral compensation
- Maintain audit logs for compliance
4. PHI Protection Measures
- All data is encrypted in transit (TLS) and at rest
- Access to PHI is restricted to authorized personnel only
- Patient names are displayed as initials in list views
- Phone numbers are partially masked in referrer views
- All access to PHI is logged in our audit system
- Role-based access controls limit data visibility
5. Data Retention
We retain referral and patient data for the minimum period required by law and contractual obligations. Account data is retained while your account is active. You may request account deletion through the Settings page.
6. Data Sharing
We do not sell or share personal or patient information with third parties except as required to facilitate clinical care, process payments, or comply with legal requirements. All service providers are bound by appropriate data protection agreements.
7. Your Rights
- Access your personal data through the Settings page
- Request correction of inaccurate information
- Request account deletion
- Report suspected privacy violations
8. Contact
For privacy concerns or to exercise your rights, contact our Privacy Officer at privacy@georgiahero.com.