This Privacy Policy (this “Privacy Policy”) informs you (or the entity on whose behalf you are using this Service) (“you” or as the context requires “your”) what personal information Valere Bundled Solutions, LLC (“Valere” “we,” or “us”) may collect and how Valere uses such information. This Privacy Policy is a part of and incorporated into the End User License Agreement of the ValereCare software provided at a Valere website (collectively, the applicable website and software are referred to herein as “Services”) as well as the Valere Software Subscription and License Agreement and any amendments, attachments and/or schedules thereto. By visiting or using the Services, you agree to accept the practices described in this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Services. Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case Valere will comply with the local legal requirements.

Valere reserves the right, at any time, to modify this Privacy Policy. If we make revisions that change the way we collect, use, or share Personal Information, we will post those changes in this Privacy Policy. You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices. Valere will note the effective date of the latest version of our Privacy Policy at the end of this Privacy Policy.

1. Personal Information Collected By the Services:
• 1.1. Valere uses information collected from users of the Services to personalize and improve your visit and experience of ValereCare and for other purposes set out below.
2. Information You Give to Valere:
• 2.1. Through a user's interactions with the Services, Valere collects “Personal Information,” which isinformation that identifies an individual or relates to an identified individual. PersonalInformation includes any information you have provided in connection with your use of theServices. Personal Information is collected when you establish an account with our Services.
• 2.2. “Patient Information” refers to Patient Information we collect regarding sensitive areas, such as demographic data, diagnosis and/or medical condition, health insurance information, and/or other relevant information as necessary to provide our Services. The information we collect includes “Protected Health Information”, as defined by HIPAA. Your submission, and our collection and use of patient information is governed by all Valere Agreements and all applicable laws, including HIPAA.
• 2.3. Valere also collects information about any healthcare providers or any other entities needed to use our Services.
3. Web Beacons:
• 3.1. Valere (or service providers on Valere's behalf) may collect information from visits to the Valere website through the use of “Web Beacons.” Web Beacons are web page elements which may employ cookie technology that enable Valere to record data about visits to or transactions made on the Valere website. This information is sometimes known as “clickstream data.” Valere may use this data to analyze trends and statistics to improve your online experience or our customer service. No Personal Information is collected through the use of Web Beacons.
4. Cookies:
• 4.1. Through the use of cookies, we may also collect and analyze the IP address used to connect your computer to the Internet; computer and connection information such as your browser type and version; operating system and platform; and the URLs which lead you to and around the website including the date and time. You can generally set your browser to reject cookies or to notify you when you are sent a cookie.
5. Information Received as a Subcontractor Business Associate:
• 5.1. You may provide personal information about you, your patients, your providers and any other entities needed to use our Services.
• 5.2. Valere shall only use such information as a “subcontractor business associate” of a “business associate” and/or “covered entity” in accordance with any instructions or restrictions provided to Valere by them. With regard to such information, Valere shall comply with the applicable provisions of Health Insurance Portability and Accountability Act and the regulations promulgated thereunder, and the Health Information Technology for Economic and Clinical Health Act and any regulations promulgated thereunder, to the extent such privacy laws are applicable to subcontractor business associates.
6. Use of Information Collected By Valere:
• 6.1. Valere uses the information we collect to provide our Services to you. Additionally, Valere may use information collected to:
• (a) Respond to user service requests.
• (b) Administer user accounts.
• (c) Provide service to our clients.
• (d) Respond to your questions and concerns.
• (e) To communicate with users about our products, services, and related issues.
• (f) Conduct research and analysis.
7. Sharing of Information with Third Parties:
• 7.1. Valere will not rent, sell or otherwise disclose your information to unrelated third parties without your consent, except as stated in this Privacy Policy.
8. Valere may disclose information to its parent, subsidiary, affiliates or third parties without your consent. These entities are required to comply with HIPAA's privacy and security provisions to protect such information.
9. Valere may disclose information to service providers for the purposes of operating our business, delivering, improving, and customizing our products or services and for other legitimate purposes permitted by applicable law.
10. We may share de-identified information you provide with our clients or prospective clients that use this data to understand how our services are performing and to improve their efforts at promoting our services to others. We do not share any Protected Health Information (PHI) with our clients or prospective clients.
11. To the extent permitted by law, Valere will disclose information to government authorities or third parties pursuant to a legal request, subpoena, or other legal process. Valere may also use or disclose information as permitted by law to protect Valere's rights, interests, or property as well as those of Valere affiliates, customers, or Service users.
12. If Valere sells all or part of its business or makes a sale or transfer of assets or is otherwise involved in a merger or business transfer, you agree that Valere may transfer information to a third party as part of that transaction.
13. Security of Information:
• 13.1. Valere has reasonable and appropriate safeguards in place to help protect the Information Valere collects from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We utilize third party vendors and hosting partners to provide physical security and backup of data. Although Valere attempts to protect the Information in our possession, no security system is perfect, and Valere cannot promise that information will remain absolutely secure in all circumstances.
14. Security Commitments
• 14.1. Cloud Computing
• (a) ValereCare is a SaaS application that runs in a web portal front end that can be used with any up to date browser. It is hosted on the Google Cloud Platform (GCP). The physical infrastructure environment, network components and supporting network infrastructure is hosted (domestically) on the GCP. Valere does not have physical access into this environment. Valere has a Business Associate Agreement (BAA) with Google ensuring the Privacy and Security of our customers ePHI.
• (b) GCP products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards. SOC 2 and ISO 27001 are two of their certifications.
• 14.2. Data Encryption
• (a) All data at rest is stored in a multi-tenant database housed within the GCP, providing world class security standards.
• (b) All data in transit is encrypted before being sent to GCP (SSL, HTTPS).
• 14.3. User Authentication
• (a) All users of ValereCare are first verified and given unique user names and passwords, that they will change and keep secret and not share. Valere must be contacted immediately at support@valerebundles.com when a user needs to be disabled.
• 14.4. Project and Admin Access
• (a) Strict rules around access and disabling of GCP Project and ValereCare Admin capabilities, which manage user authentication, are enforced at the highest levels within Valere.
• 14.5. Integration
• (a) Any integration with ValereCare will utilize HL7 standards. FHIR and the Google Cloud Healthcare API may also be utilized.
• 14.6. Development Environment
• (a) Valere follows commercial industry standards in the development of ValereCare.
• (b) The front end consists of HTML/CSS/Javascript. The database is PostgreSQL. Elixir is the programming language. Phoenix is the development framework. Github is the code repository. Docker is used for deployment. Atlassian is used for content management and issue tracking.
• 14.7. New Releases
• (a) Customers will be notified of any major functionality changes to ValereCare prior to release. Minor releases and bug fixes will be implemented without giving such notice. There is no action necessary on the part of the user to receive that latest update, as hot swapping is utilized.
• 14.8. Support
• (a) Our goal is for our users to have 100% uptime. Since this is a SaaS application, some things may fall outside of our control in achieving this. In the event an issue does occur, users may email Valere anytime at support@valerebundles.com with any functional or technical issues.
• (b) Response time will depend on the severity of the issue. Response may be by email or by a phone number that will be sent to the user for personal contact.
• 14.9. Governance
• (a) Valere is committed to ensuring the confidentiality, privacy, integrity, and availability of all ePHI it receives, maintains, processes and/or transmits on behalf of its Customers. As such, ValereCare is required to meet all applicable requirements of HIPAA Privacy and Security rules in addition to the applicable requirements of the Privacy rules of the HITECH Act.
15. Data Integrity and Purpose Limitation:
• 15.1. Valere limits the use of information to ways that are compatible and relevant to the purposes for which the information was collected or subsequently authorized or for which consent was obtained. Valere will take reasonable steps to ensure that information is reliable for its intended use, accurate, complete, and current.
16. Retention of Personal Information:
• 16.1. Valere will retain information as needed to fulfill the purposes for which it was collected. Valere will retain and use information as necessary to comply with Valere's business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.
17. Aggregated De-Identified Information:
• 17.1. Valere may provide aggregated information related to information to some of Valere's business partners. This information is used in a collective manner and does not identify anyone individually in any way. In addition, Valere may, subject to the limitations set out in the any agreements, use certain de-identified PHI.
18. Links to Third Party Websites:
• 18.1. The Valere website may contain certain links to third party websites. Valere is not responsible or liable for the privacy practices or content found on these websites. You should check the privacy notice and policies of each website you visit. Links to third party sites are provided solely for your convenience and any use or submission of data to such sites shall be at your sole risk.
19. Right to Access and Correct Personal Information:
• 19.1. Valere strives to make sure that our information is reliable, accurate, and up-to-date. While information is maintained by Valere, you may access the information that Valere has collected from you to the extent required by law to review, update, and correct inaccuracies. Because some information we collect, for example, your email address—is required to use our Services, we retain certain information as long as your account is active. You will have the opportunity to correct, transfer, update, modify, or delete this information by logging into your account and updating your information online or contacting Valere at the address listed below under the section titled “Contact Information.” Please note that some information may remain in Valere's records even after you request deletion of your information, to the extent permitted by the Privacy Shield Principles or required by applicable laws. Additionally, there may be limits to the amount of information Valere can practically provide. For example, we may limit access to information where the burden or expense of providing access would be disproportionate to the risks to an individual's privacy or where doing so would violate others' rights.
20. Contact Information:
• 20.1. If You have any questions or concerns related to this Privacy Policy, please contact the Valere Chief Privacy Officer at:
• Valere Bundled Solutions, LLC
• 200 W Wendover Ave
• Greensboro, NC 27401
• Attn: Chief Privacy Officer
• info@valerebundles.com
21. Pursuant to applicable law, Valere may be required to send you notice of known or suspected security breaches that impact your information. In the event that Valere must provide a notice of a security breach to you, Valere will send security breach notices to the contact information contained in your account information unless Valere is required by law to notify you using another method. Otherwise, if Valere needs, or is required, to contact you concerning any event that involves information about you we may do so by email, telephone, or mail.