Privacy Policy

Last Updated: November 20, 2025

1. Introduction

Nuvira Care LLC ("NuviraCare," "we," "us," or "our") operates the NuviraCare home health electronic medical records (EMR) platform. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our website, software, and services (collectively, the "Services").

We are committed to protecting your privacy and complying with applicable privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number, organization name, and payment information when you create an account
  • Waitlist Information: Contact details and practice information when you join our waitlist
  • Protected Health Information (PHI): Patient health records, clinical documentation, billing information, and other health-related data you enter into the platform
  • Communications: Information in emails, support requests, or other communications with us

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

  • Usage Information: Features accessed, pages viewed, time spent, and actions taken within the platform
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, error logs, and system activity
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance user experience

2.3 Information from Third Parties

We may receive information from:

  • Payment processors for billing purposes
  • Clearinghouse partners for claims submission
  • Analytics providers (Google Analytics, etc.)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Send administrative messages, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Comply with HIPAA and other legal obligations
  • Detect, prevent, and address fraud, security issues, or technical problems
  • Analyze usage patterns to improve our Services
  • Send marketing communications (with your consent, where required)

4. HIPAA Compliance

Business Associate Agreement: If you are a covered entity or business associate under HIPAA, we will enter into a Business Associate Agreement (BAA) with you. Under the BAA:

  • We act as your business associate for PHI processing
  • We implement appropriate administrative, physical, and technical safeguards
  • We limit use and disclosure of PHI as required by HIPAA
  • We report security incidents and breaches as required
  • We ensure our subcontractors comply with HIPAA requirements

5. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

5.1 With Your Consent

We may share information with third parties when you direct us to do so.

5.2 Service Providers

We share information with vendors, consultants, and service providers who need access to perform services on our behalf, including:

  • Cloud hosting providers (AWS)
  • Payment processors
  • Clearinghouse partners for claims submission
  • Customer support tools
  • Analytics providers

All service providers handling PHI sign Business Associate Agreements.

5.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or to:

  • Comply with legal obligations
  • Protect our rights, privacy, safety, or property
  • Prevent fraud or security issues
  • Comply with HIPAA breach notification requirements

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access controls and multi-factor authentication
  • Monitoring: Continuous monitoring for security threats and unauthorized access
  • Regular Audits: Security assessments and vulnerability testing
  • Employee Training: Regular HIPAA and security training for all staff
  • Incident Response: Documented procedures for security incidents and breaches

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to:

  • Provide our Services
  • Comply with legal and regulatory requirements (including HIPAA's 6-year minimum retention for certain records)
  • Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your data within 90 days, except where retention is required by law.

8. Your Rights and Choices

8.1 Access and Correction

You have the right to access, update, or correct your personal information through your account settings or by contacting us.

8.2 HIPAA Rights

For PHI, you have rights under HIPAA including:

  • Right to access your PHI
  • Right to request amendments to your PHI
  • Right to an accounting of disclosures
  • Right to request restrictions on uses and disclosures
  • Right to receive confidential communications

8.3 Marketing Communications

You may opt out of marketing emails by clicking "unsubscribe" in any marketing email or contacting us directly. Note that you cannot opt out of administrative or transactional emails.

8.4 Cookies

Most browsers allow you to control cookies through settings. Disabling cookies may affect functionality of our Services.

9. Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it's used
  • Right to request deletion of your personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at info@nuviracare.com or 972-827-8834.

11. International Users

Our Services are hosted in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States. By using our Services, you consent to this transfer.

12. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes affecting PHI, we will provide additional notice as required by HIPAA.

Your continued use of our Services after changes become effective constitutes acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Nuvira Care LLC

7223 Comal Dr

Irving, TX 75039

Email: info@nuviracare.com

Phone: 972-827-8834

15. HIPAA Notice of Privacy Practices

For Healthcare Providers Using NuviraCare:

As a business associate, NuviraCare is required to maintain the privacy of protected health information (PHI) and provide notice about our duties and privacy practices with respect to PHI.

15.1 Our Responsibilities

  • Maintain the privacy and security of your patients' PHI
  • Notify you of any breach of unsecured PHI
  • Use and disclose PHI only as permitted by our Business Associate Agreement and HIPAA
  • Make PHI available to individuals as directed by you
  • Account for disclosures as required

15.2 Permitted Uses and Disclosures

We may use or disclose PHI to:

  • Perform services on your behalf as specified in our Business Associate Agreement
  • Fulfill our legal obligations under HIPAA
  • Report breaches or security incidents
  • Comply with legal requirements

15.3 Security Incident Reporting

We will report any security incident involving PHI to you within the timeframes required by HIPAA. A breach notification will include:

  • Description of the incident
  • Types of information involved
  • Steps taken to investigate and mitigate
  • Recommended actions for affected individuals

16. Data Processing and Storage

Infrastructure: Our Services are hosted on Amazon Web Services (AWS) infrastructure in the United States. AWS is HIPAA-eligible and we have executed a Business Associate Agreement with AWS.

Encryption: All PHI is encrypted both in transit and at rest using industry-standard encryption protocols.

Backups: We perform regular automated backups of all data to ensure business continuity and disaster recovery.

17. Your Consent

By using our Services, you consent to this Privacy Policy and our collection, use, and disclosure of information as described herein. For PHI, additional consent is provided through our Business Associate Agreement and your organization's Notice of Privacy Practices.

← Back to Home