PriorAuthNow Information Security
Our highest priority is safeguarding the confidentiality, integrity, and availability of the PHI that our customers have entrusted to us. Both our platform and our enterprise are designed around protecting our customers and our customers’ patients through every stage of the prior authorization process.
Security by Design
The PriorAuthNow platform operates entirely within the Microsoft Azure cloud, for security, resilience, and availability. Our systems and storage are mirrored across at least two geographical zones within the United States, to protect against outages and slowdowns, and are secured by one of the world’s largest technology companies.
Our team is experienced in designing, building, and managing health care technology. All PriorAuthNow employees undergo annual training on HIPAA requirements for business associates, safe information security practices, and company privacy and security policies. We also conduct annual third-party systems penetration testing to identify and remediate possible security vulnerabilities.
Security at Rest, Security in Transit
PHI within our systems resides within AES 256-bit encrypted databases, with active geo-replication across Azure data regions for continuous database redundancy. Access to production systems is restricted on the back end through the use of bastion hosts. We don’t store or handle PHI on local equipment or employee workstations.
PriorAuthNow leverages Microsoft Azure Active Directory for authentication and identity management, utilizing OAuth access delegation for customer integrations. We transmit all data via HTTPS, through TLS 1.2 encrypted connections.
PriorAuthNow doesn’t store or process complete patient records. The only PHI we handle is the limited number of data fields that are contained in requests for prior authorization. In addition, PriorAuthNow doesn’t store, process, or utilize payment or credit card information in any form.
Thank you for visiting PriorAuthNow’s website at PriorAuthNow.com (the “Website”) providing information about our company and its products and services.
PriorAuthNow operates a service for preparing, submitting, and tracking certain healthcare transactions relating to payer prior authorization of medical procedures and/or medications. The service (the “PriorAuthNow Platform”) is intended only for health care provider entities such as hospital systems and health care information technology companies such as clearinghouses, and is not provided to or intended for patients, consumers, or other members of the general public; the Website likewise is not intended for selling products or services to patients, consumers, or other members of the general public.
Collection of Data When Visiting
We are committed to maintaining the privacy of website visitors. As part of standard practice for maintaining web sites, we collect the following information when you visit the Website:
- Your domain name, such as “broadbandprovider.com” or “myuniversity.edu”, which indicates the service or organization that you use to connect to the Internet;
- Your IP address, a number automatically assigned to your computer or to a communications device that you use to contact the Internet that shows where your information comes from;
- The type and/or version of browser and operating system you use to access the Website;
- The Internet address of the site, such as a search engine, that you arrived at the Website from;
- A record of the pages you visited within the Website and/or how long you viewed them; and
- Information about links you clicked on while you were visiting the Website.
We collect this information generally for purposes relating to providing the Website more efficiently (such as analyzing what information is of interest to visitors and what web browsers they prefer to use), for purposes relating to improving PriorAuthNow’s business relationships and product offerings (such as reviewing where visitors come from), and for maintaining the security of the Website (such as reviewing visitor traffic for suspicious or abusive activity). PriorAuthNow may use this data for any purpose permitted by law.
Collection of Data Through Forms
The Website may also contain forms for various purposes, such as permitting prospective customers to inquire about integrating their software with the PriorAuthNow Platform, requesting demonstrations of the PriorAuthNow Platform, subscribing for email updates about PriorAuthNow and the PriorAuthNow Platform, and/or submitting applications for employment at PriorAuthNow.
We take reasonable security measures to safeguard this information, but are not responsible for unauthorized use of this information by others. PriorAuthNow does not sell or share email addresses or other personally identifiable information such as names and telephone numbers that it collects through forms on the Website (except where required by law).
We may use information submitted to us through forms to contact you to provide more information about PriorAuthNow or the PriorAuthNow Platform, or to request more information about you. By submitting information through forms on the Website, you are giving us permission to contact you for these purposes by email, by telephone, and/or by facsimile. It is PriorAuthNow’s policy to comply with all federal and state laws and regulations concerning business and telephone email, telephone, and fax communications, including, generally, “anti-spam”, “junk fax”, “telemarketing”, and similar laws. To contact PriorAuthNow regarding any request pertaining to removal from contact lists, if we have not provided any other means to contact us for such requests (or if you are receiving calls, faxes, or emails from us in error), please contact us at [email protected].
We may also use information submitted to us through forms, such as our website’s API key request form, to determine whether and how PriorAuthNow can efficiently and effectively provide services through the Platform to prospective customers.
We request information on “what you are building” and similar to aid this assessment, and we are requesting information about the general nature and scope of your enterprise and product, electronic health system, or other project.
We request that you do not provide us with any proprietary or confidential information – including, but not limited to, trade secrets, information owned by a third party, prospectively patentable material, or business plans through such forms. Except as otherwise provided in this Policy, we cannot agree or guarantee that such information will remain confidential, and/or that PriorAuthNow will not intentionally or unintentionally develop products, services, or business opportunities similar to any described in material you submit. If you have specific concerns about these communications with PriorAuthNow, or wish to transmit such material to PriorAuthNow, please contact [email protected] to discuss establishing a confidentiality agreement.
We may customize your browsing experience by storing “cookies” in your web browser. A cookie is a small text file that is saved on your computer when you visit a website. You may remove these cookie files at any time through features in your web browser or other methods. Cookies created by the Website and stored on your computer do not contain personally identifiable information, and we do not utilize cookies to track or follow your web browsing on sites other than the Website.
We may include links to websites created and maintained by other organizations within blog posts, news items, or elsewhere on the Website. When you click on such a link, you are leaving the Website and are subject to the privacy and/or security policies of that website’s owner. PriorAuthNow does not control or guarantee the accuracy of content or any views or positions included on any such third-party website, and, unless we explicitly state otherwise, providing such a link does not constitute an endorsement of products or services provided by such third party.
Updates and Contact