Privacy Policy
Effective Date: July 26, 2025
Last Updated: July 26, 2025
1. Introduction
Olari, LLC provides cloud-based healthcare solutions. We are committed to protecting the privacy and security of your personal and health-related information. This Privacy Policy explains how we collect, use, and safeguard your data in compliance with applicable laws, including HIPAA, GDPR, and CCPA where applicable.
2. Information We Collect
We may collect the following types of information:
-
Personal Information: Name, email, phone number, organization, job title.
-
Protected Health Information (PHI): Patient names, medical records, treatment details, billing information (only if entered or processed via our platform).
-
Usage Data: IP address, browser type, device information, pages visited.
-
Cookies: Used to enhance user experience and track usage patterns.
3. How We Use Your Information
We use your data to:
-
Provide and support our healthcare SaaS services.
-
Facilitate secure communication between providers and patients.
-
Improve platform performance and user experience.
-
Comply with legal and regulatory obligations.
4. Legal Basis for Processing
We process data based on:
-
User consent (where required).
-
Contractual necessity (to deliver services).
-
Legal obligations (e.g., HIPAA compliance).
-
Legitimate interests (e.g., platform analytics and fraud prevention).
5. Sharing Your Information
We do not sell your personal or health data. We may share information with:
-
Authorized third-party service providers (e.g., hosting, analytics, EHR integrations).
-
Regulatory bodies, if legally required.
-
Covered entities and business associates under HIPAA, with appropriate safeguards.
6. Data Security
We implement industry-standard security measures including:
-
End-to-end encryption for PHI.
-
Role-based access controls.
-
Regular audits and vulnerability assessments.
-
Secure data centers with compliance certifications (Thoropass).
7. Data Retention
We retain data only as long as necessary for service delivery, legal compliance, or user requests. PHI is stored in accordance with HIPAA retention guidelines.
8. User Rights
Depending on your jurisdiction, you may:
-
Access, correct, or delete your personal data.
-
Request a copy of your data.
-
Withdraw consent or opt out of communications.
9. Cookies & Tracking
We use cookies for:
-
Session management.
-
Analytics and performance optimization.
-
User preferences.
You can manage cookie settings via your browser.
10. Third-Party Links
Our platform may link to third-party services. We are not responsible for their privacy practices.
11. Changes to This Policy
We may update this policy periodically. Significant changes will be communicated via email or platform notifications.
12. Contact Us
For privacy-related inquiries or to exercise your rights, contact:
📧 Email: info@olari.com
📞 Phone: 910-226-6159
📍 Address: 171 Market Street, Wilmington, NC 28401
Here’s a Business Associate Agreement (BAA) clause you can add to your Healthcare SaaS privacy policy. It’s written to reflect HIPAA compliance and clarify responsibilities between your platform and covered entities:
13. Business Associate Agreement (BAA)
If a partner company processes or stores Protected Health Information (PHI) on behalf of a Covered Entity (as defined by HIPAA), we will enter into a Business Associate Agreement (BAA) with that entity. This agreement outlines our obligations to:
-
Use and disclose PHI only as permitted by the BAA and applicable law.
-
Implement administrative, physical, and technical safeguards to protect PHI.
-
Report any unauthorized access, use, or disclosure of PHI.
-
Ensure that subcontractors who handle PHI also comply with HIPAA requirements.
-
Provide access to PHI when requested by the Covered Entity or individual, as required by law.
-
Assist in responding to privacy complaints, audits, or investigations.
We are committed to maintaining the confidentiality, integrity, and availability of PHI in accordance with 45 CFR Parts 160 and 164 (HIPAA Privacy and Security Rules) and the HITECH Act.