Privacy Policy

1. Introduction

RxFiler (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our 340B claims submission platform and related services (collectively, the “Service”).

By using RxFiler, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Service, and information from third-party sources. The types of information we collect depend on how you interact with our Service.

2.1 Information You Provide

When you register for an account, use our Service, or contact us, we may collect:

  • Account Information: Name, email address, company name, phone number, job title, and other contact details
  • Business Information: Organization details, TPA or Covered Entity status, claims volume data, NPI numbers, tax identification numbers, and licensing information
  • Payment Information: Billing address, payment method details (processed through secure third-party payment processors), and transaction history
  • Communications: Messages, inquiries, feedback, support tickets, and any other information you send to us
  • Profile Information: User preferences, settings, and profile photos if you choose to upload them
  • Documentation: Business Associate Agreements, contracts, compliance documents, and other files you upload to our Service

2.2 Information We Collect Automatically

When you access or use our Service, we automatically collect certain information about your device and usage patterns:

  • Usage Data: How you interact with our Service, including pages visited, features used, time spent on pages, clickstream data, search queries, and navigation patterns
  • Technical Data: IP address, browser type and version, device information (type, model, operating system), screen resolution, language preferences, time zone, and unique device identifiers (such as device IDs and advertising IDs)
  • Log Data: Server logs, error reports, crash reports, performance metrics, API request/response data, and system event logs
  • Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, and similar technologies to collect information about your browsing activities. See our Cookie Policy for more details
  • Location Data: General location information derived from your IP address (we do not collect precise GPS location data without your explicit consent)

2.3 Protected Health Information (PHI)

As a healthcare technology platform, RxFiler may process Protected Health Information (PHI) in connection with 340B claims processing. PHI includes any information that can be used to identify a patient and relates to their health condition, treatment, or payment for healthcare services. We handle all PHI in strict compliance with the Health Insurance Portability and Accountability Act (HIPAA) and maintain Business Associate Agreements (BAAs) with our customers.

Types of PHI we may process include:

  • Patient identifiers (names, dates of birth, medical record numbers)
  • Prescription and medication information
  • Diagnosis codes and treatment information
  • Insurance and billing information
  • Any other health information necessary for 340B claims processing

We implement additional safeguards for PHI beyond our standard security measures, including enhanced encryption, access controls, audit logging, and regular compliance assessments.

2.4 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Business Partners: Information from 340B platforms (BEACON, ESP, Truzo) and other integration partners
  • Service Providers: Information from vendors who assist us in providing our Service
  • Public Sources: Publicly available information from government databases, professional directories, and social media platforms
  • Referral Sources: Information from organizations or individuals who refer you to our Service

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process and submit 340B claims on your behalf
  • Validate, format, and ensure compliance of claim submissions
  • Communicate with you about your account, service updates, and support requests
  • Send you marketing communications (with your consent) about our products and services
  • Detect, prevent, and address technical issues, fraud, or security threats
  • Comply with legal obligations and enforce our Terms of Service
  • Analyze usage patterns to improve user experience and develop new features

4. How We Share Your Information

We may share your information in the following circumstances. We do not sell, rent, or trade your personal information or PHI to third parties for their marketing purposes.

4.1 Service Providers and Business Partners

We share information with trusted third-party service providers who assist us in operating our Service:

  • Cloud Hosting Providers: For data storage and infrastructure services (e.g., AWS, Azure, Google Cloud)
  • Payment Processors: For processing subscription payments and transactions
  • Email Service Providers: For sending transactional and marketing emails
  • Analytics Providers: For understanding how users interact with our Service (data is anonymized where possible)
  • Customer Support Tools: For managing support tickets and customer communications
  • Security Providers: For monitoring, threat detection, and security services

4.2 Platform Integrations

We share information with 340B platforms and other integrated services as necessary to process your claims:

  • BEACON, ESP, Truzo, and other 340B platforms: Claim data and related information required for claim submission
  • Pharmacy Management Systems: Integration data for seamless workflow
  • Electronic Health Record (EHR) Systems: When integrated, we may share relevant data for care coordination

All data sharing with platform integrations is done in accordance with your Business Associate Agreement and applicable HIPAA requirements.

4.3 Legal and Regulatory Disclosures

We may disclose your information when required by law or to protect our rights:

  • In response to subpoenas, court orders, or other legal processes
  • To comply with federal, state, or local laws and regulations
  • To respond to government or regulatory requests
  • To protect the rights, property, or safety of RxFiler, our users, or others
  • To investigate fraud, security breaches, or other violations
  • To enforce our Terms of Service or other agreements

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

4.5 With Your Consent

We may share your information for any other purpose disclosed to you at the time we collect it or with your explicit consent. You may withdraw your consent at any time by contacting us.

5. Data Security

We take the security of your information seriously and implement comprehensive security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

5.1 Technical Safeguards

  • Encryption: All data in transit is encrypted using TLS 1.3 or higher. Data at rest is encrypted using AES-256 encryption
  • Network Security: Firewalls, intrusion detection systems, and DDoS protection
  • Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and least-privilege principles
  • Secure Development: Regular security code reviews, penetration testing, and vulnerability scanning
  • Data Backup: Regular automated backups with encryption and secure off-site storage
  • Monitoring: 24/7 security monitoring, log analysis, and anomaly detection

5.2 Administrative Safeguards

  • Security Policies: Comprehensive security policies and procedures
  • Employee Training: Regular security awareness training for all employees
  • Background Checks: Pre-employment background checks for all personnel with access to sensitive data
  • Access Management: Regular access reviews and timely revocation of access for former employees
  • Incident Response: Documented incident response procedures and breach notification protocols

5.3 Compliance and Certifications

  • HIPAA Compliance: Full compliance with HIPAA Security and Privacy Rules
  • SOC 2 Type II: Annual SOC 2 Type II audits demonstrating our security controls
  • Regular Audits: Third-party security audits and assessments
  • Compliance Monitoring: Continuous monitoring and improvement of security practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. We encourage you to take steps to protect your account, including using a strong password and enabling multi-factor authentication when available.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. We are committed to respecting these rights and providing you with control over your data.

6.1 Your Rights

You have the following rights regarding your personal information:

  • Right to Access: Request access to the personal information we hold about you, including details about how we use and share your information
  • Right to Correction: Request correction of inaccurate, incomplete, or outdated information
  • Right to Deletion: Request deletion of your personal information, subject to legal and contractual obligations (e.g., we may need to retain certain information for legal compliance or to fulfill our contractual obligations)
  • Right to Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format
  • Right to Object: Object to certain processing activities, such as direct marketing or processing based on legitimate interests
  • Right to Restrict Processing: Request that we limit how we process your information in certain circumstances
  • Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent for processing

6.2 Marketing Communications

You can opt-out of receiving marketing communications from us at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Updating your preferences in your account settings
  • Contacting us directly at the contact information provided below

Please note that even if you opt-out of marketing communications, we may still send you transactional or service-related messages (e.g., account updates, security alerts, service notifications).

6.3 Cookies and Tracking Technologies

You can control cookies and tracking technologies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Service. For more information, please see our Cookie Policy.

6.4 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the “Contact Us” section below. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request to protect your privacy and security.

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

7. Data Retention

We retain your personal information for as long as necessary to provide our Service, comply with legal obligations, resolve disputes, and enforce our agreements. PHI is retained in accordance with HIPAA requirements and your Business Associate Agreement.

8. Children’s Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Phone: +1(551) 240-0010

1140 6th Ave, fl 9th New York, NY 10036

Scroll to Top