Privacy Policy CareIQ, LLC

1. Who We Are

CareIQ, LLC is a healthcare technology company headquartered in Wilmington, Delaware, USA. We provide enterprise-grade Remote Patient Monitoring (RPM), Chronic Care Management (CCM), and related telehealth solutions to healthcare providers across the United States. Our platform integrates FDA-approved connected health devices with a HIPAA-compliant SaaS platform, outsourced clinical monitoring, and revenue-cycle support.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and improve our RPM platform and care management services
• To support healthcare providers in delivering proactive, continuous patient care
• To process and track CPT billing codes and CMS reimbursement workflows
• To send service-related communications, platform alerts, and account notifications
• To respond to inquiries, support requests, and feedback
• To analyze usage patterns and optimize platform performance
• To comply with applicable laws, regulations, and legal obligations
• To protect the security and integrity of our platform and users

4. HIPAA Compliance and Protected Health Information

CareIQ operates as a Business Associate under HIPAA when processing PHI on behalf of covered healthcare entities. We implement and maintain administrative, physical, and technical safeguards to protect PHI in accordance with the HIPAA Privacy Rule and Security Rule.

Our HIPAA commitments include:

• Executing Business Associate Agreements (BAAs) with all covered entities we serve
• Limiting PHI use and disclosure to the minimum necessary for authorized purposes
• Maintaining audit logs and access controls for all PHI interactions
• Training staff on HIPAA policies and procedures
• Reporting breaches of unsecured PHI as required by the HIPAA Breach Notification Rule

For questions regarding PHI handling or to submit a HIPAA-related request, contact our Privacy Officer at: privacy@careiq.io

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience and gather usage analytics. The types of cookies we use include:

• Essential Cookies: Necessary for the website to function properly
• Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics)
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used to deliver relevant content and measure campaign effectiveness

You may manage cookie preferences through your browser settings or via our cookie consent tool. Note that disabling certain cookies may affect website functionality.

6. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

• Service Providers: Trusted third-party vendors who assist in platform operations, hosting, analytics, and payment processing, under confidentiality obligations
• Healthcare Partners: As required under BAAs with covered healthcare entities for care delivery purposes
• EHR and Phone System Integrations: Data shared with integrated systems (e.g., Epic, Cerner, Athena, NextGen) as authorized by providers
• Legal Obligations: When required by law, court order, or regulatory authority
• Business Transfers: In connection with a merger, acquisition, or sale of business assets, subject to continued privacy protections
• With Your Consent: In any other instance where you have provided explicit authorization

7. Data Security

CareIQ employs industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. Our security practices include:

• End-to-end encryption for data in transit and at rest
• Role-based access controls and multi-factor authentication
• Regular security audits and vulnerability assessments
• HIPAA-compliant data storage and hosting infrastructure
• Incident response protocols and breach notification procedures

While we implement robust security practices, no method of electronic transmission or storage is 100% secure. We encourage you to safeguard your account credentials and notify us immediately of any suspected unauthorized access.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal and regulatory requirements, and resolve disputes. PHI is retained in accordance with applicable federal and state healthcare regulations, which may require retention for a minimum of six (6) years under HIPAA.

When data is no longer required, we securely destroy or anonymize it in accordance with our data retention policies.

9. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Restriction: Request that we limit how we process your data in certain circumstances
• Data Portability: Receive your data in a structured, machine-readable format
• Opt-Out: Opt out of non-essential communications or marketing emails at any time

Patients whose PHI is processed through our platform should direct rights requests to the healthcare provider who enrolled them in our program, as the covered entity retains primary responsibility for patient rights under HIPAA.

To exercise any of the above rights, contact us at: privacy@careiq.io

10. Third-Party Integrations and Links

Our platform integrates with third-party EHR systems, phone platforms, and technology partners including Athena, Epic, Cerner, RingCentral, and others. This Privacy Policy does not govern the data practices of these third parties. We encourage you to review the privacy policies of any third-party services you use in connection with our platform.

Our website may also contain links to external websites. CareIQ is not responsible for the privacy practices or content of those external sites.

11. Children's Privacy

CareIQ's services are intended for use by licensed healthcare providers and professionals. Our website and platform are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately at privacy@careiq.io so we can take appropriate action.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

13. SMS Communications and Text Messaging

CareIQ, LLC offers SMS-based communications to support patient engagement, appointment reminders, care alerts, and platform notifications through our integration with RingCentral. By providing your mobile phone number and opting in to SMS communications, you consent to receive text messages from CareIQ or your enrolled healthcare provider at the number provided.

Message frequency may vary based on your care plan and provider settings. Standard message and data rates may apply depending on your mobile carrier and plan. You may opt out at any time by replying STOP to any message you receive, and you may request assistance by replying HELP. Opting out of SMS does not affect your access to other CareIQ services.

CareIQ does not share your mobile number with third parties for marketing purposes. All SMS communications are conducted in compliance with the Telephone Consumer Protection Act (TCPA) and applicable carrier guidelines.