Privacy Policy

Effective Date: September 1, 2025

Last Updated: September 25, 2025

VANAA RCM (“VANAA,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of personal data and healthcare information entrusted to us.

This Privacy Policy explains how we collect, use, store, disclose, and safeguard information in connection with our services to the United States healthcare industry and our global operations.

1. Scope of This Policy

This Privacy Policy applies to:

  • Users of VANAARCM.COM

  • Prospective and existing clients

  • Authorized users of VANAA platforms and services

  • Global employees, contractors, and delivery teams

This policy does not replace a Business Associate Agreement (BAA) where required.

2. Information We Collect

2.1 Business & Personal Information

  • Name, title, organization

  • Business email, phone number

  • Billing and contract information

  • By submitting, you consent to receive communications via phone, email, or SMS related to your inquiry.

2.2 Healthcare & Operational Data

  • Provider demographic and licensure data

  • Credentialing and enrollment data

  • Claims, remittance, denial, and payment data

  • Operational and financial performance metrics

2.3 Protected Health Information (PHI)

VANAA processes PHI only under:

  • A signed Business Associate Agreement (BAA)

  • Client authorization and lawful purpose under HIPAA

3. HIPAA Compliance Statement

VANAA acts as a Business Associate as defined under HIPAA (45 CFR §160 and §164).

We:

  • Use PHI solely for permitted services

  • Implement administrative, technical, and physical safeguards

  • Ensure workforce HIPAA training

  • Support breach notification obligations as required by law

4. Data Use & Purpose Limitation

We use data to:

  • Deliver contracted services

  • Perform analytics and reporting

  • Improve service quality and automation

  • Comply with legal and regulatory requirements

De-identified and aggregated data may be used for benchmarking, AI model improvement, and service enhancement.

5. AI & Automated Processing

VANAA uses AI-assisted systems for:

  • Denial classification

  • Workflow prioritization

  • Predictive and prescriptive analytics

AI outputs:

  • Do not replace human decision-making

  • Are subject to quality checks and audits

  • Are never used to make autonomous clinical decisions

6. Data Security Controls (SOC 2 / ISO 27001 Aligned)

VANAA implements:

  • Role-based access control (RBAC)

  • Multi-factor authentication (MFA)

  • Encryption at rest and in transit

  • Network monitoring and logging

  • Incident response and disaster recovery plans

  • Vendor and subcontractor security assessments

7. Global Data Transfers

VANAA operates globally and may process data outside the United States.

We ensure:

  • Contractual confidentiality obligations

  • Security controls equivalent to US standards

  • Compliance with applicable cross-border data transfer laws

8. Data Retention

Data is retained:

  • As required by contract

  • As required by US healthcare regulations

  • Or securely deleted or returned upon termination

9. Your Rights

Depending on jurisdiction, you may have rights to:

  • Access or correct your data

  • Request deletion (subject to legal limits)

  • Receive data usage information

Requests may be submitted to: [email protected]

10. Policy Updates

This Privacy Policy may be updated periodically. Continued use constitutes acceptance.

AI & ANALYTICS WEBSITE DISCLAIMER

AI & Analytics Disclaimer

VANAA RCM provides analytics, automation, and AI-assisted tools to support healthcare revenue cycle and operational decision-making.

1. Informational Use Only

All analytics outputs, dashboards, predictions, and recommendations are:

  • Advisory in nature

  • Dependent on data quality and payer rules

  • Not guarantees of reimbursement or outcomes

2. Human Oversight Required

AI-assisted outputs:

  • Require professional review

  • Should not be used as sole decision authority

  • Must be validated against payer and regulatory guidance

3. No Medical or Legal Advice

VANAA tools:

  • Do not provide medical advice

  • Do not diagnose or treat patients

  • Do not provide legal or compliance determinations

4. Model Limitations

AI systems may be impacted by:

  • Data inaccuracies

  • Payer policy changes

  • Documentation variability

Clients remain responsible for final decisions.

Information Security & Compliance Statement

VANAA RCM maintains an information security program aligned with:

  • SOC 2 Trust Services Criteria

  • ISO/IEC 27001 Information Security Standards

Key Control Domains

  • Security governance and risk management

  • Workforce security and access reviews

  • Secure system development lifecycle (SDLC)

  • Change management and audit logging

  • Incident response and breach handling

  • Vendor and subcontractor oversight

Certification status may vary by service and contract.

GLOBAL OPERATIONS & DATA LOCALIZATION NOTICE

Global Operations Notice

VANAA RCM operates across multiple countries while supporting the United States healthcare industry.

We ensure:

  • US healthcare regulatory primacy

  • Standardized security controls globally

  • Confidentiality obligations for all workforce members

  • Continuous monitoring and audit readiness

All global personnel are bound by:

  • Confidentiality agreements

  • HIPAA training requirements

  • Information security policies

VANAA RCM
📧 [email protected]
🌐 https://www.vanaarcm.com

Vanaa:

Smarter Services, Powered by AI.

You can unsubscribe at any time using the link in the footer of our emails.