Privacy Policy
[NEMA NETWORK, LLC], a [State] limited liability company ("NEMA NETWORK," "we," "our," or "us") operates the NEMA NETWORK platform, a non-emergency medical transportation (NEMT) coordination service connecting licensed healthcare facilities and credentialed NEMT operators. This Privacy Policy describes how we collect, use, share, and protect information when you use our website at nemanetwork.com and our platform portal.
This policy applies to users in the United States, with specific provisions for California residents under the California Consumer Privacy Act (CCPA). If you have questions, contact us at hello@nemanetwork.com.
1. Information We Collect
We collect the following categories of personal information:
| Category | Examples | Purpose |
|---|---|---|
| Identifiers | Name, organization name, email address, username, phone number | Account creation, authentication, communication |
| Professional / organizational information | Facility type, license status, service territory, role | Eligibility verification, trip matching |
| Trip and transport data | Pickup and dropoff locations, transport type, appointment time, trip status, transport notes | Trip coordination and documentation |
| Protected health information (PHI) | Patient transport-related information submitted by facilities (see Section 4) | Trip coordination on behalf of covered entities |
| Financial information | Billing contact, invoice records, payout records | Invoicing, payment processing, financial documentation |
| Usage data | Pages visited, features used, interaction timestamps, IP address | Platform improvement, security monitoring |
| Communications | Support requests, onboarding correspondence | Customer support, platform operations |
We do not knowingly collect information directly from patients. PHI submitted to the platform is entered by authorized facility staff acting in their professional capacity.
2. How We Use Your Information
We use collected information to:
- Operate and improve the NEMA NETWORK platform
- Facilitate trip coordination between healthcare facilities and NEMT providers
- Generate billing records, invoices, and trip documentation
- Communicate with you regarding your account, trips, or platform updates
- Monitor platform security, detect fraud, and prevent unauthorized access
- Comply with applicable legal obligations
We do not use personal information for targeted advertising and do not sell or share personal information for cross-context behavioral advertising.
3. Information Sharing
We do not sell your personal information. We share information only in the following circumstances:
- Trip coordination: Trip details (including transport type, pickup location, appointment time, and transport notes) are shared with the NEMT provider assigned to a trip. Providers receive only the information necessary to fulfill the specific trip.
- Service providers (subprocessors): We use third-party vendors to operate the platform, including Vercel, Inc. for hosting and infrastructure. These vendors process data only on our behalf under contractual confidentiality and data protection obligations. A current list of subprocessors is available upon request.
- Third-party services on our website: Our website loads fonts from Google Fonts (fonts.googleapis.com), which transmits your IP address to Google as part of font delivery. We do not use Google Analytics or other tracking services on the platform portal.
- Legal requirements: We may disclose information when required by law, court order, or government authority, or when necessary to protect the rights, safety, or property of NEMA NETWORK, our users, or the public.
- Business transfers: In connection with a merger, acquisition, or sale of assets, information may be transferred to a successor entity, subject to the same protections described in this policy. We will provide notice before any such transfer.
4. Healthcare Data and HIPAA
NEMA NETWORK operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) with respect to protected health information (PHI) received through the platform from covered entities.
A fully executed Business Associate Agreement (BAA) is required before any HIPAA-covered entity may submit patient transport requests through the platform. Platform access for covered entities is conditioned on execution of a BAA. To request a BAA, contact us at hello@nemanetwork.com before submitting any patient information.
We handle all PHI in accordance with applicable HIPAA requirements, including the Privacy Rule (45 CFR Part 164) and Security Rule. PHI is used solely for the purpose of coordinating the specific transport transaction for which it was submitted and is not used for any secondary purpose without authorization.
NEMT providers who access trip information containing PHI are required under their Platform Agreement to handle that information in compliance with applicable privacy laws and the terms of any applicable BAA.
5. Data Retention
We retain personal information for the periods set forth below, or longer if required by applicable law:
| Data Category | Retention Period |
|---|---|
| Trip and patient transport records (including PHI) | 7 years from date of transport, consistent with HIPAA minimum retention requirements |
| Account information | Duration of account, plus 3 years following account closure |
| Billing and invoice records | 7 years from date of invoice |
| Usage and access logs | 90 days |
| Support communications | 3 years |
You may request deletion of your personal information by contacting us at hello@nemanetwork.com. Note that we may be required to retain certain records for legal, regulatory, or contractual compliance purposes, including HIPAA-mandated retention of PHI.
6. Security
We implement technical and organizational measures to protect your information, including role-based access controls, session authentication, and encrypted data transmission (TLS). Access to platform data is limited to authorized users based on their assigned role.
No system is completely secure. We encourage all users to use strong, unique passwords, maintain credential confidentiality, and report suspected security issues to hello@nemanetwork.com promptly.
Beta platform notice: During the current beta period, platform data is stored in your local browser environment. Users should not enter real patient identifying information until our production server-side infrastructure is in place. NEMA NETWORK will notify users when the production environment is available and certified.
7. Data Breach Notification
In the event of a security incident involving unauthorized access to or disclosure of personal information, we will:
- Notify affected individuals and, where required, applicable regulatory authorities, in accordance with applicable law
- For breaches involving protected health information, provide notification within 60 days of discovery, consistent with HIPAA breach notification requirements (45 CFR Part 164, Subpart D)
- For other personal information breaches affecting California residents, provide notification without unreasonable delay as required by California Civil Code §1798.82
Notifications will be sent to the email address associated with your account. If you believe a security incident has occurred, please contact us immediately at hello@nemanetwork.com.
8. Cookies and Tracking
Our marketing website loads fonts from Google Fonts (fonts.googleapis.com), which may transmit your IP address to Google as part of font delivery. We do not use tracking cookies, analytics cookies, or third-party advertising cookies on the platform portal. The platform portal uses browser session storage solely to maintain your authenticated login state during a session.
9. California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq.):
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of personal information we have collected from you, subject to certain legal exceptions (including HIPAA retention requirements).
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out is required, but you may contact us to confirm.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
How to submit a request: Email hello@nemanetwork.com with the subject line "California Privacy Request" and describe the right you wish to exercise. We will verify your identity before processing the request and respond within 45 days. We may extend the response period by an additional 45 days with prior notice where reasonably necessary.
Note: Certain personal information processed in our capacity as a Business Associate under HIPAA is subject to HIPAA rather than CCPA. We will identify which regime applies when responding to your request.
10. Your General Rights
Regardless of location, all users may contact us to access, correct, or update their account information, or to request deletion of their personal data, subject to applicable legal retention requirements. Contact us at hello@nemanetwork.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. For non-material changes, we will post the updated policy on this page with a revised effective date. For material changes that affect your rights or how we handle your personal information, we will provide at least 30 days' advance written notice by email to the address associated with your account. If you do not agree to the updated policy, you must cease using the platform before the effective date of the change. Continued use of the platform after the effective date of a material change constitutes acceptance of the updated policy.
12. Contact Us
Questions, concerns, or rights requests regarding this Privacy Policy should be directed to:
NEMA NETWORK
Email: hello@nemanetwork.com
[Legal Address — to be completed]