How Claro Health collects, uses, safeguards, and shares your information. We are a HIPAA-covered business associate and take our obligations seriously.
Claro Health ("Claro Health," "we," "us," or "our") operates clarohealth.co and provides AI-assisted denial recovery services to independent medical practices and medical billing companies. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, contact us, or use our services.
By using our website or services, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use our website or services.
When you contact us, book a call, complete a form, or purchase services, we may collect:
When you visit our website, we automatically collect certain technical information, including:
When you purchase the Denial Recovery Audit or a monthly subscription, you submit remittance files, EOB exports, or similar documents to us via secure file transfer. These files are used exclusively to provide the contracted service. See Section 4 for our HIPAA obligations regarding this data.
We use the information we collect for the following purposes:
| Purpose | Information used | Legal basis |
|---|---|---|
| Providing contracted denial recovery services | Business contact info, claim files | Contract performance |
| Processing payments | Name, email, payment info (via Stripe) | Contract performance |
| Responding to inquiries and support requests | Contact info, message content | Legitimate interest |
| Scheduling discovery calls and follow-ups | Name, email, phone, calendar preferences | Legitimate interest |
| Sending service-related communications | Email address | Contract performance |
| Improving our website and services | Anonymized usage data | Legitimate interest |
| Complying with legal obligations | As required by applicable law | Legal obligation |
We do not use your information to send unsolicited marketing emails. If you receive a follow-up communication from us, it is because you initiated contact, made a purchase, or expressly requested outreach.
Claro Health acts as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) when providing denial recovery services to healthcare providers and billing companies. Before we receive any claim-related files, we execute a Business Associate Agreement (BAA) with each client.
Before sending any files to Claro Health, clients must redact Protected Health Information per the HIPAA Safe Harbor method (45 CFR 164.514(b)). We provide a redaction checklist identifying all 18 Safe Harbor identifiers that must be removed. This checklist is available to all clients at the time of engagement.
We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:
We use a limited number of third-party service providers to operate our business. Each provider is bound by data processing agreements and is permitted to use your information only to perform services on our behalf.
We may disclose information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Claro Health, our clients, or others.
If Claro Health is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
Our website uses minimal cookies and tracking technologies. We do not use advertising cookies or behavioral tracking. Our current cookie usage is limited to:
You can control cookie preferences through your browser settings. Disabling cookies may affect some website functionality but will not prevent you from accessing our content.
We implement industry-standard security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:
No method of transmission over the internet or electronic storage is 100 percent secure. While we take commercially reasonable precautions to protect your information, we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements.
| Data type | Retention period |
|---|---|
| Claim files and PHI submitted for audit or subscription services | Deleted within 30 days of engagement completion |
| Business contact information (name, email, company) | 3 years from last contact, or until deletion is requested |
| Payment records | 7 years (required for tax and financial record keeping) |
| Website analytics data | 26 months, anonymized |
| Email correspondence | 3 years from last contact |
Depending on your location, you may have the following rights regarding your personal information:
To exercise any of these rights, please contact us at the email address listed in Section 12. We will respond to all requests within 30 days. We may need to verify your identity before fulfilling a request.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.
Our website and services are directed exclusively to healthcare professionals and business entities. We do not knowingly collect personal information from children under the age of 18. If we learn that we have inadvertently collected personal information from a child under 18, we will delete it promptly. If you believe we have collected information from a child, please contact us immediately.
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify active clients by email. We encourage you to review this page periodically to stay informed about how we protect your information.
Your continued use of our website or services after any change to this Privacy Policy constitutes your acceptance of the updated terms.
If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your information, please contact us:
For HIPAA-related complaints or concerns, you also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/hipaa. We will not retaliate against you for filing a complaint.