Privacy Policy

Introduction

Ivera Systems (“Ivera,” “we,” “us”) operates an autonomic insurance-recovery platform for Texas medical practices. We detect denied and underpaid claims from X12 835 remittance files, draft AI-assisted appeals, and submit those appeals to payer portals on behalf of our customers. This policy describes what data we collect through our website and our production platform, how we use it, how we protect it, and the rights you have over it.

This policy applies to two distinct populations: prospective customers who interact with our marketing site (including the no-cost forensic audit) and active customers(Texas medical practices) whose Protected Health Information (“PHI”) flows through the platform under a signed Business Associate Agreement.

Data we collect

(a) Marketing-form data (prospects)

When you submit a lead form, request a forensic audit, or otherwise contact us through the website, we collect: your name, business email address, the EHR system you use (e.g., AthenaOne, Tebra, or other), and a self-reported monthly revenue band. We may also receive de-identified billing CSVs uploaded for the optional “Smart Ingestor” forensic audit.

No PHI is stored from website forms or forensic audits. Forensic-audit CSVs are processed in a simulation-isolated workspace, persisted only as aggregated audit results, and the original files are deleted from temporary storage after a successful database commit. We request that prospects de-identify data per the HIPAA Safe Harbor method before sharing it for an audit, consistent with our mutual NDA.

(b) PHI flowing through the platform (active customers)

Once a Texas medical practice signs an MSA, BAA, and EHR Authorization, the platform receives and processes PHI as defined at 45 C.F.R. § 160.103. This includes claim and denial data from X12 835 remittance files, claim adjustment (CAS) codes, patient demographics necessary to correct coverage errors, and clinical narrative notes uploaded for medical-necessity appeals. Ivera does not access full medical histories or laboratory results; the EHR Authorization explicitly prohibits these data sets.

How we use it

We use the data described above to (1) operate the recovery workflow — identifying actionable denials, drafting appeals, submitting corrected EDI, and tracking recoveries; (2) bill our customers, including the $287 setup fee and the 22% contingency on confirmed recoveries; (3) detect and prevent fraud, abuse, and security incidents; and (4) compute internal analytics such as gross-margin-per-client and payer-leaderboard performance. PHI is never used to train third-party machine-learning models, and marketing data is never sold to third parties.

HIPAA compliance

Ivera operates as a HIPAA Business Associate. Our production infrastructure runs entirely on AWS HIPAA-eligible services. Protected Health Information is encrypted in transit (TLS) and at rest using FIPS-validated cryptographic modules with keys managed by AWS KMS. Multi-tenant isolation is enforced at the database layer: every query is scoped by practice_id, and Aurora Postgres Row-Level Security provides defense in depth against cross-tenant data exposure. We execute a signed Business Associate Agreement with every covered entity before any PHI is processed, and we extend equivalent restrictions downstream to every subprocessor that creates, receives, maintains, or transmits PHI on our behalf. We commit to a 72-hour breach-notification window — stricter than the federal 60-day cap — for any reportable incident.

Data retention

PHI access logs and HIPAA audit trails are retained for seven (7) yearsin accordance with HIPAA audit-trail requirements and applicable Texas health privacy regulations (Texas Health & Safety Code Chapter 181). Database backups are retained for 30 days with point-in-time recovery enabled. Operational PHI is retained for the duration of the customer relationship; on termination, PHI is returned or destroyed in accordance with the BAA, and any PHI that cannot feasibly be returned or destroyed remains protected under the BAA indefinitely.

Ordinary marketing data (lead-form submissions, prospect email addresses, audit-result aggregates) is retained for legitimate business purposes and purged on a quarterly cadence once it is no longer needed. Forensic-audit source CSVs are deleted from temporary storage immediately after a successful audit-result commit.

Subprocessors

We rely on the following subprocessors to operate the platform:

• Amazon Web Services (AWS)— compute, storage, database, and managed services. AWS is contracted under its standard HIPAA BAA covering all HIPAA-eligible services we consume (Aurora Postgres, S3, KMS, Textract, SES, Transfer Family, Fargate, EventBridge, CloudWatch).
• Anthropic (Claude API)— large-language-model inference for appeal-draft generation. Anthropic Direct API requires a signed BAA, which Ivera will execute before any production Claude calls touch live PHI. Until that BAA is executed, Claude calls run only against synthetic and de-identified development fixtures.
• OpenRouter— LLM routing used for development and internal evaluation only. OpenRouter never receives PHI. Production traffic does not flow through OpenRouter.

We will update this list and notify customers in advance of any material change to our subprocessor roster.

Your rights

If you are a patient whose PHI is processed by Ivera as a Business Associate of your healthcare provider, your HIPAA-conferred rights flow primarily through that provider (the “covered entity”), not through us directly. Subject to that channel and to applicable Texas state law, you may request: (1) access to PHI we hold about you; (2) correction or amendment of inaccurate PHI; (3) an accounting of disclosures made outside of treatment, payment, or operations; and (4) the ability to file a complaint with your provider, with Ivera, or with the U.S. Department of Health and Human Services Office for Civil Rights. We respond to qualified access and amendment requests within 10 business days, in line with our BAA commitments.

If you are a Texas resident interacting with our marketing site as a prospect, you may request access to, correction of, or deletion of the marketing data we hold about you by contacting us at the address below.

Email opt-out and suppression list

Recipients who no longer wish to receive transactional email from Ivera may contact compliance@iverasystems.com to be added to our internal email-suppression list. Suppression is permanent and is enforced before every outbound transactional send: addresses on the list are checked synchronously against our email_suppressions table and refused at the application layer regardless of any other contractual or operational status. Hard bounces and spam complaints recorded by our email provider are written to the same list automatically.

Contact us

Questions, complaints, and rights requests can be sent to:

Changes to this policy

We'll post material changes to this policy at least 30 days in advance and notify active customers via email. The “Last updated” date at the top of this page reflects the most recent revision.