RosettaHealth Privacy Summary

Effective Date: 08/11/2025

RosettaHealth, Inc. (“RosettaHealth”) is committed to protecting the privacy and security of the health information we process for our customers. We operate exclusively as a HIPAA Business Associate and follow strict contractual, legal, and industry standards for handling protected health information (“PHI”).

What We Do

• Provide secure health information exchange services for healthcare organizations

• Process PHI only as directed by our customers and never for marketing or sale

• Maintain robust safeguards aligned with HIPAA, SOC 2, and other recognized frameworks

How We Protect Data

• Encryption of data in transit and at rest

• Access controls with multi-factor authentication

• Continuous monitoring and regular compliance audits

When We Share Information

We share PHI only:

• With authorized parties designated by our customers

• With subcontractors under HIPAA-compliant agreements

• When required by law

Your Rights

If you have questions about your PHI, please contact your healthcare provider directly. If we receive a request, we will route it to the appropriate customer.

Breach Notification

We will notify affected customers without unreasonable delay if a breach of unsecured PHI occurs, in accordance with our Business Associate Agreements and HIPAA.

Contact

Privacy Officer – RosettaHealth, Inc.
Email: privacy@rosettahealth.com