Privacy Policy

Versor Health | Effective Date: March 26, 2026 | Last Updated: March 26, 2026

This application is intended for use by authorized personnel at participating home health and community care agencies. It is not intended for use by the general public or directly by participants receiving care.

1. About This Policy

Versor Health ("we," "us," or "our") operates a compliance documentation platform designed for community-based care providers operating under Illinois Medicaid programs, including the Community Care Program (CCP) governed by 89 Ill. Adm. Code pt. 240. This Privacy Policy describes how we collect, use, store, and protect information entered into or generated by the Versor Health application.

2. HIPAA Compliance

Versor Health operates as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164). We handle Protected Health Information (PHI) solely on behalf of Covered Entities (participating agencies) in accordance with applicable Business Associate Agreements (BAAs).

We implement administrative, physical, and technical safeguards required by the HIPAA Security Rule to protect electronic PHI (ePHI), including:

Access controls limiting data visibility to authorized users
Encrypted data transmission (TLS) and encrypted storage
Audit controls and activity logging
Policies governing the use and disclosure of PHI

We do not sell, rent, or disclose PHI to third parties except as required to provide our services, as directed by the applicable Covered Entity, or as required by law.

3. Information We Collect

The application collects information entered by authorized agency staff, including:

Participant information: name, visit dates, and clinical observation data documented during home visits
Agency information: agency name and contact details
Caregiver and staff information: names and user credentials
Visit documentation: structured observation fields, timestamps, and any notes entered during a visit

We do not collect payment information, government identification numbers, or information from individuals under 13 years of age.

4. How We Use Information

Information collected through Versor Health is used solely to:

Provide compliance documentation and recordkeeping functionality to authorized agencies
Generate inspection-ready participant records and plans of care
Support internal quality assurance and product improvement in de-identified, aggregated form only
Comply with applicable legal and regulatory obligations

We do not use PHI for advertising, marketing, or any purpose unrelated to the provision of our services.

5. Data Storage and Infrastructure

Versor Health stores data using Supabase, a managed database platform, hosted on infrastructure provided by Amazon Web Services (AWS) and delivered through Vercel. All data is stored within the United States. AWS and Vercel maintain their own security certifications, including SOC 2 compliance. We maintain a Business Associate Agreement with our infrastructure providers as required under HIPAA where applicable.

6. Data Retention

We retain participant and visit records for the period required by the applicable agency's retention obligations under Illinois law and HIPAA, which is generally a minimum of six years from the date of creation or last effective date. Agencies may request deletion of records in accordance with their BAA and applicable law.

7. Data Sharing and Disclosure

We do not sell or share personal information or PHI with third parties for commercial purposes. We may disclose information in the following limited circumstances:

To authorized subcontractors and infrastructure providers operating under BAAs or equivalent data protection agreements
To the applicable Covered Entity (agency) that owns the data
As required by law, court order, or regulatory authority
To protect the rights, property, or safety of Versor Health, its users, or the public

8. User Rights

Authorized agency administrators may request access to, correction of, or deletion of records stored in Versor Health by contacting us directly. Requests related to participant PHI will be coordinated with the applicable Covered Entity in accordance with HIPAA requirements.

9. Security

We use industry-standard security measures including encrypted transmission (HTTPS/TLS), encrypted database storage, role-based access controls, and regular security reviews. No method of transmission or storage is completely secure; we cannot guarantee absolute security but are committed to protecting the data entrusted to us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to authorized agency contacts. Continued use of the application following notice of changes constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy, HIPAA-related requests, or data inquiries, please contact:

Versor Health
Email: support@versorhealth.com