Payer Ready LLC Privacy Policy

Effective Date: March 26, 2026   Last Updated: March 26, 2026

1. Introduction and Scope

Payer Ready LLC ("Payer Ready," "Company," "we," "our," or "us") is committed to maintaining the highest standards of data privacy and security. This Privacy Policy (the "Policy") governs the collection, use, disclosure, retention, and protection of information obtained through your interaction with our website at PayerReady.com, its subdomains (including app.payerready.com), and the integrated software solutions we provide, including but not limited to provider credentialing, payer enrollment, compliance monitoring, EDI & EFT management, and document management (collectively, the "Service").

This Policy applies to information collected:

  • On the Site and through the Service, including the Platform dashboard and registration forms.
  • In electronic communications (email, text, chat, and API calls) between you and Payer Ready.
  • Through Organization Administrator, Coordinator, or RCM partner portals when managing provider rosters.
  • Through our marketing website pages (payerready.com), including contact forms, landing pages, and resource downloads.

This Policy does not apply to information collected by third parties, including third-party applications, payment processors, insurance payers, or websites that may link to or be accessible from our Service. We encourage you to review the privacy policies of any third-party services you interact with.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree with this Policy, please do not use the Service. This Policy is incorporated into and made a part of our Terms & Conditions.

2. Categories of Information We Collect

In order to provide specialized healthcare administrative services, we collect several categories of information. Below is a detailed description of the types of information we collect, organized by category.

A. Identifiers and Personal Information

  • Personal Identifiers: Legal name (first, middle, last), alias or maiden name, date of birth, Social Security Number (SSN), postal address (home and practice), email address, telephone number, and unique personal identifiers.
  • Online Identifiers: IP address, browser fingerprint, device identifiers, and cookie identifiers.
  • Account Credentials: Username, password (stored in hashed form), and account security questions.

B. Professional and Employment Information

  • Professional Identifiers: National Provider Identifier (NPI), CAQH ID, PECOS login credentials, DEA registration number and expiration, state medical/professional license numbers and expiration dates, and taxonomy codes.
  • Education and Training: Medical school, residency and fellowship programs, board certifications, continuing medical education (CME) records, and graduation dates.
  • Employment History: Current and prior practice affiliations, hospital privileges, work addresses, employment dates, supervisor names, and reasons for leaving.
  • Professional References: Names, titles, contact information, and professional relationships of references provided for credentialing purposes.
  • Malpractice and Disciplinary History: Malpractice claims history, license suspensions or revocations, disciplinary actions, felony convictions, and attestation responses.
  • Insurance Information: Professional liability insurance carrier, policy number, coverage amounts, effective and expiration dates.

C. Financial Information

  • Payment Information: Credit card numbers, debit card numbers, billing address, and payment history (payment card data is processed by our third-party payment processor, Stripe, and is not stored on our servers).
  • Banking Information: Bank account numbers and routing numbers for Electronic Funds Transfer (EFT) setup and direct deposit enrollment.
  • Billing Records: Invoice history, transaction records, and fee schedules.

D. Sensitive and Protected Classifications

  • Government-Issued Identification: Driver's license, passport, or state-issued identification documents for Primary Source Verification (PSV) and identity confirmation.
  • Protected Characteristics: Under California or federal law, we may process information such as race, color, sex/gender, national origin, or age as part of certain credentialing, demographic reporting, or compliance requirements mandated by payers or regulatory bodies.
  • Health-Related Information: Immunization records, TB test results, and other health screening documentation required by certain payers or healthcare facilities for credentialing.

E. Documents and Files

  • Uploaded Documents: Curriculum vitae (CV), copies of licenses and certifications, board certificates, diplomas, professional liability insurance certificates, passport-style photographs, and any other documents you upload to the Platform.
  • Electronic Signatures: Digital signatures applied to enrollment forms, attestations, and other documents processed through the Service.

F. Technical and Usage Data

  • Device Information: Browser type and version, operating system, screen resolution, device type, and language preferences.
  • Usage Data: Pages visited, features used, time spent on pages, click patterns, navigation paths, and interaction with dashboard elements.
  • Log Data: Server access logs, error logs, timestamps, referring URLs, and exit pages.
  • Location Data: Approximate geographic location derived from IP address (we do not collect precise GPS location).

3. Sources of Collection

We acquire the information described above from the following sources:

  • Directly from You: When you create an account, complete your Provider Profile, submit registration forms, upload documents, communicate with our support team, or otherwise interact with the Service.
  • From Organization Administrators and Coordinators: When your employer, practice group, healthcare organization, or designated coordinator enters your data to facilitate credentialing and enrollment on your behalf.
  • From NPI Registry (NPPES): When we verify your NPI number during registration, we retrieve publicly available provider data from the National Plan and Provider Enumeration System.
  • From Third-Party Verifiers and Primary Sources: From state licensing boards, the Office of Inspector General (OIG) exclusion list, the System for Award Management (SAM) exclusion list, National Practitioner Data Bank (NPDB), CAQH ProView, and other primary source verification databases during the credentialing process.
  • From Insurance Payers: Status updates, enrollment confirmations, and correspondence received from payers regarding your enrollment applications.
  • From Payment Processors: Transaction confirmations and payment status from Stripe and other payment processing partners.
  • Automated Technologies: Through cookies, web beacons, analytics tools (such as Google Analytics via Google Tag Manager), and similar technologies as you navigate the Site and Platform.

4. How We Use Your Information

We use the information we collect for the following business and commercial purposes:

A. Core Service Delivery

  • Credentialing and Enrollment: To compile, verify, and submit provider credentialing packages and payer enrollment applications on your behalf.
  • Document Management: To store, organize, and retrieve your credentialing documents, licenses, certificates, and enrollment correspondence securely within the Platform.
  • Compliance Monitoring: To execute continuous monitoring of license expirations, certification renewals, and exclusion list checks (OIG, SAM) to help maintain your active enrollment status.
  • EDI & EFT Management: To set up and manage Electronic Data Interchange and Electronic Funds Transfer enrollment.
  • CAQH and PECOS Management: To create, update, and manage your CAQH ProView profile and PECOS enrollment records.

B. Account and Platform Operations

  • Account Management: To create and maintain your Account, authenticate your identity, and manage your access permissions.
  • Communication: To send you service-related notifications, enrollment status updates, document expiration reminders, support responses, and administrative messages.
  • Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance through our support channels.

C. Financial and Billing

  • Payment Processing: To process payments for Services, manage invoices, and facilitate refunds when applicable.
  • Financial Management: To facilitate EFT direct deposit setup and manage EDI transactions on your behalf.

D. Analytics and Improvement

  • Service Optimization: To analyze usage patterns, diagnose technical issues, improve the user interface, and enhance the overall user experience.
  • Aggregated Analytics: To generate de-identified, aggregated statistics about service usage, industry trends, and enrollment metrics. Aggregated data does not identify any individual user.

E. Legal and Compliance

  • Legal Obligations: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Contractual Enforcement: To enforce our rights under the Terms & Conditions, investigate potential violations, and protect the safety and security of our users and the Service.
  • Audit and Recordkeeping: To maintain records as required by healthcare regulations, credentialing standards, and applicable retention requirements.

5. Disclosure and Sharing of Information

Payer Ready does not sell your Personal Information. We share information only in the following circumstances and with the following categories of recipients:

A. Service-Related Disclosures

  • Insurance Payers and Networks: We share your credentialing information and enrollment applications with the insurance payers, managed care organizations, and provider networks with which you seek enrollment. This is the core purpose of the Service.
  • Primary Source Verification Bodies: We submit verification requests to state licensing boards, NPDB, educational institutions, and other primary sources as part of the credentialing process.
  • CAQH and PECOS: We submit and update information on your CAQH ProView profile and PECOS enrollment records as part of the Service.

B. Organizational Disclosures

  • Your Organization: If you are associated with an Organization account (e.g., a practice group or healthcare system), your credentialing data may be visible to authorized administrators and coordinators within your Organization as needed to manage enrollment operations.
  • RCM Partners: If your Organization utilizes a third-party revenue cycle management (RCM) firm, your data may be shared with that firm to facilitate billing and claims processing.

C. Service Providers (Subprocessors)

  • Cloud Hosting: Our Platform infrastructure is hosted on secure cloud servers with appropriate security certifications.
  • Payment Processing: Stripe, Inc. processes payment transactions on our behalf. Your payment card data is transmitted directly to Stripe and is subject to Stripe's Privacy Policy.
  • Email Delivery: We use email service providers to deliver transactional and notification emails.
  • Analytics: We use Google Analytics (via Google Tag Manager) on our public marketing pages to understand website traffic and user behavior. Analytics tracking is not enabled on authenticated dashboard pages to protect the privacy of provider data.

All service providers are contractually bound to use your information only for the purposes of providing services to Payer Ready, to maintain confidentiality, and to implement appropriate security measures.

D. Legal and Protective Disclosures

  • Legal Compulsion: To comply with a court order, subpoena, law, or legal process, including responding to government or regulatory requests.
  • Rights Protection: To protect the rights, property, or safety of Payer Ready, our users, or the public, including investigating potential violations of our Terms & Conditions.
  • Business Transfers: In connection with a merger, acquisition, divestiture, restructuring, dissolution, or other sale or transfer of some or all of Payer Ready's assets. In such event, the acquiring entity will be subject to this Privacy Policy with respect to your information.

6. HIPAA and Protected Health Information

6.1. HIPAA Compliance. Payer Ready acknowledges that, in the course of providing the Service, it may receive, create, maintain, or transmit Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"). Payer Ready is committed to complying with all applicable HIPAA and HITECH requirements.

6.2. Business Associate Agreement. To the extent required by HIPAA, Payer Ready will enter into a Business Associate Agreement ("BAA") with applicable Covered Entities before accessing, receiving, or processing PHI. The BAA governs the permitted uses and disclosures of PHI and supplements this Privacy Policy.

6.3. PHI Safeguards. We maintain administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of PHI in accordance with the HIPAA Security Rule (45 CFR Part 160 and Subparts A and C of Part 164). These safeguards include:

  • Encryption of PHI in transit (TLS 1.2 or higher) and at rest.
  • Role-based access controls restricting PHI access to authorized personnel on a need-to-know basis.
  • Audit logging of all access to and modifications of PHI.
  • Regular security risk assessments and vulnerability testing.
  • Employee training on HIPAA privacy and security requirements.
  • Secure session management with automatic timeouts.

6.4. Minimum Necessary Standard. Payer Ready accesses, uses, and discloses only the minimum amount of PHI necessary to accomplish the intended purpose, in accordance with the HIPAA minimum necessary standard.

6.5. Breach Notification. In the event of a breach of unsecured PHI, Payer Ready will notify affected Covered Entities without unreasonable delay and in no event later than sixty (60) calendar days after discovery of the breach, or as required by the applicable BAA, whichever is sooner. We will cooperate with affected parties and regulatory authorities in investigating any breach and will take commercially reasonable steps to mitigate harm.

6.6. HIPAA Exception to State Privacy Laws. To the extent that information qualifies as PHI under HIPAA, your rights with respect to such information are primarily governed by HIPAA and the applicable BAA, which may preempt certain state privacy law requirements. Where state law provides greater privacy protection than HIPAA, the more protective standard will apply.

7. Your Rights and Choices

A. Access and Review

You can review your personal and professional information at any time by logging into your Account and accessing your Provider Profile or Organization dashboard. You may also request a copy of the personal information we hold about you by contacting us at privacy@payerready.com.

B. Correction and Update

You can update and correct your personal information directly through the Platform. If you are unable to make a correction through the Platform, you may contact us and we will make commercially reasonable efforts to update the information within thirty (30) days of your request.

C. Deletion

You may request the deletion of your personal information by contacting privacy@payerready.com. We will process your request within thirty (30) days, subject to any legal, regulatory, or contractual obligations that require continued retention. Please note that certain healthcare-related records may need to be retained for extended periods to comply with credentialing standards and applicable law.

D. Data Export and Portability

You may export your data at any time through the Platform's export functionality or by contacting support@payerready.com. We will provide your data in commonly used, machine-readable formats (such as CSV, PDF, or JSON) where technically feasible.

E. Communication Preferences

You may opt out of non-essential marketing communications by using the unsubscribe link in any marketing email or by contacting us. Please note that you cannot opt out of transactional and service-related communications (such as enrollment status updates, document expiration alerts, and account security notifications), as these are essential to the delivery of the Service.

F. Tracking Technologies

You can configure your browser to refuse cookies or to alert you when cookies are being sent. However, certain features of the Platform may not function properly without cookies. For more details, see Section 10 (Cookies and Tracking Technologies) below.

G. "Do Not Track" Signals

Some web browsers transmit "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, as no uniform industry standard for DNT has been adopted. If a standard is established in the future, we will update this section accordingly.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights Act of 2020 ("CPRA"):

A. Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you over the past twelve (12) months, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we have shared it. You may make such a request up to two (2) times in a twelve (12) month period.

B. Right to Delete

You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions provided by law, including where retention is necessary to complete a transaction you requested, comply with a legal obligation, detect security incidents, exercise or defend legal claims, or perform the Service as outlined in our agreement with you.

C. Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of processing.

D. Right to Opt-Out of Sale or Sharing

Payer Ready does not sell your personal information as defined under the CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising purposes. If our practices change in the future, we will update this section and provide a "Do Not Sell or Share My Personal Information" link on our Site.

E. Right to Limit Use of Sensitive Personal Information

To the extent Payer Ready processes sensitive personal information (such as Social Security numbers, government-issued IDs, or health-related information) beyond what is necessary to perform the Service, you have the right to limit our use and disclosure of such information. Given the nature of our Service, most sensitive information processing is necessary to perform credentialing and enrollment services.

F. Non-Discrimination

Payer Ready will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you the Service, charge you different prices, provide a different level or quality of Service, or suggest that you may receive a different price or level of Service as a result of exercising your rights.

G. Authorized Agents

You may designate an authorized agent to make a CCPA/CPRA request on your behalf. The authorized agent must provide written permission signed by you and we may require you to verify your identity directly with us, or the agent must provide proof of power of attorney pursuant to California Probate Code sections 4000 to 4465.

H. How to Exercise Your California Rights

To exercise any of the rights described in this section, you or your authorized agent may submit a verifiable consumer request by emailing privacy@payerready.com or by writing to us at the address provided in Section 16. We will respond within forty-five (45) calendar days, or notify you if we need additional time (up to an additional forty-five (45) days).

I. CCPA Categories Disclosure

In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA:

Category Collected Sold
Identifiers (name, email, SSN, NPI)YesNo
Professional/employment informationYesNo
Financial informationYesNo
Protected classificationsYes (when required)No
Internet/electronic activityYesNo
Geolocation data (approximate)YesNo
Sensory data (uploaded photos)YesNo
Sensitive personal informationYes (SSN, gov't IDs)No

J. HIPAA Exception

The CCPA/CPRA does not apply to Protected Health Information collected by a Covered Entity or Business Associate governed by HIPAA. To the extent that your personal information qualifies as PHI under HIPAA, your rights with respect to such information are governed by HIPAA and the applicable BAA, rather than the CCPA/CPRA.

9. Other State Privacy Rights

In addition to California, residents of the following states may have additional privacy rights under their respective state privacy laws:

  • Virginia (Virginia Consumer Data Protection Act, (Virginia Consumer Data Protection Act, VCDPA)
  • Colorado (Colorado Privacy Act, CPA)
  • Connecticut (Connecticut Data Privacy Act, CTDPA)
  • Utah (Utah Consumer Privacy Act, UCPA)
  • Texas (Texas Data Privacy and Security Act, TDPSA)
  • Oregon (Oregon Consumer Privacy Act, OCPA)
  • Montana (Montana Consumer Data Privacy Act, MCDPA)
  • Iowa (Iowa Consumer Data Protection Act, ICDPA)

These laws generally provide rights similar to the CCPA/CPRA, including the right to access, correct, and delete your personal data, the right to opt out of targeted advertising, and the right to appeal our decisions regarding your privacy requests. Payer Ready is committed to honoring valid requests made under these laws. To exercise any state-specific privacy rights, please contact us at privacy@payerready.com.

10. Cookies and Tracking Technologies

10.1. Types of Cookies We Use.

  • Essential Cookies: Required for the Platform to function properly. These include session cookies, CSRF protection tokens, and authentication cookies. These cookies cannot be disabled without impacting the functionality of the Service.
  • Analytics Cookies: Used on our public marketing pages (payerready.com) through Google Tag Manager and Google Analytics to help us understand how visitors interact with our website. Analytics cookies are not used on authenticated dashboard pages (e.g., /doctor/*, /coordinator/*, /organization-admin/*, /super-admin/*) to protect provider privacy.
  • Functional Cookies: Used to remember your preferences and settings, such as language preferences and display options.

10.2. Third-Party Tracking. We use Google Tag Manager (container GTM-WXSGXW6G) on public marketing pages to manage analytics tags. Google Analytics (G-27QZ5BZC4G) collects anonymized usage data on public pages only. We have configured our analytics implementation to:

  • Block all analytics tracking on authenticated dashboard pages.
  • Enable IP anonymization.
  • Enable Restricted Data Processing for California users.
  • Not collect any personally identifiable information (PII) through analytics.

10.3. Managing Cookies. You can manage cookie preferences through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified before a cookie is set. Please note that disabling essential cookies may prevent you from using certain features of the Platform.

11. Data Security

Payer Ready maintains a comprehensive information security program designed to protect your information from unauthorized access, use, disclosure, alteration, or destruction. Our security measures include:

  • Encryption: Data encrypted in transit using TLS 1.2 or higher, and sensitive data encrypted at rest using industry-standard algorithms.
  • Access Controls: Role-based access controls (RBAC) ensuring that users can only access information appropriate to their role (Doctor, Coordinator, Organization Admin, Super Admin).
  • Authentication: Secure password hashing, session management with automatic timeouts, and support for multi-factor authentication.
  • Monitoring: Audit logging of access to and modifications of sensitive data, regular security assessments, and vulnerability scanning.
  • Personnel: Security awareness training for all personnel with access to user data.
  • Infrastructure: Secure hosting environment with appropriate physical security, redundant systems, and disaster recovery capabilities.
  • Incident Response: Documented incident response procedures for identifying, containing, and remediating security incidents.

While we take commercially reasonable measures to protect your data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security and are not responsible for unauthorized access that occurs despite our implementation of commercially reasonable security measures.

12. Data Retention

12.1. Retention Periods. We retain your information for as long as your Account is active and as needed to provide the Service. Specific retention periods include:

  • Active Accounts: All user data is retained for the duration of your active Account.
  • Post-Termination: Following Account termination, you have a thirty (30) day window to export your data. After that, we will delete or anonymize your data within ninety (90) days, except as noted below.
  • Legal and Regulatory: Certain records may be retained for longer periods as required by applicable law, healthcare regulations, credentialing standards, or legal holds. These records are securely isolated from active processing.
  • Financial Records: Billing and transaction records are retained for seven (7) years in accordance with tax and accounting requirements.
  • Electronic Signatures: Documents executed with electronic signatures are retained for a minimum of seven (7) years or as required by applicable law.

12.2. Backup Copies. Deleted data may persist in encrypted backup systems for a limited period as part of our standard backup and disaster recovery procedures. Backup copies are overwritten in the normal course of backup rotation and are not used for active processing.

13. International Users

Payer Ready is a United States-based company. Our Site, Platform, and Service are designed for and directed to users in the United States. The Service is not intended for residents of the European Economic Area (EEA), the United Kingdom, or other jurisdictions outside the United States.

If you access the Service from outside the United States, you acknowledge and consent to the transfer, processing, and storage of your information in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to such transfer and processing.

14. Children's Privacy

The Service is intended exclusively for use by professional adults who are at least eighteen (18) years of age. We do not knowingly collect, use, or disclose personal information from individuals under the age of eighteen (18). If we become aware that we have inadvertently collected personal information from a minor, we will take prompt steps to delete such information. If you believe that we have collected information from a minor, please contact us at privacy@payerready.com.

15. Changes to This Policy

Payer Ready reserves the right to amend, modify, or update this Privacy Policy at any time at its sole discretion. When we make changes, we will update the "Last Updated" date at the top of this page. For material changes that significantly affect how we collect, use, or share your information, we will make reasonable efforts to notify you via the email address associated with your Account or through an in-application notification at least thirty (30) days prior to the effective date of the changes.

Your continued use of the Service after the effective date of any changes to this Policy constitutes your acceptance of the updated Policy. We encourage you to periodically review this page for the latest information on our privacy practices.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your privacy rights, please contact us at:

Payer Ready LLC
3350 SW 148th Avenue, Suite 110
Miramar, Florida 33027
United States

General Inquiries: hello@payerready.com
Privacy Requests: privacy@payerready.com
Support: support@payerready.com
Phone: (888) 701-6090