Verification is in Process.........  

for a free* 30-day trial or call us at
1-877-246-6888 for more information. Click here for Trial Program details

Stay Connected

Privacy Policy

IMPORTANT: AGREEMENT BETWEEN USER AND WWW.CAREVAULT.COM

Welcome to www.carevault.com. The www.carevault.com website (the "Site") is comprised of various web pages operated by CareVault Corporation ("CareVault"). The Site is offered to you conditioned on your acceptance, without modification, of this Privacy Policy and the Terms of Use (the "Terms"). Your use of www.carevault.com constitutes your acknowledgement of and agreement to comply with and be bound by the Terms and this Privacy Policy. If you use this Site on behalf of an organization, references in this Agreement to “you” and “your” are intended to be references to you individually and to your organization, both of which are bound. Please read these terms carefully, and keep a copy of them for your reference. CareVault reserves the right, at its sole discretion, to change, modify, add or remove portions of this Privacy Policy and the Terms, at any time, without notice. It is your responsibility to check the Terms periodically for changes. Your continued use of the Site following the posting of changes will mean that you accept and agree to the changes. If you do not agree with this Privacy Policy and the Terms, do not use the Site.


  1. CareVault is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients in the healthcare industry. This notice explains our practices with regard to the protected health information that we receive from our clients for medical records processing as a business associate under the US health privacy law known as HIPAA.
  2. When you visit the CareVault web site, CareVault will not collect personally identifiable information about you, unless you provide such information voluntarily. If you decide not to provide us with personally identifiable information that may be requested, you may be unable to access or receive certain information. CareVault will collect and process PHI only as required or permitted by our business associate agreement and applicable laws, including HIPAA and the Affordable Care Act (ACA). CareVault will at all times maintain reasonable and appropriate security controls to protect the information as required by the HIPAA Security Rule.
  3. HIPAA permits a covered entity to provide PHI to a business associate only if the covered entity obtains "satisfactory assurances" that the business associate will ensure "appropriate safeguards" for the PHI. These safeguards have been memorialized in written agreement known as the business associate contract. The business associate contract meets the following requirements:
    1. Establishes permitted and required uses over disclosure of PHI by the business associate and prohibits the unauthorized use or further disclosure of PHI.
    2. Permits the business associate to disclose PHI for its proper management and administration and to carry out its legal responsibilities.
    3. Provides that the business associate will:
      1. Not use or further disclose PHI other than as permitted or required by contract, or as required by law
      2. Use appropriate safeguards to prevent use or disclosure of PHI other than as provided by the contract
      3. Report to the covered entity any use or disclosure of the information not provided for by its contract of which it becomes aware
      4. Make PHI about an individual available to the individual
      5. Make PHI available for amendment and incorporate amendments accordingly
      6. Upon termination of the engagement, return or destroy all PHI or extends the existing protections of the contract to all PHI that cannot be returned or destroyed
  4. In accordance with the HIPAA privacy requirements for submission of electronic health care transactions, CareVault is compliant in meeting and adopting the 270/271 eligibility transactions standards as outlined by HIPAA.
  5. 271 responses are compliant with the Council for Affordable Quality Healthcare (CAQH) requirements. If the person whose information is requested is not reflected as a health plan member, the provider receives a message stating that the member is not in the plan's system.
  6. CareVault meets HIPAA guidelines governing the use and disclosure of electronic PHI. CareVault has implemented administrative, physical and technical safeguards that ensure reasonable and appropriate protection of the confidentiality, integrity and availability of the electronic PHI through the encryption and password protection of all electronic files. CareVault has created, implemented and maintains a written policy outlining CareVault's compliance with HIPAA and addressing CareVault's legal obligations as a business associate.
    Specifically, CareVault's policy addresses and effectuates each of the following:
    1. Contains a preamble advising all employees of HIPAA, describing the nature and confidentiality of protected health information and advising that business associates such as CareVault are required to comply with HIPAA
    2. Designates a privacy official who is responsible for the development and implementation of written policies and procedures governing the disclosure of PHI
    3. States that CareVault ensures the confidentiality by:
      1. Identifying members of the workforce who are authorized to handle PHI and by restricting access to PHI to such person
      2. Limiting the use and disclosure of the PHI by authorized members of the workforce as necessary
      3. Prohibiting unauthorized use or disclosure
    4. Establishes reasonable safeguards to prevent use or disclosure of PHI in violation of specific requirements of the business associate contracts to which CareVault is a party
    5. Requires CareVault to enter into written agreement that prohibits any agent, subcontractor or third parties to which CareVault discloses PHI from using or disclosing such PHI in a manner that violated HIPAA
    6. Outlines procedures for responding to request made by individuals for access to PHI, request for amendment of PHI, request for accountings of disclosures of PHI and request for restrictions of PHI
    7. Establishes that:
      1. All members of the workforce must receive training on the policies and procedures governing the appropriate use and protections of PHI
      2. All members of the workforce must receive training and obtain documentation that the training has been provided
      3. All members of the workforce must complete training before applicable compliance date or within a reasonable time after a person joins the workforce
      4. All members of the workforce must successfully pass background checks at local, state and federal levels
    8. Establishes that disciplinary action will be taken against members of the workforce who fail to comply with the policies and procedures governing the use and disclosure of PHI
    9. Requires CareVault to mitigate, to the extent practicable, any harmful effect of a known use or disclosures of PHI violation of CareVault's polices
    10. Establishes a process for individual to make complaints concerning policies and procedures
    11. Prohibits members of the workforce from intimidating, threatening, coercing or discriminating against an individual for the exercise of his or her rights under HIPAA
    12. Provides access to the Secretary of the Department of Health and Human Services