Log In

Timely reminders, customizable self-service forms, and real-time two-way messaging for seamless communication.

Comprehensive practice management with streamlined scheduling, billing, and reporting tools.

Streamlined insurance automation with efficient eligibility checks and seamless claims submissions.

Simplify and streamline the onboarding process for a seamless patient experience.

Expedite claims processing with automated and accurate submissions.

Ensure accuracy with efficient pre-claim eligibility and verification checks.

Optimize financial workflows with precise and timely payment reconciliation.

Discover who we are, our mission, and the values driving our success.

Reach out for inquiries, support, or collaboration opportunities.

Stay informed with insights, trends, and expert perspectives.

Privacy policy

Ivory.AI Privacy and Security Policy 

Effective Date: April 7, 2025 

 Last Updated: April 7, 2025 

Introduction
This Privacy and Security Policy (“Policy”) is entered into by and between Ivory.AI (“Ivory,” “we,” “us,” or “our”) and any entity or individual that accesses or uses Ivory’s software-as-a-service platform (“Client”), solely to the extent such use involves the collection, transmission, storage, or processing of Protected Health Information (“PHI”) within the meaning of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). 

Scope
This Policy shall apply to all PHI that is: (a) disclosed to Ivory by a Covered Entity or its agents pursuant to a duly executed Business Associate Agreement (“BAA”); or (b) collected directly from individuals through features made available by Ivory at the direction of the Covered Entity, including but not limited to patient intake forms. 

Ivory shall at all times operate as a Business Associate and shall not be construed as a Covered Entity under applicable law. 

Collection and Use of PHI

Ivory may collect, access, use, and maintain PHI solely as follows: 

A. PHI Provided by Covered Entities 

Ivory shall receive and process PHI from Clients for the sole purpose of delivering authorized services under the scope of a BAA, including but not limited to clinical decision support, treatment planning, claims submission, insurance verification, practice analytics, and operational automation. 

B. PHI Collected via Patient-Facing Features 

Where a Client enables the patient intake or form collection feature, Ivory may directly collect PHI from individuals on behalf of the Client. All such PHI shall be transmitted to the designated Client and shall be handled in accordance with this Policy and any applicable BAA. 

Ivory shall not: (i) use PHI for purposes unrelated to service provision; (ii) disclose PHI to third parties without appropriate authorization or legal obligation; (iii) retain PHI longer than necessary to fulfill its contractual or regulatory duties. 

Consent and Patient Rights
For any PHI collected directly from individuals, Ivory shall: (a) present a clear and conspicuous consent statement within any patient-facing interface; (b) enable patients to revoke consent or request access to or deletion of their data by written request to privacy@ivory.ai; (c) retain documentation of such consent as required under applicable law. 

 Information Security Measures
Ivory shall implement and maintain reasonable and appropriate administrative, physical, and technical safeguards designed to: (a) ensure the confidentiality, integrity, and availability of PHI; (b) protect against any reasonably anticipated threats or hazards; (c) prevent unauthorized access or disclosures. 

Such measures shall include: 

  • Encryption of PHI in transit and at rest using industry-accepted protocols; 
  • Role-based access control and multifactor authentication; 
  • Logging and auditing of PHI access and system activity; 
  • Hosting within HIPAA-compliant infrastructure in the United States. 

 
State Law Compliance

A. Washington State (MHMDA) 

Where Ivory collects data directly from individuals residing in Washington, Ivory shall: (i) obtain express consent prior to collection; (ii) honor individual requests for access or deletion of health data; (iii) refrain from engaging in geofencing or unauthorized sales of health data. 

B. New York State (NYHIPA) 

Ivory shall monitor the enactment and implementation of NYHIPA and shall take such measures as may be required by law, including securing consent and fulfilling data subject rights, to the extent applicable. 

Breach Notification
Ivory shall provide written notification to the impacted Client without unreasonable delay, and no later than required by law, following the discovery of any unauthorized access, use, or disclosure of PHI that constitutes a breach under HIPAA. 

Training and Oversight
All Ivory personnel with access to PHI shall undergo HIPAA training and shall be bound by confidentiality obligations. Ivory shall conduct routine audits and assessments to monitor compliance with this Policy. 

Retention and Disposal of PHI
PHI shall be retained only as long as necessary to fulfill contractual, operational, or legal requirements. Upon termination of services, PHI shall be securely destroyed or de-identified in accordance with NIST and HIPAA standards, unless otherwise required by the BAA or applicable law. 

Notices and Contact Information

All notices or inquiries under this Policy shall be directed in writing to: 

Privacy Office 

 Ivory.AI 

 18300 NE Union Hill Rd, Suite 210 

 Redmond, WA 98052 

 Email: privacy@ivory.ai 

Amendments
Ivory reserves the right to revise this Policy at any time. Clients shall be notified of material changes, and continued use of the services following such notice shall constitute acceptance of the updated terms. 

 

Subscribe for the latest
updates and exclusive insights

By subscribing, you agree to our Terms of Use.

18300 Ne Union Hill Rd Ste 210 Redmond, WA 98052

Linkedin Instagram X-twitter

Product

Solutions

Company

© 2025 Ivory.ai, All Rights Reserved

  • Terms Of Use
  • Privacy Policy
Scroll to Top