Orchid Healthcare Technology

Privacy policy

Privacy Policy

Last Updated: July 25, 2025

1. Introduction

Welcome to Orchid Healthcare Technologies, Inc. ("we," "us," or "our"). We provide the Orchid CodeGuard software-as-a-service (SaaS) and associated technologies (collectively, the "Service"). We are committed to protecting the privacy and security of the data we handle.

This Privacy Policy explains how we collect, use, share, and protect information. This policy applies to information collected through our website http://orchidhealthtech.com (the "Site") and in the course of providing our Service.

2. Our Role Under HIPAA

Orchid Healthcare Technologies, Inc. is a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). Our customers are typically healthcare providers, clearinghouses, or other entities who are Covered Entities or Business Associates under HIPAA.

  • Protected Health Information (PHI): In providing our Service, we may process electronic Protected Health Information (ePHI) on behalf of our customers. We handle all ePHI in strict accordance with the Business Associate Agreement (BAA) executed with each customer.
  • Business Associate Agreement (BAA): Before any customer provides PHI to our Service, a BAA must be in place. This agreement contractually obligates us to maintain the privacy and security of PHI according to all applicable HIPAA rules. The terms of the BAA supersede this Privacy Policy with respect to the handling of PHI.


3. Information We Collect

This Privacy Policy covers information we collect through our public-facing Site and information we process when providing our core Service.

  • On Our Site: The only personal information we collect through our Site is the information you voluntarily provide to us through our "Contact Us" form or when scheduling a meeting through third-party services like Calendly. This may include your name, email address, phone number, and company affiliation. We do not collect any Protected Health Information (PHI) through our public Site.
  • When Using Our Service: As described in Section 2, we collect and process information, including PHI, on behalf of our customers when they use our Service, governed strictly by a Business Associate Agreement (BAA). We also collect account and payment information necessary to manage our customer relationships.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Maintain the Service: To operate our AI-powered validation, manage user accounts, and process payments.
  • To Respond to Inquiries: To contact you after you have submitted information through our "Contact Us" form or scheduled a meeting.
  • To Comply with HIPAA: To fulfill our obligations as a Business Associate under our BAAs and HIPAA.
  • To Improve Our Service: We may use anonymized and aggregated data that cannot be linked back to any individual to analyze trends and improve our service's functionality and accuracy. We will never use PHI for marketing or any purpose not explicitly permitted by our BAA.
  • For Security and Compliance: To protect our Site and Service, prevent fraud, and enforce our legal terms. Our commitment to security is validated by our pursuit of SOC 2 Type 2 certification, which is underway.

5. How We Share and Disclose Information

We do not sell your information. We only share information under the following limited circumstances:

  • With Service Providers (Sub-processors): We may share information with third-party vendors who help us operate our business and Service, such as cloud hosting providers and scheduling tools (e.g., Calendly). We have appropriate data protection agreements in place with these providers.
  • For Legal Reasons: We may disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • In Case of Business Transfer: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the confidentiality and HIPAA obligations herein.

6. Data Security

We take data security very seriously. We have implemented and maintain a comprehensive security program with administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of data.

We are in the process of SOC 2 Type 2 certification. Our security controls will be regularly audited by an independent third party.

7. Google reCAPTCHA

Our Site uses reCAPTCHA, a service from Google, to help protect against spam and abuse. The use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Use.

8. Your Rights

You have rights regarding your personal information. If you wish to access or correct the account information you provided to us, you may do so by logging into your account or contacting us.

For requests related to your PHI, you must contact the relevant Covered Entity (e.g., your healthcare provider) directly. As a Business Associate, we cannot act on patient data requests without instruction from the Covered Entity.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Orchid Healthcare Technologies, Inc. | [email protected]