HIPAA Notice of Privacy Practices
1. Purpose of This Notice
This Notice of Privacy Practices (“Notice”) describes how Bluvera Health (“we,” “us,” “our,” or the “Company”) protects, uses, and discloses protected health information (“PHI”) in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations.
As a Business Associate of healthcare providers, Bluvera Health receives, maintains, and transmits PHI solely for the purpose of performing contracted medical billing, coding, and administrative services.
This Notice applies to PHI we handle on behalf of our clients (Covered Entities) and to the limited personal information we may collect directly from clients or website visitors.
2. Our Responsibilities Under HIPAA
Bluvera Health is committed to maintaining the privacy and security of all PHI entrusted to us. Under HIPAA, we are required to:
Maintain the confidentiality, integrity, and availability of all PHI we create, receive, or maintain on behalf of our clients.
Use or disclose PHI only as permitted or required by our Business Associate Agreements (BAAs) and applicable law.
Implement and enforce appropriate administrative, technical, and physical safeguards to protect PHI.
Report any unauthorized uses or disclosures of PHI to the appropriate Covered Entity in accordance with HIPAA breach notification requirements.
3. Permitted Uses and Disclosures of PHI
Bluvera Health may use or disclose PHI only as permitted under HIPAA and the terms of our BAAs, including:
a. For Healthcare Operations and Billing Services:
To perform medical billing, coding, claims submission, payment posting, and related support activities for our healthcare provider clients.
b. For Legal and Regulatory Compliance:
To comply with applicable federal, state, or local laws, court orders, or legal processes.
c. For Business Associate Operations:
To manage internal functions such as quality assurance, data security, employee training, and auditing, provided PHI is appropriately safeguarded and limited.
d. For Subcontractor or Vendor Support:
To subcontractors who assist in providing billing services, provided they are bound by written, HIPAA-compliant Business Associate Agreements.
e. As Otherwise Authorized by the Covered Entity:
Bluvera Health may use or disclose PHI as specifically directed by the healthcare provider we serve, consistent with applicable law.
4. Prohibited Uses and Disclosures
Bluvera Health will not use or disclose PHI:
For marketing or fundraising purposes.
For any sale of PHI.
For any purpose not expressly permitted by HIPAA, our BAAs, or applicable law.
We do not use PHI for our own independent purposes, nor do we contact patients directly except as authorized by our clients.
​
5. Safeguards and Security Measures
Bluvera Health employs administrative, physical, and technical safeguards to protect PHI, including but not limited to:
Encryption of data in transit and at rest.
Access controls and multi-factor authentication.
Secure, HIPAA-compliant communication systems.
Workforce training on privacy and security requirements.
Regular internal audits and risk assessments.
6. Breach Notification
In the event of a breach involving unsecured PHI, Bluvera Health will promptly notify the affected Covered Entity, providing all required details to enable compliance with HIPAA breach notification obligations.
7. Individual Rights
As a Business Associate, Bluvera Health does not maintain a direct relationship with individual patients. Therefore, requests to access, amend, or restrict the use of PHI must be directed to the Covered Entity (your healthcare provider).
However, we will fully cooperate with our clients to facilitate these requests in accordance with HIPAA requirements.
8. Retention and Disposal of PHI
PHI is retained only for the period required by law, regulation, or our client agreements. When PHI is no longer needed, it is securely destroyed using approved methods that render the information unreadable and irretrievable.
9. Complaints
If you believe that your health information has been used or disclosed in violation of HIPAA, you may file a complaint:
With your healthcare provider (the Covered Entity), or
Directly with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR).
Bluvera Health will not retaliate against any individual or client for filing a complaint in good faith.
10. Changes to This Notice
We reserve the right to revise or update this Notice at any time. Any changes will be effective immediately upon posting the updated Notice on our website, unless otherwise required by law. The effective date of the most recent version will appear at the top of this document.
11. Contact Information
For questions or concerns about this Notice or our privacy practices, please contact:
Bluvera Health
Email: bluverahealth@outlook.com
Location: Washington State (operating remotely)
Website: www.bluverahealth.com
​
Improve our website functionality and user experience.
Process transactions and maintain business records.
Respond to inquiries or legal requests.
We do not sell or rent personal or health information to any third party.
5. HIPAA Compliance
Bluvera Health acts as a Business Associate under HIPAA. We maintain strict administrative, physical, and technical safeguards to protect PHI, including:
Encryption of electronic PHI in transit and at rest.
Restricted access based on role and authorization.
Regular training of personnel on HIPAA compliance.
Secure data storage and transmission systems.
Execution of Business Associate Agreements (BAAs) with all covered entities and relevant subcontractors.
6. Disclosure of Information
We may disclose information:
To healthcare providers, payers, and clearinghouses as necessary to perform contracted billing services.
To subcontractors and vendors under signed HIPAA-compliant BAAs.
When required by law, regulation, subpoena, or court order.
To prevent fraud, protect our rights, or ensure network and data security.
We do not share PHI for marketing or non-permitted purposes.
7. Data Retention
We retain records and PHI for the period required by applicable laws and client agreements. Once retention obligations end, data is securely destroyed using approved deletion or shredding protocols.
8. Data Security
We employ reasonable administrative, technical, and physical safeguards to protect all data under our control. However, no electronic transmission or storage system is 100% secure, and we cannot guarantee absolute security.
9. User Rights
If you are a patient whose PHI we process on behalf of a healthcare provider, please contact your provider directly to exercise your HIPAA rights.
Clients and partners may contact us at bluverahealth@outlook.com to request access, correction, or deletion of business or contact data, subject to legal limitations.
10. Children’s Privacy
Our website and services are not directed toward children under 13. We do not knowingly collect personal information from minors.
11. Changes to This Policy
We reserve the right to modify this Privacy Policy at any time. Updated versions will be posted on our website with a revised effective date.
12. Contact Us
For questions or concerns regarding this Privacy Policy or our data practices, please contact us at:
Bluvera Health
Email: bluverahealth@outlook.com
Location: Washington State (operating remotely)
