This Privacy Policy (“Privacy Policy”) describes how Vori Health, Inc. (“VoriHealth”) collectively referred to as “we,” “our,” and “us” in this PrivacyPolicy, collect and use personal information from and about you when you usethe Vori Health website [https://www.Vorihealth.com] and mobile application(s)(collectively, the “Website”), and/or when you communicate with Vori Health bye-mail, text message, telephone conversation, chat, or other means ofcommunicating electronically or by voice or video. Through the Website,we make certain information available to you regarding in-person and remote musculoskeletal care and facilitate your access to telemedicine and expertmedical services (the “Services”) provided by Vori Health Medical Group, PLLC (the “PLLC”). Vori Health understands that privacy of information is of great importance to our Visitors.
This PrivacyPolicy (“Privacy Policy”) describes how Vori Health, Inc. (“Vori Health”)collectively referred to as “we,” “our,” and “us” in this Privacy Policy, collect and use personal information from and about you (or, if applicable your minor child or other person on whose behalf you have legal authority to act, collectively“you”) when you use the Vori Health website [https://www.Vorihealth.com] and mobile application(s) (collectively, the “Website”), and/or when youcommunicate with Vori Health by e-mail, text message, telephone conversation, chat, or other means of communicating electronically or by voice or video. Through the Website, we make certain information available to you regarding in-person and remote musculoskeletal care and facilitate your access to telemedicine and expert medical services (the “Services”) provided by Vori Health Medical Group, PLLC (the “PLLC”). Vori Health understands that privacy of information is of great importance to our Visitors.
The Information we may collect, includes without limitation:
• Information that identifies you or can be used to identify you, such as your name; home or work address; personal or work e-mail address; home, work, and mobile telephone numbers; date of birth; credit or debit card numbers (which we collect for payment purposes only); images and videos (which may include voice recording); age, sex, and gender; Social Security Number; physical or mental health condition or history; health plan or insurance information; and other personal information;
• Information that you provide to be published or that you transmit through the Website to other users of the Website;
• Information about your Internet use or connection; the equipment you use to visit ourWebsite; usage details, such as traffic data, logs, referring/exit pages, the date and time of your visit to our Website; error information; clickstream data; and other communication data and the resources that you access and use onour Website, including without limitation usage details, IP addresses, and information collected through the use of cookies or other tracking technologies; and
• Information provided to us by others, such as our business partners.
We collect information that personally identifies you, such as your name, telephone number, email address, date of birth, data generated by sensors in the devices you use to access the Services and other data which can be reasonably linked to such information (“Personal Information”) only if you choose to share such information with us. For example, you will be required to provide us with certain Personal Information to register for the Services, sign up for certain features available through the Services (such as push notifications, text messages and other communications services which may offer you the ability to share information with third parties, such as health care professionals), andat other times. The decision to provide this information is optional; however, if you decide not to register or provide such information, you may not be able to use some or all of the features of the Services. Further, Vori Health may offer location-enabled services, for example to locate a nearby doctor or pharmacy. If you use those services, Vori Health may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID). Youwill have the option to disable collection and use of location information.However, doing so may prevent you from using some features of the Services, orlimit the function of some features.
Vori Health offers you the ability to share your Health Information with the PLLC in connection with the Services. “Health Information” includes Protected HealthInformation. “Protected Health Information” or “PHI” is personally identifiable information which relates to your health or payment for your healthcare services that is created or received by an entity covered under the HealthInsurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”), such as Vori Health as a business associate of the PLLC, and the PLLC, as a covered entity under HIPAA. Protected HealthInformation includes the combination of your Personal Information and personal health information, such as medical records, medical history and/or information regarding a condition or treatment (e.g. information about symptoms, prescriptions, allergies, diagnoses and outcomes or side effects of treatment).
When you use the Services, you expressly authorize the sharing of your Health Information with anyone whom is part of your Services team and is also a user of theServices, which may include your healthcare professional(s).
If you allow someone to access your account, you do so at your sole risk and may risk exposing your Health Information. Vori Health does not know and cannot control how anyone else to whom you give access to your account and/or with whom you share your Health Information may use your Health Information or account.Health Information you provide to others may not be protected, kept private, or be secure. You are solely responsible for all use of your account, by yourself or anyone whom you permit to use it. Vori Health will not be liable for any disclosure or use of Health Information or other information by you or anyone using your account with your permission.
You should not upload any Health Information regarding any person other than yourself without that person’s prior express consent. You must obtain the consent of your family member or any other person before you submit or share Health Information about that person. By submitting or sharing Health Information about a family member or anyone else, you represent and warrant that you have obtained that person’s express consent to do so or that you otherwise have the legal authority to do so (e.g., because that person is a minor and you are the parent or legal guardian).
This Privacy Policy also applies to information collected from Visitors after they register and log-in ("Members") to the password protected and secure portions of our website and mobile application ("Secure Platforms"). TheseSecure Platforms allow Members to utilize the Services provided by the PLLC.
This Privacy Policy details how we may use, share and maintain any information that you provide to us or to the PLLC. Vori Health's role is limited to making such information available to you and/or facilitate your access to theServices, on behalf of the PLLC as its “business associate” as that term is defined under HIPAA. Vori Health is independent from the PLLC and the healthcare providers that may provide you with Services through the PLLC. Vori Health is not responsible for the PLLC’s acts, omissions or for any content of the communications made by them to you. Vori Health does not engage in the practice of medicine or provide any health services to you. Vori Health provides certain business associate services to the PLLC.
Any Health Information stored and collected by Vori Health or added by Members into such Secure Platforms is identifiable, PHI and therefore governed by HIPAA. How the PLLC uses and discloses such PHI shall be in accordance with the PLLC’s Notice of Privacy Practices. For example, if you have consented to importing data from your healthcare provider into the Secure Platform, you should review the PLLC’s Notice of Privacy Practices to understand how the PLLC will use and disclose such PHI.
Special Considerations for Use or Disclosure of PHI related to Reproductive Health
When Vori Health receives a request for PHI potentially related to reproductive healthcare and where the request is for PHI for any of the following purposes:
• Health oversight activities
• Judicial or administrative proceedings
• Law enforcement
• Regarding decedents, disclosures to coroners and medical examiners
Vori Health will obtain a signed attestation that clearly states the requested use or disclosure is not for the following prohibited purposes:
(1) To conduct a criminal, civil, or administrative investigation into any person for the mere act of seeking, obtaining, providing, or facilitating lawful reproductive health care.
(2) To impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating lawful reproductive health care.
(3) To identify any person for any purpose described in (1) or (2).
The prohibition applies when the reproductive health care at issue (1) is lawful under the law of the state in which such health care is provided under the circumstances in which it is provided, (2) is protected, required, or authorized by Federal law, including the United States Constitution, under the circumstances in which such health care is provided, regardless of the state in which it is provided, or (3) is provided by another person and presumed lawful.
Your access and use of the Website and Secure Platforms are subject to your agreement with this Privacy Policy and the Website Terms of Use. By using the Website, you expressly agree to the terms of this Privacy Policy and consent to the collection and use of information as discussed in this Privacy Policy.
If you do not agree with this Privacy Policy, please do not use or access the Website for any purpose. Please print a copy of this Privacy Policy for your records.
Vori Health may revise this Privacy Policy regarding the collection of information at anytime. Should this Privacy Policy change materially, Vori Health will give notice to you by posting a notice regarding the new policy on the Website. The revised Privacy Policy will be effective as of its posting unless otherwise stated.
By accessing or using the Website after such changes are posted you agree to all such changes.
Collection, Use and Disclosure of Your Information Policy
Vori Health provides you with an appropriate notice, this document, of the potential uses and disclosures of your Health Information. Vori Health provides notice to you of our privacy practices on our website, and you have agreed to receive information from us via our website. We may also provide this information to you by email unless you notify us that you withdraw do not agree to such email communication.
Collection, Use and Disclosure of Your Information Procedure
You may withdraw your agreement to have Vori Health provide documents to you regarding the collection, use and disclosure of your information by contacting the Vori Health Chief Privacy Officer at privacy@vorihealth.com.
Either Vori Health or a third-party vendor on behalf of Vori Health may automatically collect information while Visitors browse the Website. We may collect such information by tracking, or asking a third-party vendor to track, your click-stream activity when such information is not tied to a user ID through the use of "cookie" technology or by tracking internet protocol (IP) addresses, as explained below.
Because we want our Website to better serve Visitors' needs, we collect some basic information about Visitors and their devices, including, but not limited to:
• IP address (the computer's address on the Internet)
• Operating system (e.g. Windows, macOS, Linux, iOS, Android OS\)
• Browser software (e.g. Microsoft Edge, Chrome, Firefox)
• Internet Service Provider (e.g. AT&T, Verizon, Comcast, etc.)
• Geographic location (e.g. Boston, Mass.)
• Type of device (e.g. iPad, desktop)
• Mobile device crash information
• Locale and language of device and whether it has fingerprint/face sensors and otheractivity sensors
• Data generated by activity sensors
• Dates and times you accessed and used the Website, features you used in the Website,and how long you use the Website overall
• Links you click and pages you view within the Website
• Pages you view before and after you leave the Website
We use this Information to provide you with the Services, to enhance and improve ourWebsite and to better serve our Visitors' needs. For example, we use thisInformation to know what browsers people most commonly use, what pages are most often visited, and what functionality is most used. Some of the Information we collect from Visitors, such as IP Address, may be considered identifiablePersonal Information. Additionally, there are times on our Website that Visitors are able to voluntarily submit Personal Information, such as their name, phone number, and/or email address in order to obtain more information from Vori Health. We may remove personal identifiers from your Personal Information and maintain and use it in a de-identified form ("De-IdentifiableInformation"). De-Identifiable Information and Personal Information are collectively referred to throughout this Privacy Policy as "Information".
The Information collected from Visitors on our Website may be shared with our suppliers and vendors and used in the aggregate to create summary statistics that help us analyze the Websites' usage trends, assess what information is of most and least importance, determine technical design specifications, arrange the Website in the most user-friendly way, and identify system performance or problem areas.
By continuing to use the Website, you hereby consent to the use and disclosure of your Information as set forth below:
• within Vori Health or with our service providers such as a cloud service provider inthe United States and Canada for data storage
• with our financial, insurance, legal, accounting or other advisors that provideprofessional services to us
• to respond to a subpoena, order, legal process, or government request
• to protect, establish or exercise our legal rights or defend against legal claims
• to investigate, detect, suppress, prevent or take action regarding illegal orprohibited activities, suspected fraud, situations involving potential threatsto the reputation or physical safety of any person
• if we are to be sold, merged, or amalgamated or substantially all of our assetsare to be sold or disposed of, your Personal Information may be transferred toa potential purchaser if, and to the extent necessary, it is required for thepurposes of deciding whether to proceed with the proposed transaction andcompleting it. If such a sale, merger, acquisition, or disposal is completed,we will use reasonable efforts to direct the transferee to use PersonalInformation you have provided to us in a manner that is consistent with thisPrivacy Policy. Following such a sale or transfer, you may contact the entityto which we transferred your Personal Information with any inquiries concerningthe processing of that information; or
• as otherwise required by law.
By becoming a user of the Services and providing your mobile number and/or email address, certain features of the Services will be provided to you via your mobile phone or other mobile device (or in rare cases, and upon request, by secure encrypted fax) which may include: the ability to upload content to the Website, download applications, and receive email, short message service (SMS), text message communications and mobile push notifications, each of which are not encrypted (“Mobile Features”). Standard messaging, data and/or other fees may be charged by your carrier. You can opt out of receiving email, SMS/text messages, and mobile push notifications. Although unlikely, it is possible for these communications to be intercepted or accessed without your authorization, and by using the Services, you release Vori Health from any liability arising from or related to any such interception or unauthorized access. You can opt out by changing your profile settings within the Services or by notifying your healthcare provider. You agree to notify Vori Health of any changes to your mobile number and email by updating your Vori Health Services account to reflect any changes.
If you contact Vori Health after business hours, you may reach our answering service or leave a voicemail with our answering service so urgent calls can be forwarded toon-call medical staff. The answering service uses reasonable security procedures and practices which are appropriate to the nature of the information involved, in order to protect your Personal Information, Health Information and/or Protected Health Information from unauthorized access, use, or disclosure.
Services concerning you may be accessed by the PLLC and its healthcare professionals who are linked to your account, and by Vori Health service providers, affiliates, representatives and assigns, all of whom may: send and receive reminders, alerts or other service-related information via email and/or push notifications or the like, i.e., utilize Mobile Features to notify and be notified of information about you. The use of Mobile Features may include the sharing of your Personal Information and Health Information. Although unlikely, it is possible for these communications to be intercepted or accessed without your authorization, and by using the Services, you release Vori Health from any liability arising from or related to any such interception or unauthorized access.
From time totime, and with your consent as defined in Vori’s Terms of Service, it may be necessary for us to disclose your Personal Information, HealthInformation, and/or Protected Health Information to other treatment providers(for example, your primary care physician or a provider to whom Vori Health has referred you for treatment). This disclosure may be made via secure encrypted fax or other secure means.
We use secure encrypted methods of communication such as E-Fax, which encrypts data end-to-end and whose privacy practices are consistent with ours. The methods we use have industry-standard security procedures and practices which are appropriate to the nature of the information involved, in order to protect yourPersonal Information, Health Information and/or Protected Health Information from unauthorized access, use, or disclosure.
In order to provide the Services to you, we may use your Personal Information and/or HealthInformation to verify your eligibility, review your claims status, and seek authorizations from payers. We will disclose only the information necessary to provide Services to you. In some instances, we may use secure encrypted fax for this disclosure.
We may use tools to obtain digital signatures from you, such as DocuSign. With its help, we can ensure that you explicitly authorize through the digital signature, when necessary, the release of your information to other treatment providers or insurance companies.
We may also use tools to obtain digital signatures from time to time when we need our employees to sign certain contractual agreements.
In either case, you will be able to consent to the use of such a digital tool before using it, and we will collect only the information necessary to execute the digital signature (including, but not limited to, your name, date of birth, physical address and email address). However, you should understand that the information we are required to collect in order to obtain your digital signature can include Personal Information, Health Information, and Protected Health Information. Your failure to consent to the use of a digital signature tool may restrict our ability to provide some Services to you.
We use a digital imaging tool to store digital imagery related to your treatment. Access to this digital imagery is given to Vori Health providers, who may share it with your other health care treatment providers. We will collect only the information necessary to store and access the digital imagery. The tool uses industry-standard security procedures and practices which are appropriate to the nature of the information involved, in order to protect your Personal Information, Health Information and/or Protected Health Information from unauthorized access, use, or disclosure.
We use a digital marketing platform to inventory, order, and track marketing items. This involves the use of name, postal address and email address from Vori Health employees, members and partners. We will collect only the information necessary for these marketing purposes. The platform uses industry-standard security procedures and practices which are appropriate to the nature of the information involved, in order to protect your Personal Information, Health Information and/or Protected Health Information from unauthorized access, use, or disclosure. We never sell data we collect from you to others.
Like many companies, we use "cookies" and “web beacons” to help you better navigate the Website. A "cookie" is a small piece of information sent by Vori Health's web-based applications that are stored by your web browser on your computer's hard drive. A “web beacon” is an electronic file placed within a website that monitors usage. Cookies and web beacons enhance your online experience by saving your preferences while you are visiting a particular Website. The cookies do not contain any identifiable information and cannot profile your system or collect information from your hard drive. MostInternet browsers automatically accept cookies, but you can set your browser to refuse them or to alert you when they are being sent.
To adjust your cookie settings, please either change your settings on your browser, or go to your Vori Health User Setting page and make the necessary selection.
Amendment. Subject to applicable law, you may request that Vori Health amend or delete the Personal Information it collects from your use of the Website if you believe it is incorrect or incomplete, andy ou may request an amendment or deletion for as long as the PersonalInformation is retained by Vori Health. You must submit your request in writing to Vori Health and provide a reason to support the requested amendment. Vori Health may, under certain circumstances, deny your request by sending you a written notice of denial.
Withdrawal of Consent. Subject to applicable law, you may withdraw your consent to uses and disclosures ofPersonal Information as outlined in this Privacy Policy. You must submit your request in writing to Vori Health. Withdrawing consent does not invalidate consent to any collection, use or disclosure of Personal Information to which you consented before consent was withdrawn. If you withdraw consent, or refuse further consent, Vori Health’s ability to offer services to you may be limited.
Our Website and Services may contain links to and from other websites or allow you to share certain content on third party websites or social platforms, such as Facebook and Twitter. A link to a third party's website or social platform does not mean that we endorse it or that we are affiliated with it. We do not exercise control over third party websites or social platforms; you access such third-party websites or social platforms at your own risk. You should always read the privacy policy of a third-party website and social platform before sharing any information on or with them.
From time to time, we may establish a business relationship with other businesses whom we believe trustworthy and who have confirmed that their privacy practices are consistent with ours ("Service Providers"). For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, data storage and management. We only provide our Service Providers with the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized access, use, or disclosure. Service Providers are prohibited from using Personal Information other than as specified by us.
We may make your Protected Health Information available electronically through an electronic health information exchange to other health care providers that request your information for their treatment purposes. In all cases, the requesting provider must have or have had a treating relationship with you.Participation in an electronic health information exchange also lets us see other providers’ information about you for our treatment purposes.
To the extent permitted by applicable law, we may share Personal Information and usage data with businesses controlling, controlled by, or under common control with Vori Health. If Vori Health is merged, acquired, or sold, or in the event of a transfer of some or all of our assets, we may disclose or transfer Personal Information and usage data in connection with such transaction. You will have the opportunity to opt-out of any such transfer if, in our discretion, it will result in the handling of your Personal Information in a way that differs materially from this Privacy Policy.
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to legal requests (including court orders and subpoenas), toprotect the safety, property, or rights of Vori Health or of any third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of information transmitted to us. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through theWebsite or Services, we cannot and do not guarantee the security of any information you transmit on or through the Website or Services, and you do so at your own risk.
The Site and Services are intended for users who are 13 years old or older. We do not knowingly collect Personal Information from children under the age of 13.
Please be aware that your Personal Information and communications may be transferred to and maintained on servers or databases located outside your state, province, or country. If you are located outside of the United States, please be advised that we process and store all information in the United States. The laws in theUnited States may not be as protective of your privacy as those in your location. By using the Site or Services, you are agreeing to the collection, use, transfer, and disclosure of your Personal Information and communications will be governed by the applicable laws in the United States.
We will respect "do not track" signals from your device. However, certain functionality on the Website will not work unless cookies are enabled.
We are headquartered in the United States. Your Personal Information may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants, or service providers who are located worldwide. If you are visiting the Website from outside the United States, be aware that your information may be transferred to, stored, and processed in the United States where our servers are located, and our central database is operated. By using the Website, you consent to any transfer of this information.
We will protect the privacy and security of Personal Information according to this privacy statement, regardless of where it is processed or stored, however you explicitly acknowledge and consent to the fact that Personal Information stored or processed in the United States will be subject to the laws of the UnitedStates, including the ability of governments, courts or law enforcement or regulatory agencies of the United States to obtain disclosure of your Personal Information.
Questions or comments regarding this Policy should be submitted to the Vori Health Privacy Officer by mail as follows:
Vori Health
100 Powell Place #1441
Nashville, TN 37204
Attention: Vori Health Chief Privacy Officer
Or by electronic means at:
privacy@Vorihealth.com
Effective date: June 2, 2025
Approved by Mary I. O’Connor, MD, Chief Compliance Officer