Legal

Privacy Policy

How Cortex EDI collects, uses, and protects information.

Effective Date: [LEGAL TO CONFIRM] · Last Updated: [LEGAL TO CONFIRM]

1. Introduction

Cortex EDI, Inc. ("Cortex EDI," "we," "our," or "us") provides healthcare clearinghouse, electronic data interchange (EDI), patient eligibility verification, electronic remittance advice (ERA), Medicare Network Service Vendor (NSV), and cloud-based practice management services to healthcare providers, billing companies, and other organizations.

This Privacy Policy describes how we collect, use, disclose, and protect Personal Information about visitors to our website (cortexedi.com), users of our online services, and individuals who communicate with us.

This Privacy Policy does not govern Protected Health Information ("PHI") that we process on behalf of our healthcare provider customers — that information is covered by our Business Associate Agreement (BAA) with each customer, as described in Section 4 below.

2. Information We Collect

a. Information you provide to us

We collect information you submit directly, including:

  • Account information when you sign up: name, email address, phone number, company name, practice details, and similar identifiers.
  • Billing information when you purchase services. Payment card information is processed by our third-party payment processor and is not stored on our servers. [LEGAL TO CONFIRM payment processor and data flow.]
  • Communications when you contact our support team, submit a contact form, or speak with our sales team.
  • Information you provide when configuring your account, such as authorized users, payer enrollments, and billing preferences.

b. Information we collect automatically

When you visit our website or use our services, we automatically collect:

  • Device and connection information, such as IP address, browser type and version, operating system, and referring URL.
  • Usage information, including pages viewed, links clicked, features used, and timestamps.
  • Session and authentication information needed to operate our services securely.
  • Information collected by analytics and session-replay tools, including Google Analytics 4 and FullStory. [LEGAL TO CONFIRM analytics list.]

c. Information we receive from third parties

When we provide services on behalf of our customers, we may receive information from healthcare payers (acknowledgements, claim status responses, eligibility responses, electronic remittance advice) and from third-party service providers that support our operations.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, maintain, and improve our services.
  • Process electronic claims, eligibility inquiries, claim status inquiries, and electronic remittance advice on behalf of our customers.
  • Authenticate users, manage accounts, and protect the security and integrity of our systems.
  • Communicate with you about your account, service-related notices, support requests, and changes to our services or policies.
  • Process payments and manage billing.
  • Send marketing communications about our products and services, where permitted by law and subject to your right to opt out.
  • Comply with legal obligations, respond to lawful requests, and enforce our agreements.

4. Protected Health Information (PHI) and HIPAA

Cortex EDI is a HIPAA Business Associate to our healthcare provider customers (who are typically "Covered Entities" under HIPAA). When we receive, maintain, or transmit Protected Health Information (PHI) on behalf of a customer in connection with our services, our handling of that PHI is governed by a written Business Associate Agreement (BAA) between Cortex EDI and that customer — not by this Privacy Policy.

If you are a patient and have questions about how your PHI is used or disclosed, please contact your healthcare provider directly. Your provider — as the Covered Entity — is the appropriate point of contact for HIPAA-related rights under the HIPAA Privacy Rule and the HITECH Act.

If you are a healthcare provider or billing company and would like a copy of our standard BAA, please contact us at support@cortexedi.com.

5. How We Share Information

We do not sell Personal Information. We may share Personal Information in the following circumstances:

  • With your direction. We share information with payers, clearinghouses, and other parties as needed to deliver the services you have requested (e.g., submitting a claim to a payer at your direction).
  • With service providers. We share information with vendors and contractors that help us provide our services (e.g., hosting, payment processing, analytics, customer support tools), under contracts that require them to protect the information consistent with this Policy.
  • For legal reasons. We may share information when required by law, court order, subpoena, or other lawful process, or when we believe in good faith that disclosure is necessary to protect rights, safety, or the integrity of our services.
  • In a business transaction. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality terms.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our services. These include:

  • Strictly necessary cookies for authentication, security, and core functionality.
  • Analytics cookies (e.g., Google Analytics 4) that help us understand how visitors use the site.
  • Behavioral tools (e.g., FullStory) that record user-interface events to help us debug issues and improve usability. [LEGAL TO CONFIRM whether PII masking and consent flows meet your obligations.]

Most browsers allow you to block or delete cookies. Disabling cookies may affect functionality.

7. Data Security

We implement administrative, physical, and technical safeguards designed to protect Personal Information and to support the requirements of the HIPAA Security Rule for our handling of PHI under our BAAs. These safeguards include:

  • TLS encryption for data in transit.
  • Industry-standard encryption for sensitive data at rest.
  • Role-based access controls and unique user authentication.
  • Audit logging and monitoring.
  • Periodic security reviews.

No system is perfectly secure, and we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at support@cortexedi.com.

8. Data Retention

We retain Personal Information for as long as needed to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. PHI is retained in accordance with the applicable BAA and HIPAA recordkeeping requirements. [LEGAL TO CONFIRM specific retention periods.]

9. Your Choices and Rights

Depending on where you live, you may have certain rights regarding your Personal Information, including the right to access, correct, delete, or receive a copy of your information, and to object to or restrict certain processing.

To exercise these rights, contact us at support@cortexedi.com. For PHI handled under a BAA, please contact your healthcare provider directly.

You can opt out of marketing emails using the unsubscribe link in any marketing message we send. Service-related communications (such as security or billing notices) are not subject to opt-out.

[LEGAL TO CONFIRM state-specific disclosures — California (CCPA/CPRA), Colorado, Virginia, Connecticut, Utah, and other state privacy laws may require additional sections.]

10. Children's Privacy

Our services are intended for healthcare providers, billing companies, and other business users, not for use by individuals under the age of 13. We do not knowingly collect Personal Information directly from children under 13. PHI relating to minor patients may be processed on behalf of a Covered Entity customer under the terms of our BAA.

11. International Visitors

Cortex EDI is based in the United States and our services are operated in the United States. If you access our website or use our services from outside the United States, you understand that your information may be processed in the United States. [LEGAL TO CONFIRM whether international visitors / GDPR considerations apply.]

12. Third-Party Services and Links

Our services may contain links to or integrate with third-party websites and services that we do not control. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy practices of any third party before providing them with your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through our services. Your continued use of our services after the effective date of an updated Privacy Policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Terms of Service

Effective Date: [LEGAL TO CONFIRM] · Last Updated: [LEGAL TO CONFIRM]

1. Acceptance of Terms

These Terms of Service ("Terms") form a binding agreement between you and Cortex EDI, Inc. ("Cortex EDI," "we," "our," or "us") and govern your access to and use of the cortexedi.com website and any related services we provide (the "Services"). By accessing or using the Services, you agree to these Terms and our Privacy Policy. If you do not agree, do not use the Services.

2. Description of Services

Cortex EDI provides healthcare clearinghouse, EDI, patient eligibility verification, claim status inquiry, electronic remittance advice, Medicare Network Service Vendor connectivity, and cloud-based practice management software, along with related support services. Specific features, fees, and limitations applicable to your use of the Services are described in your order form, account terms, or other agreement with Cortex EDI (collectively, your "Order Documents").

3. Account Registration

To use most of our Services, you must register for an account and provide accurate, current, and complete information. You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account. Notify us immediately of any unauthorized use.

4. Acceptable Use

You agree not to:

  • Use the Services in violation of any applicable law or regulation, including HIPAA and the HITECH Act.
  • Attempt to gain unauthorized access to any portion of the Services or any related systems.
  • Submit false, misleading, or fraudulent information through the Services.
  • Interfere with, disrupt, or impair the Services or other users' use of them.
  • Reverse engineer, decompile, or attempt to extract the source code of the Services, except as expressly permitted by law.
  • Resell or sublicense the Services without our prior written consent.

5. Customer Data and PHI

You retain all rights to data you submit through the Services ("Customer Data"). You grant Cortex EDI a limited license to process Customer Data as needed to provide the Services. To the extent Customer Data includes Protected Health Information, our handling of that PHI is governed by a separate Business Associate Agreement (BAA) between you and Cortex EDI. You represent that you have the right and authority to submit Customer Data to the Services and that doing so does not violate any third-party rights or applicable law.

6. Fees and Payment

Fees, billing cycles, and payment terms are described in your Order Documents. Unless otherwise stated, fees are non-refundable. We may change our fees on prior written notice. [LEGAL TO CONFIRM payment terms, late fees, suspension policy.]

7. Intellectual Property

The Services, including all software, content, trademarks, and other materials made available by Cortex EDI, are owned by Cortex EDI or its licensors and are protected by U.S. and international intellectual property laws. We grant you a limited, non-exclusive, non-transferable license to access and use the Services solely for your internal business purposes during the term of your subscription.

8. Confidentiality

Each party agrees to protect the other's confidential information using reasonable care and to use it only as needed to perform under these Terms. Confidential information does not include information that is publicly known, independently developed, or rightfully received from a third party without confidentiality obligations.

9. Disclaimers

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." TO THE FULLEST EXTENT PERMITTED BY LAW, CORTEX EDI DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. We do not warrant that the Services will be uninterrupted, error-free, or that they will meet your requirements. Cortex EDI is not responsible for the actions, decisions, or content of any third-party payer, clearinghouse, or other third party.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CORTEX EDI WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, DATA, OR USE, ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES, WHETHER IN CONTRACT, TORT, OR OTHERWISE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Our aggregate liability for any claim arising out of or relating to these Terms or the Services will not exceed the fees you paid to Cortex EDI in the twelve (12) months preceding the event giving rise to the claim. [LEGAL TO CONFIRM cap structure.]

11. Indemnification

You agree to defend, indemnify, and hold harmless Cortex EDI and its officers, directors, employees, and agents from and against any claims, damages, losses, and expenses (including reasonable attorneys' fees) arising out of (a) your use of the Services, (b) your violation of these Terms or any applicable law, or (c) Customer Data you submit through the Services. [LEGAL TO CONFIRM reciprocal indemnification.]

12. Term and Termination

These Terms remain in effect for as long as you use the Services. Either party may terminate the Services in accordance with the termination provisions in your Order Documents. We may suspend or terminate your access immediately if you violate these Terms or applicable law. Upon termination, the rights granted to you will end, and you must stop using the Services. Provisions intended to survive termination (including those relating to intellectual property, confidentiality, disclaimers, limitation of liability, and indemnification) will survive.

13. Governing Law and Disputes

These Terms are governed by the laws of [LEGAL TO CONFIRM state — e.g., California], without regard to its conflicts of law principles. Any dispute arising out of or relating to these Terms will be brought exclusively in the state or federal courts located in [LEGAL TO CONFIRM venue], and the parties consent to the personal jurisdiction of those courts. [LEGAL TO CONFIRM whether arbitration / class-action waiver applies.]

14. Changes to These Terms

We may update these Terms from time to time. When we make material changes, we will update the "Last Updated" date at the top of this section and, where appropriate, notify you. Your continued use of the Services after the effective date of an update constitutes your acceptance of the revised Terms.

15. Miscellaneous

These Terms, together with your Order Documents and any BAA, constitute the entire agreement between you and Cortex EDI regarding the Services. If any provision is held unenforceable, the remaining provisions will continue in full force. Our failure to enforce any provision does not waive that provision. You may not assign these Terms without our prior written consent. We may assign these Terms to an affiliate or in connection with a merger, acquisition, or sale of assets.

16. Contact

Questions about these Terms? Contact us at support@cortexedi.com or (800) 485-5977.