Rhyme Information Security
Our highest priority is safeguarding the confidentiality, integrity, and availability of the PHI that our customers have entrusted to us. Both our platform and our enterprise are designed around protecting our customers and our customers' patients through every stage of the prior authorization process.
Security by Design
The Rhyme platform operates entirely within the Amazon Web Services cloud, for security, resilience, and availability.
Our team is experienced in designing, building, and managing health care technology. All Rhyme employees undergo annual training on HIPAA requirements for business associates, safe information security practices, and company privacy and security policies. We also conduct annual third-party systems penetration testing to identify and remediate possible security vulnerabilities.
Security at Rest, Security in Transit
PHI within our systems resides within AES 256-bit encrypted serverless databases and data buckets. Access to production systems is restricted through need-to-know role-based access and multifactor authentication using AWS IAM.
We transmit all data via HTTPS, through TLS 1.2 encrypted connections.
Limited Use
Rhyme doesn't store or process complete patient records. The only PHI we handle is the limited number of data fields that are contained in requests for prior authorization. In addition, Rhyme doesn't store, process, or utilize payment or credit card information in any form.
Thank you for visiting Rhyme's website at GetRhyme.com (the "Website") providing information about our company and its products and services.
This Privacy Policy describes how Rhyme collects and uses information gathered from you through the website. "We", "Us", and the like refer to Rhyme, Inc., and "You", "Your", and the like refer to the user accessing our website and/or any organization on behalf of which you are acting.
Rhyme operates a service for preparing, submitting, and tracking certain healthcare transactions relating to payer prior authorization of medical procedures and/or medications. The service (the "Rhyme Platform") is intended only for health care provider entities such as hospital systems and business process outsourcing firms, and is not provided to or intended for patients, consumers, or other members of the general public; the Website likewise is not intended for selling products or services to patients, consumers, or other members of the general public.
This Privacy Policy governs only the Website. Privacy of data on the Rhyme Platform is governed by agreements between Rhyme and its customers, which may include Business Associate Agreements.
Collection of Data When Visiting
We are committed to maintaining the privacy of website visitors. As part of standard practice for maintaining web sites, we collect the following information when you visit the Website:
Your domain name, such as "broadbandprovider.com" or "myuniversity.edu", which indicates the service or organization that you use to connect to the Internet;Your IP address, a number automatically assigned to your computer or to a communications device that you use to contact the Internet that shows where your information comes from; The type and/or version of browser and operating system you use to access the Website; The Internet address of the site, such as a search engine, that you arrived at the Website from; A record of the pages you visited within the Website and/or how long you viewed them; and Information about links you clicked on while you were visiting the Website.
We collect this information generally for purposes relating to providing the Website more efficiently (such as analyzing what information is of interest to visitors and what web browsers they prefer to use), for purposes relating to improving Rhyme's business relationships and product offerings (such as reviewing where visitors come from), and for maintaining the security of the Website (such as reviewing visitor traffic for suspicious or abusive activity). Rhyme may use this data for any purpose permitted by law.
Collection of Data Through Forms
The Website may also contain forms for various purposes, such as permitting prospective customers to inquire about integrating their software with the Rhyme Platform, requesting demonstrations of the Rhyme Platform, subscribing for email updates about Rhyme and the Rhyme Platform, and/or submitting applications for employment at Rhyme.
We take reasonable security measures to safeguard this information, but are not responsible for unauthorized use of this information by others. Rhyme does not sell or share email addresses or other personally identifiable information such as names and telephone numbers that it collects through forms on the Website (except where required by law).
We may use information submitted to us through forms to contact you to provide more information about Rhyme or the Rhyme Platform, or to request more information about you. By submitting information through forms on the Website, you are giving us permission to contact you for these purposes by email, by telephone, and/or by facsimile. It is Rhyme's policy to comply with all federal and state laws and regulations concerning business and telephone email, telephone, and fax communications, including, generally, "anti-spam", "junk fax", "telemarketing", and similar laws. To contact Rhyme regarding any request pertaining to removal from contact lists, if we have not provided any other means to contact us for such requests (or if you are receiving calls, faxes, or emails from us in error), please contact us at privacy@getrhyme.com.
We may also use information submitted to us through forms, such as our website's API key request form, to determine whether and how Rhyme can efficiently and effectively provide services through the Platform to prospective customers.
We request information on "what you are building" and similar to aid this assessment, and we are requesting information about the general nature and scope of your enterprise and product, electronic health system, or other project.
We request that you do not provide us with any proprietary or confidential information - including, but not limited to, trade secrets, information owned by a third party, prospectively patentable material, or business plans through such forms. Except as otherwise provided in this Policy, we cannot agree or guarantee that such information will remain confidential, and/or that Rhyme will not intentionally or unintentionally develop products, services, or business opportunities similar to any described in material you submit. If you have specific concerns about these communications with Rhyme, or wish to transmit such material to Rhyme, please contact info@getrhyme.com to discuss establishing a confidentiality agreement.
Browser Cookies
We may customize your browsing experience by storing "cookies" in your web browser. A cookie is a small text file that is saved on your computer when you visit a website. You may remove these cookie files at any time through features in your web browser or other methods. Cookies created by the Website and stored on your computer do not contain personally identifiable information, and we do not utilize cookies to track or follow your web browsing on sites other than the Website.
External Links
We may include links to websites created and maintained by other organizations within blog posts, news items, or elsewhere on the Website. When you click on such a link, you are leaving the Website and are subject to the privacy and/or security policies of that website's owner. Rhyme does not control or guarantee the accuracy of content or any views or positions included on any such third-party website, and, unless we explicitly state otherwise, providing such a link does not constitute an endorsement of products or services provided by such.
Updates and Contact
This Privacy Policy is subject to change without notice, so visitors are encouraged to review it from time to time. For questions about privacy at Rhyme or the Website, please contact privacy@getrhyme.com.