Skip to main content

Privacy Policy

Universal Rehab Services
515 N Sam Houston Pkwy E #688
Houston, TX 77060

Effective Date: November 29, 2025
Last Updated: November 29, 2025

1. Introduction

Universal Rehab Services ("Company," "we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our websites, mobile applications, platforms, and services (collectively, "Services").

This Privacy Policy applies to all users of our Services, including healthcare agencies, staffing organizations, therapists, healthcare professionals, patients, and any other individuals or entities that interact with our platforms.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide to Us

Account Information: When you create an account, we collect information such as:

  • Name
  • Email address
  • Phone number
  • Mailing address
  • Username and password
  • Professional credentials and license information
  • Organization/agency name
  • Job title and role

Healthcare and Professional Information: Depending on your role, we may collect:

  • Professional licenses and certifications
  • National Provider Identifier (NPI)
  • Tax identification numbers
  • Employment history
  • Background check information
  • Credential verification data
  • Insurance and bonding information

Patient Information: When therapists or agencies use our platform to document patient care, the following information may be processed:

  • Patient names and contact information
  • Date of birth
  • Social Security numbers (where required for billing)
  • Insurance information
  • Medical records and health information
  • Treatment plans and progress notes
  • Visit documentation
  • Diagnosis codes
  • Billing and claims data

Communications: We collect information from your communications with us, including support requests, feedback, and correspondence.

Payment Information: If you make payments through our Services, we collect billing information such as credit card details, bank account information, and billing addresses. Payment processing is handled by secure third-party payment processors.

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

Device Information:

  • Device type, model, and manufacturer
  • Operating system and version
  • Unique device identifiers
  • Browser type and version
  • Screen resolution

Usage Information:

  • Pages and features accessed
  • Time and duration of visits
  • Click patterns and navigation paths
  • Search queries within our platform
  • Error logs and performance data

Location Information:

  • IP address
  • GPS location (with your consent, particularly for Electronic Visit Verification)
  • Wi-Fi and cellular network information

Cookies and Tracking Technologies:

We use cookies, web beacons, pixels, and similar technologies to collect information about your use of our Services. See Section 10 for more details.

2.3 Information from Third Parties

We may receive information from third parties, including:

  • Identity verification services
  • Background check providers
  • License verification databases
  • Healthcare data exchanges
  • Insurance companies and payers
  • Third-party integrations you authorize
  • Publicly available information

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

  • Providing and maintaining our Services
  • Creating and managing user accounts
  • Processing transactions and payments
  • Facilitating communication between agencies, therapists, and patients
  • Coordinating scheduling and assignments
  • Processing billing and claims
  • Enabling electronic visit verification (EVV)
  • Generating reports and analytics

3.2 Healthcare Operations

  • Supporting treatment, payment, and healthcare operations activities
  • Processing and submitting insurance claims
  • Coordinating care between providers
  • Maintaining medical records and documentation
  • Compliance with healthcare regulations
  • Quality assurance and improvement activities

3.3 Compliance and Legal

  • Complying with legal obligations and regulations
  • Responding to legal requests and court orders
  • Enforcing our Terms and Conditions
  • Investigating fraud, abuse, or violations
  • Protecting rights, safety, and property

3.4 Business Operations

  • Improving and developing our Services
  • Analyzing usage patterns and trends
  • Conducting research and analytics
  • Training and quality assurance
  • Marketing and promotional communications (with consent where required)
  • Customer support and service

3.5 Artificial Intelligence and Automation

  • Powering AI-assisted features and functionality
  • Improving algorithms and machine learning models
  • Providing automated recommendations and insights
  • Optimizing workflows and scheduling
  • Natural language processing for documentation assistance

3.6 Security

  • Protecting against unauthorized access
  • Detecting and preventing fraud
  • Monitoring for security threats
  • Maintaining system integrity

4. Disclosure of Your Information

We may disclose your information in the following circumstances:

4.1 Healthcare Operations

  • To healthcare providers involved in patient care
  • To insurance companies and payers for billing and claims
  • To healthcare agencies and organizations you are affiliated with
  • To patients or their authorized representatives
  • As permitted or required for treatment, payment, and healthcare operations under HIPAA

4.2 Service Providers

We engage third-party service providers who perform services on our behalf, including:

  • Cloud hosting and data storage
  • Payment processing
  • Email and communication services
  • Analytics and performance monitoring
  • Customer support
  • Background check services
  • Identity verification

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4.4 Legal Requirements

We may disclose information when required by law or in response to:

  • Subpoenas, court orders, or legal process
  • Government or regulatory agency requests
  • Law enforcement investigations
  • To protect our legal rights or defend against legal claims

4.5 Safety and Protection

We may disclose information when we believe it is necessary to:

  • Prevent fraud or illegal activity
  • Protect the safety of any person
  • Protect our rights, property, or safety
  • Investigate potential violations of our Terms

4.6 With Your Consent

We may disclose your information with your consent or at your direction.

4.7 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, business purposes, or other lawful purposes.

5. HIPAA and Protected Health Information

5.1 Our Role Under HIPAA

Universal Rehab Services functions as a Business Associate under the Health Insurance Portability and Accountability Act ("HIPAA") when processing Protected Health Information ("PHI") on behalf of Covered Entities (such as healthcare agencies and providers).

5.2 Business Associate Agreements

We enter into Business Associate Agreements ("BAA") with Covered Entities as required by HIPAA. These agreements govern our use and protection of PHI and establish our obligations under HIPAA.

5.3 PHI Safeguards

We implement administrative, physical, and technical safeguards to protect PHI, including:

  • Encryption of PHI in transit and at rest
  • Access controls and authentication requirements
  • Audit logging and monitoring
  • Workforce training on privacy and security
  • Incident response procedures
  • Regular security assessments

5.4 Patient Rights Under HIPAA

Patients have certain rights regarding their PHI under HIPAA, including the right to:

  • Access their health information
  • Request corrections to their records
  • Receive an accounting of disclosures
  • Request restrictions on certain uses and disclosures
  • File complaints regarding privacy practices

Patients should direct requests to exercise these rights to the Covered Entity (typically the healthcare agency or provider) that maintains their records. We will assist Covered Entities in fulfilling these requests as required by our BAA.

5.5 Breach Notification

In the event of a breach of unsecured PHI, we will notify affected Covered Entities in accordance with HIPAA breach notification requirements and our BAA. Covered Entities are responsible for notifying affected patients as required by HIPAA.

6. Artificial Intelligence and Data Processing

6.1 AI-Powered Features

Our Services may include artificial intelligence and machine learning features. When you use these features:

  • Your inputs may be processed by AI systems
  • AI may analyze patterns in data to provide insights and recommendations
  • Automated tools may assist with documentation, scheduling, and workflow optimization

6.2 AI and PHI

When AI features process PHI, we maintain HIPAA-compliant safeguards. PHI processed by AI systems is:

  • Subject to the same privacy and security protections as other PHI
  • Not used to train or improve general AI models without proper de-identification or authorization
  • Processed in accordance with our BAA obligations

6.3 AI Transparency

We are committed to transparency regarding our use of AI:

  • AI-generated outputs are provided as assistance tools, not autonomous decisions
  • Users remain responsible for reviewing and approving AI-generated content
  • AI features may be identified within our Services

6.4 Limitations on AI Data Use

We do NOT:

  • Sell PHI or personal information to AI companies
  • Use identified PHI to train third-party AI models
  • Make autonomous clinical decisions using AI
  • Share personal information with AI providers without appropriate safeguards

7. Data Security

7.1 Security Measures

We implement comprehensive security measures to protect your information, including:

Technical Safeguards:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Firewalls and intrusion detection systems
  • Regular security assessments and penetration testing
  • Secure software development practices
  • Multi-factor authentication options
  • Automatic session timeout

Administrative Safeguards:

  • Privacy and security policies and procedures
  • Workforce training and confidentiality agreements
  • Access management based on role and need-to-know
  • Regular risk assessments
  • Incident response plans
  • Vendor security assessments

Physical Safeguards:

  • Secure data center facilities
  • Access controls to physical locations
  • Environmental controls

7.2 No Guarantee

While we implement reasonable security measures, no system is completely secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the security of your account credentials and devices.

7.3 Security Incidents

If we discover a security incident that may affect your information, we will notify you as required by applicable law and our contractual obligations. We will provide information about the incident and steps you can take to protect yourself.

8. Data Retention

8.1 Retention Periods

We retain information for as long as necessary to:

  • Provide our Services
  • Fulfill the purposes described in this Privacy Policy
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce agreements

Healthcare records are retained in accordance with applicable federal and state laws, which may require retention for extended periods (typically 6-10 years or longer for certain records).

8.2 Deletion Requests

You may request deletion of your personal information, subject to:

  • Legal and regulatory retention requirements
  • Our legitimate business needs
  • Contractual obligations
  • Technical limitations

We will respond to deletion requests in accordance with applicable law.

8.3 Data After Termination

Following termination of your account or our relationship, we may retain information as required by law or for legitimate business purposes. PHI will be retained and handled in accordance with our BAA obligations and HIPAA requirements.

9. Your Privacy Rights

9.1 Access and Portability

You may request access to the personal information we hold about you. Where technically feasible, we can provide your data in a portable format.

9.2 Correction

You may request correction of inaccurate personal information. For corrections to medical records, please contact the relevant healthcare provider or agency.

9.3 Deletion

You may request deletion of your personal information, subject to legal retention requirements and legitimate business needs.

9.4 Restriction

You may request that we restrict processing of your personal information in certain circumstances.

9.5 Objection

You may object to certain processing of your personal information, including processing for direct marketing.

9.6 Withdrawal of Consent

Where we rely on consent for processing, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

9.7 Exercising Your Rights

To exercise your privacy rights, please contact us using the information in Section 15. We will respond to requests in accordance with applicable law.

9.8 Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

Essential Cookies: Required for basic platform functionality, security, and authentication. These cannot be disabled.

Performance Cookies: Help us understand how users interact with our Services to improve performance and user experience.

Functional Cookies: Enable enhanced features and personalization.

Analytics Cookies: Allow us to measure and analyze usage patterns for reporting and improvement.

10.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

10.3 Do Not Track

Our Services do not currently respond to "Do Not Track" signals from browsers.

11. Children's Privacy

Our Services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.

When our Services are used to provide healthcare to minors, information is collected and processed for treatment purposes in accordance with applicable law and parental/guardian consent requirements.

12. State-Specific Privacy Rights

12.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, use, and disclose
  • Right to delete personal information (subject to exceptions)
  • Right to opt-out of sale or sharing of personal information
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising your rights

Notice: We do not sell personal information as defined by California law. We may share information for targeted advertising purposes; California residents may opt out by contacting us.

12.2 Texas Residents

Texas residents have rights under the Texas Data Privacy and Security Act, including rights to access, correct, delete, and obtain copies of personal data, as well as the right to opt out of certain processing.

12.3 Other State Laws

We comply with applicable state privacy laws. Residents of states with comprehensive privacy laws may have additional rights. Contact us to exercise state-specific rights.

13. International Data Transfers

Our Services are operated in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using our Services, you consent to the transfer of your information to the United States.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Post the revised policy on our platform
  • For material changes, provide additional notice such as email notification or prominent posting

Your continued use of our Services after changes become effective constitutes acceptance of the revised Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Universal Rehab Services
Privacy Officer
515 N Sam Houston Pkwy E #688
Houston, TX 77060

Phone: (281) 820-9462

For HIPAA-Related Inquiries

If you have questions about our handling of Protected Health Information or wish to file a complaint, you may contact:

  • Our Privacy Officer at the address above
  • The U.S. Department of Health and Human Services Office for Civil Rights at https://www.hhs.gov/ocr

16. Additional Disclosures

16.1 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email, phone, address, IP address)
  • Professional information (licenses, credentials, employment history)
  • Protected health information (patient records, treatment information)
  • Commercial information (transaction history, payment information)
  • Internet/network activity (browsing history, usage data)
  • Geolocation data (GPS location for EVV, IP-based location)
  • Inferences (user preferences, analytics)

16.2 Sources of Information

We collect information from:

  • You directly
  • Your devices and usage of our Services
  • Healthcare agencies and organizations
  • Third-party verification services
  • Publicly available sources

16.3 Business Purposes for Collection

We collect information for:

  • Providing and improving our Services
  • Healthcare operations and coordination
  • Billing and payment processing
  • Legal compliance
  • Security and fraud prevention
  • Marketing (with appropriate consent)

16.4 Third-Party Sharing

We share information with:

  • Service providers performing services on our behalf
  • Healthcare providers and payers for treatment and payment
  • Business partners with your consent
  • Legal authorities when required by law

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.

© 2025 Universal Rehab Services. All Rights Reserved.