Trial IQ will be at SCOPE Summit 2026! Reach out to schedule a meeting

Privacy, Use, and Disclosure Policy (HIPAA)

Last Update: 04 Apr, 2025

Introduction.

This Privacy, Use, and Disclosure Policy (“Policy”) describes how Trial IQ Technologies, LLC. (“Trial IQ,” “we,” “our,” or “us”) safeguards, uses, and discloses Protected Health Information (“PHI”) in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the HITECH Act and applicable regulations.

Trial IQ operates as a Business Associate under HIPAA and is committed to protecting the privacy and security of PHI in all forms, whether electronic, paper, or oral.

Purpose.

The purpose of this Policy is to define the responsibilities, requirements, and procedures governing the use, disclosure, and protection of PHI transmitted or maintained by Trial IQ Technologies, LLC. and its workforce.

Scope.

This Policy applies to:

  • Trial IQ Technologies, LLC.
  • All employees, contractors, and workforce members with access to PHI
  • All subcontractors, vendors, or third parties that create, receive, maintain, or transmit PHI on behalf of Trial IQ

All such parties must comply fully with HIPAA requirements and applicable Business Associate Agreements.

Definitions.

Business Associate
An entity that performs services for or on behalf of a covered entity involving the use or disclosure of PHI, including data analysis, billing, utilization review, consulting, legal, accounting, and data transmission services.

De-identified Information
Health information that does not identify an individual and cannot reasonably be used to identify an individual, as determined by statistical analysis or removal of HIPAA-specified identifiers.

Designated Record Set
Records used to make decisions about individuals, including enrollment, claims, payment, and other PHI.

Disclosure
The release, transfer, or provision of access to PHI outside Trial IQ’s authorized workforce.

Use
The internal handling, analysis, or application of PHI by authorized personnel or business associates.

Roles and Responsibilities.

Trial IQ designates a Data Privacy Officer who serves as the Privacy Official and is responsible for:

  • Developing and implementing privacy policies and procedures
  • Managing privacy complaints
  • Overseeing HIPAA compliance and Business Associate Agreements
  • Monitoring vendor and subcontractor compliance
  • Implementing workforce training programs
  • Maintaining required HIPAA documentation

Privacy designations and documentation are retained for a minimum of six years.

Training.

All workforce members with access to PHI receive HIPAA and privacy training at least annually. Training is reviewed and updated as necessary to reflect regulatory or operational changes.

Safeguards.

Trial IQ maintains appropriate administrative, technical, and physical safeguards to protect PHI, including:

  • Administrative controls governing permitted uses and disclosures
  • Technical safeguards such as access controls and firewalls
  • Physical safeguards including secured facilities and locked storage

Privacy Notice.

Trial IQ maintains a Notice of Privacy Practices that describes:

  • Permitted uses and disclosures of PHI
  • Individual rights under HIPAA
  • Trial IQ’s legal obligations regarding PHI
  • Complaint and contact procedures

The notice is made available upon request, after material changes, and at least once every three years.

Sanctions and Mitigation.

Violations of this Policy or HIPAA may result in disciplinary action, up to and including termination. Trial IQ will take reasonable steps to mitigate any harmful effects of unauthorized uses or disclosures of PHI.

Permitted Uses and Disclosures.

PHI may be used or disclosed for:

  • Payment activities
  • Health care operations
  • De-identified data use
  • Authorized plan administration functions
  • Disclosures required by law or regulation
  • Disclosures to HHS for enforcement purposes

All disclosures are subject to the minimum-necessary standard unless an exception applies.

Disclosures Requiring Authorization.

PHI may be disclosed for purposes outside permitted categories only with a valid written authorization from the individual. All authorizations must meet HIPAA requirements and be properly verified and documented.

Business Associates.

PHI may be disclosed to business associates only after ensuring a valid Business Associate Agreement is in place. Disclosures must be consistent with contractual obligations and minimum-necessary requirements.

Individual Rights.

Individuals have the right to:

  • Access and obtain copies of their PHI
  • Request amendments to their PHI
  • Request an accounting of disclosures
  • Request confidential communications
  • Request restrictions on certain uses or disclosures

Requests are handled in accordance with HIPAA timelines and verification procedures.

Verification of Identity.

Trial IQ verifies the identity and authority of any individual or entity requesting access to PHI, including individuals, personal representatives, parents of minors, and public officials.

PHI may be disclosed without authorization for legal, regulatory, law enforcement, public health, research, oversight, and safety purposes as permitted by HIPAA and applicable law.

Records and Documentation.

Trial IQ maintains required HIPAA documentation for a minimum of six years, including:

  • Privacy notices
  • Policies and procedures
  • Authorizations
  • Disclosure logs
  • Complaint records
  • Training documentation

Changes to This Policy.

Trial IQ may update this Policy to reflect legal, regulatory, or operational changes. Updates will be implemented promptly and documented in accordance with HIPAA requirements.