ReleasePoint Privacy Policy

Last modified: April 28, 2025

Introduction

This Privacy Policy describes how ReleasePoint, Inc. (“ReleasePoint,” “we,” “our,” or “us”) collects, uses, and protects personal and health-related information through the use of our website and related services.

As a trusted provider of medical record retrieval services, ReleasePoint is committed to safeguarding personally identifiable information (PII) and protected health information (PHI) in accordance with:

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • The Health Information Technology for Economic and Clinical Health (HITECH) Act
  • Applicable U.S. state privacy laws, including the California Consumer Privacy Act (CCPA) and the New York Privacy Act (NYPA)
  • The New York SHIELD Act
  • U.S. Department of Veterans Affairs (VA) regulatory requirements
  • The Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada

By accessing or using our website, you consent to the practices described in this Privacy Policy

Children and Minors

ReleasePoint may receive and process information related to individuals under the age of 18 if it is necessary to fulfill a legally authorized or parent/guardian-approved medical record request. We handle such data with heightened safeguards and in accordance with HIPAA and other applicable child privacy protections. If you have concerns regarding the processing of a minor’s data, please contact us at privacy@releasepoint.com.

 

Information We Collect

We collect and process personal and medical data for the purpose of fulfilling authorized medical record retrieval requests. Information we may handle includes:

  • PII: Full name, date of birth, address, email address, phone number, claim/insurance identifiers
  • PHI: Diagnoses, treatment plans, prescriptions, clinical notes, imaging results, and other medical documentation
  • Metadata: System logs and access-related metadata for auditing and security purposes

Information is obtained from healthcare providers, facilities, payers, and authorized agents, and disclosed only to the clients or requestors who have legal authority to receive such records.

 

How We Use Information

We use collected information to:

  • Fulfill medical record retrieval requests
  • Authenticate authorized users
  • Meet legal, regulatory, and contractual obligations
  • Conduct security audits, internal controls, and compliance checks
  • Investigate privacy or security concerns and respond to incidents

We do not use any personal data for advertising, profiling, or sales purposes.

 

Disclosure of Information

We do not sell or disclose personal data for commercial gain. Information may be shared in the following circumstances:

  • With authorized clients or requestors
  • To comply with legal or regulatory requirements, including subpoenas, audits, or government inquiries
  • In response to valid requests by public authorities, including law enforcement
  • In connection with corporate transactions such as a merger or acquisition
  • With your explicit consent

We do not share PHI with subcontractors or external processors. All handling is performed in-house or under direct client control.

Data Security

We implement a comprehensive security program that includes:

  • Encryption of data in transit and at rest
  • Role-based access controls and multifactor authentication
  • Physical access restrictions and device protections
  • Audit logging and monitoring
  • Employee training and policy enforcement
  • Regular third-party audits and vulnerability assessments
  • A documented incident response and breach notification process

All personnel with access to sensitive data are required to follow strict confidentiality protocols.

Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

Under HIPAA (U.S.):

  • Right to Access: You may request access to your PHI in a designated record set.
  • Right to Amend: You may request corrections to inaccurate or incomplete PHI.
  • Right to Accounting: You may request a list of disclosures of your PHI not related to treatment, payment, or healthcare operations.
  • Right to Restrict Use/Disclosure: You may request limits on how your PHI is used or disclosed, though we may not be able to comply in all circumstances.
  • Right to Confidential Communications: You may request that communications be sent by alternative means or to alternate addresses.
  • Right to a Paper Copy: You may request a printed copy of this policy.

Under CCPA (California Residents):

  • Right to Know: You may request to know what personal information we collect, use, disclose, or sell.
  • Right to Delete: You may request deletion of certain information, subject to legal and operational constraints.
  • Right to Opt-Out of Sale: Not applicable, as we do not sell personal information.
  • Right to Non-Discrimination: You have the right to receive equal service and pricing even if you exercise privacy rights.

Under NYPA and NY SHIELD Act (New York Residents):

  • Right to Notice: You have the right to clear notice about the categories and purposes for which your personal data is collected and processed.
  • Right to Access and Correction: You may request access to the personal data we hold about you and request corrections to inaccuracies.
  • Right to Withdraw Consent: You may withdraw consent where it is the legal basis for data processing.
  • Right to File Complaints: You have the right to lodge a complaint with the New York Attorney General if your privacy rights are violated.

Under PIPEDA (Canada):

  • Right to Access: You may request access to your personal information.
  • Right to Correct: You may request correction of inaccurate data.
  • Right to Withdraw Consent: You may withdraw consent where we rely on it for data processing.
  • Right to Complain: You may lodge a complaint with the Office of the Privacy Commissioner of Canada.

To exercise any of these rights or submit a privacy-related inquiry, please email privacy@releasepoint.com.

 

Anonymous Ethics Hotline

To report concerns anonymously, including data misuse or policy violations, call our 24/7 hotline:
(866) 636-1931
All reports are confidential and are promptly investigated.

 

Changes to This Privacy Policy

We may update this policy periodically. The most current version will always be posted on our website. Significant changes will be communicated to clients directly. Continued use of our website or services after such changes constitutes acceptance.

 

Contact Us

For questions or privacy requests, contact:

Email: privacy@releasepoint.com
Mail:
ReleasePoint Privacy Officer
405 W. Foothill Blvd, Suite 204
Claremont, CA 91711