Privacy Policy

1. Introduction

Welcome to HealthSquire ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare staffing marketplace platform, including our websites (e.g., for professionals, for facilities, use cases), find-shifts and jobs, travel assignments, remote work opportunities, continuing education (CE), shift-to-hire programs, enterprise solutions, credentialing and BAA tools, and related services.

By using HealthSquire, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Name, email address, phone number, password, and role (healthcare professional, facility, enterprise, or admin)
• Profile Information: Professional credentials, licenses, certifications (including multi-state licensing), work experience, specialties, availability, profile photos, and profession type (e.g., nurse, physician, physical therapist, occupational therapist, respiratory therapist)
• Facility Information: Facility name, type, address, tax ID, contact person details, facility description, and enterprise account details where applicable
• Professional Information: License numbers, NPI, specialties, years of experience, emergency contact information, background check and exclusion screening (e.g., OIG, SAM) details, and credentialing documents
• Payment Information: Billing address, payment method details (processed securely through our certified payment provider), bank account information for payouts and instant pay, linked bank account data where applicable, and transaction history
• Application and Engagement Data: Job and shift applications, travel assignment applications, remote work applications, continuing education enrollments and quiz attempts, and shift-to-hire offer responses
• Communication: Messages sent through our platform, support requests, feedback, blog comments and subscriptions, and demo or contact form submissions

2.2 Automatically Collected Information

When you use our service, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers, and mobile network information
• Usage Data: Pages visited, time spent on pages, features used, search queries, and navigation patterns
• Location Data: Geographic location (with your permission) for shift matching, travel assignment matching, and geofencing features
• Cookies and Tracking: Information collected through cookies, web beacons, and similar tracking technologies (see our Cookie Policy)

2.3 Protected Health Information (PHI)

As a HIPAA-compliant platform, we may collect and process Protected Health Information (PHI) in connection with shift assignments and healthcare services. All PHI is handled in strict accordance with HIPAA regulations and our Business Associate Agreements.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve our platform, including matching healthcare professionals with per-diem shifts, travel assignments, and remote work opportunities; continuing education enrollment and credit tracking; shift-to-hire and enterprise workflows; processing payments (including instant pay); and facilitating communication
• Account Management: To create and manage your account, verify your identity, and authenticate your credentials
• Matching and Recommendations: To match professionals with suitable shifts, travel assignments, remote work, and jobs based on location, specialty, credentials, availability, and preferences using our matching and recommendation systems
• Payment Processing: To process payments, manage billing, calculate platform fees, handle payouts, support instant pay and linked bank accounts where offered, and issue tax documents (e.g., 1099-NEC)
• Communication: To send you notifications, updates, alerts, and respond to your inquiries
• Safety and Security: To verify credentials, conduct background checks (e.g., via Checkr), perform exclusion screening (e.g., OIG LEIE, SAM.gov), prevent fraud and abuse, and ensure platform safety
• Legal Compliance: To comply with legal obligations, enforce our terms of service, and protect our rights
• Analytics and Improvement: To analyze usage patterns, improve our services, and develop new features
• Marketing: To send you promotional communications (with your consent) about new features, special offers, and relevant updates

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 With Other Users

• Professionals: Your profile information, credentials, ratings, and availability are visible to facilities when you apply for shifts, travel assignments, remote work, or jobs
• Facilities: Your facility information, shift and travel postings, and ratings are visible to professionals browsing opportunities

4.2 With Service Providers

We share information with trusted third-party service providers who assist us in operating our platform:

• Payment Processors: Certified payment processor for payment processing and financial transactions
• Cloud Services: Secure cloud infrastructure providers for database hosting, authentication, storage, and application hosting
• Communication Services: Email and SMS providers for notifications and transactional messages
• Background and Compliance: Checkr for background checks; OIG LEIE and SAM.gov for exclusion screening
• Analytics and Product: Service providers for usage analytics, performance monitoring, and product analytics (e.g., Segment), consistent with your cookie and privacy choices

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Legal processes, court orders, or government requests
• Enforcement of our Terms of Service or other agreements
• Protection of our rights, property, or safety, or that of our users
• Investigation of potential violations or fraud

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5. HIPAA Compliance

HealthSquire is committed to HIPAA compliance. When we handle Protected Health Information (PHI), we:

• Maintain appropriate administrative, physical, and technical safeguards
• Encrypt PHI in transit and at rest
• Implement access controls and audit logs
• Enter into Business Associate Agreements (BAAs) with service providers
• Conduct regular security assessments and training
• Report and respond to security incidents in accordance with HIPAA requirements

For more information about our HIPAA compliance practices, please see our HIPAA Compliance Statement.

6. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
• Access Controls: Role-based access controls and multi-factor authentication for sensitive operations
• Secure Infrastructure: Hosted on secure, compliant cloud infrastructure with regular security audits
• Regular Updates: Security patches and updates applied promptly
• Employee Training: Regular security awareness training for all employees

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access and Portability

You can access, update, or export your personal information through your account settings or by contacting us.

7.2 Correction

You can correct inaccurate or incomplete information by updating your profile or contacting us.

7.3 Deletion

You can request deletion of your account and personal information, subject to legal and contractual obligations. Note that some information may be retained for legal, regulatory, or business purposes.

7.4 Opt-Out

You can opt out of marketing communications by updating your notification preferences or clicking the unsubscribe link in emails.

7.5 Do Not Sell or Share My Personal Information

HealthSquire does not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. If we ever change this practice, we will update this policy and provide you with an opt-out mechanism. To exercise your Do Not Sell/Share rights, contact us at privacy@healthsquire.com.

7.6 State-Specific Privacy Rights

In addition to the rights described above, residents of certain states have additional privacy rights under applicable law:

California (CCPA/CPRA)

California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by businesses and their service providers
• Opt out of the sale or sharing of personal information
• Non-discrimination for exercising privacy rights
• Correct inaccurate personal information
• Limit the use and disclosure of sensitive personal information

To submit a request, email privacy@healthsquire.com or call 1-800-NURSE-PRO. We will verify your identity before fulfilling requests and respond within 45 days.

Virginia (VCDPA)

Virginia residents have the right to:

• Confirm whether we are processing your personal data and access that data
• Correct inaccuracies in your personal data
• Delete your personal data
• Obtain a portable copy of your personal data
• Opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

Colorado (CPA), Connecticut (CTDPA), and Other States

Residents of Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have substantially similar rights, including the right to access, correct, delete, and port their personal data, and to opt out of certain processing activities. We honor these rights for all residents of states with applicable privacy legislation.

If we decline your request, you may appeal by contacting us at privacy@healthsquire.com with the subject line "Privacy Rights Appeal."

8. AI and Algorithmic Decision-Making

HealthSquire uses AI-powered systems and algorithms to enhance our services. We believe in transparency about how these systems work:

8.1 How We Use AI

• Shift Matching: Our matching algorithm evaluates factors including professional credentials, specialty, geographic proximity, availability, past performance ratings, and user preferences to recommend shifts. The algorithm does not consider protected characteristics such as race, gender, age, or disability.
• Fraud Detection: We use automated systems to detect suspicious account activity, credential anomalies, and payment irregularities.
• Credential Verification: Automated systems assist in verifying professional licenses, certifications, and exclusion screening against government databases.
• Churn Prediction and Engagement: We analyze usage patterns to identify users who may benefit from personalized recommendations or re-engagement communications.

8.2 Your Rights Regarding AI Decisions

• You have the right to request information about the logic involved in automated decisions that significantly affect you
• You may request human review of any automated decision that results in adverse action (e.g., account restriction, background check denial)
• You may contest the results of automated decisions through our support team

8.3 Algorithmic Fairness

We regularly audit our algorithms for unintended bias and take corrective action when disparate impacts are identified. Our AI ethics practices are governed by our Non-Discrimination Policy.

9. Data Retention

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Below are our specific retention periods:

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or regulation as described above. Anonymized data that cannot be linked back to you may be retained indefinitely for statistical and analytical purposes.

10. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: