Privacy Policy & HIPAA Disclaimer

1. Information Collection Options

The website may include one of three possible data collection configurations, depending on the Provider’s needs and level of HIPAA compliance required. Each configuration carries different responsibilities and legal implications, described below.

Option 1: Standard Contact Form (Non-HIPAA)

This option is the simplest and most commonly used. It is recommended when no sensitive or health-related information is being collected. The form is designed solely to gather basic contact details, such as:

• Full Name
• Email Address
• Phone Number

This limited data is used exclusively to forward the user’s inquiry to the designated Provider. Because this information does not include any health-related content, it does not qualify as PHI under HIPAA, and therefore HIPAA compliance requirements do not apply to this type of data.

In this configuration, BornTM LLC acts strictly as a technical facilitator. The data submitted through the form is transmitted securely via email or through an encrypted server-side relay directly to the Provider. BornTM LLC does not retain, analyze, or store this information beyond what is necessary to transmit it. Once delivered, the Provider assumes full control and responsibility for the data.

By submitting information through this type of form, users acknowledge that BornTM LLC’s role ends once the message is successfully delivered to the Provider and that BornTM LLC bears no further obligation or liability regarding how the Provider handles or uses that data.

Option 2: Use of the Provider’s Existing HIPAA-Compliant Form System

If a Provider already maintains a secure, HIPAA-compliant platform for patient data collection (for example, Jotform HIPAA, Formstack, or another certified service), BornTM LLC may assist in embedding or linking that system into the Provider’s landing page.

In this scenario, the Provider’s existing system is the one collecting, transmitting, and processing all data. BornTM LLC does not have access to the form fields, submission database, or user data. We simply integrate or display the form provided by the Provider, ensuring it appears correctly on the landing page.

All security, storage, and compliance obligations lie exclusively with the Provider and their chosen vendor. Any personal or health information submitted by users through this form bypasses BornTM LLC’s infrastructure entirely. BornTM LLC is not responsible for verifying, maintaining, or monitoring the Provider’s HIPAA compliance.

Providers are strongly advised to review and maintain their own compliance standards and to ensure that any third-party system used for PHI is covered by a valid Business Associate Agreement (BAA) as required under HIPAA.

Option 3: HIPAA-Compliant Form Platform (If the Provider Does Not Have One Yet)

If the Provider intends to collect medical, diagnostic, or other sensitive health-related data and does not currently use a HIPAA-compliant system, BornTM LLC may recommend a third-party vendor such as FormHippo (https://www.formhippo.com) or a similar platform.

These services are fully HIPAA-compliant and designed specifically for secure patient data transmission. The Provider is responsible for creating and managing their own account directly with the platform, including entering into any Business Associate Agreements required by law.

Once established, BornTM LLC may assist in embedding or linking the form within the landing page but does not collect, access, or store any data submitted through the form. All PHI is processed directly by the third-party vendor under its own privacy and compliance policies.

By choosing this option, the Provider acknowledges that BornTM LLC functions only as a website integrator and has no control or visibility over any PHI collected. Users interacting with such a form are subject to the vendor’s own privacy and HIPAA policies.

---

2. HIPAA Compliance and Limitation of Liability

BornTM LLC respects and supports compliance with the Health Insurance Portability and Accountability Act (HIPAA). However, it is crucial to emphasize that BornTM LLC is not a covered entity or a business associate under HIPAA unless a separate, signed Business Associate Agreement (BAA) explicitly states otherwise.

Any PHI or health-related data submitted through third-party systems is handled entirely by the Provider or their contracted vendor. BornTM LLC has no role in storing, transmitting, securing, or processing PHI, and therefore assumes no liability for any potential breaches, unauthorized access, or misuse of such data.

By using this website, you acknowledge and agree that:

• BornTM LLC does not collect or process PHI.
• All PHI submitted through third-party systems is the sole responsibility of the Provider.
• BornTM LLC cannot be held responsible for any disclosure, breach, or misuse of PHI by the Provider or any third party.
• Any relationship involving medical data or treatment information exists only between the user and the Provider.

Providers who collect PHI are required to ensure full compliance with HIPAA, including encryption, secure storage, and access control. Users are encouraged to contact the Provider directly if they have questions about how their medical data is handled.

---

3. Data Handling and Security Practices

For Option 1 forms, BornTM LLC uses secure, encrypted transmission protocols (SSL/TLS) to send contact form submissions directly to the Provider’s designated email or server endpoint. Once transmitted, no copy is retained by BornTM LLC. Logs may record only the date and time of transmission for technical monitoring but contain no user data.

For Options 2 and 3, BornTM LLC’s servers are not involved in data transmission, collection, or retention. Any submission made through these third-party systems follows the vendor’s own encryption, access control, and compliance mechanisms.

While we take reasonable measures to maintain secure communication, users are reminded that no online transmission is entirely immune to interception or error. By using the site, users accept these inherent limitations and agree that BornTM LLC is not responsible for any damages arising from security incidents beyond its control.

---

4. Use of Information

Information submitted through Option 1 forms is used solely to enable communication between the user and the Provider. We do not use such data for marketing, analytics, or resale purposes. BornTM LLC does not add submitted emails or phone numbers to mailing lists or advertising databases.

We may use aggregated, anonymized traffic data (e.g., page visits or device types) for analytics to improve the user experience. These datasets contain no personally identifiable information (PII) and are never shared with third parties for advertising or profiling purposes.

---

5. Third-Party Links and Embedded Content

Our website may contain links or embedded content (such as forms, booking widgets, or payment buttons) that originate from third-party domains. When you interact with such content, you are leaving our website environment and entering the systems of those third parties.

BornTM LLC has no control over those external systems and cannot guarantee their privacy practices, data security, or compliance standards. Users are strongly encouraged to review the privacy policies of any linked services before providing personal or health information.

---

6. Limitation of Liability

To the maximum extent permitted by law, BornTM LLC, its affiliates, employees, and contractors shall not be liable for any direct, indirect, incidental, consequential, or punitive damages arising from:

• The submission, transmission, or handling of any data by third-party Providers or vendors;
• Any loss, breach, or unauthorized disclosure of PHI or personal data occurring outside BornTM LLC’s control;
• Errors or omissions in third-party privacy practices;
• Misuse or unauthorized sharing of user information by Providers or their agents.

By using this website, you expressly release and hold harmless BornTM LLC and its affiliates from any claims, liabilities, or damages arising from your interactions with Providers or third-party services linked through the site.

---

7. User Rights and Data Requests

If you believe your contact data (name, email, or phone number) was submitted through an Option 1 form and wish to request deletion or review, you may contact BornTM LLC directly. Since we do not store or retain user data, most such requests can be confirmed immediately.

For Options 2 and 3, any request to access, modify, or delete information must be made directly to the Provider or the third-party vendor managing the form.

---

8. Children’s Privacy

This website is not intended for children under 13 years of age. We do not knowingly collect any information from minors. If a submission from a child is identified, we will coordinate with the Provider to ensure its immediate removal from all records.

---

9. Updates to This Policy

BornTM LLC may update this Privacy Policy and Disclaimer periodically to reflect legal or operational changes. Updates will be dated and published on this page. Continued use of the website constitutes acceptance of the revised terms.

---

10. Contact

If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us at:

BornTM LLC
Email: hi@borntm.com
Attn: Privacy Compliance Department