Privacy Policy
How we collect, use, share and protect your information.
We believe in transparency. This policy explains what Enterprise Health collects, how we use and protect it, and the rights you have over your personal information.
Plain-English summary
Here is the short version. The full policy below controls if there is any conflict.
- We collect the information you and your organization give us, plus standard technical information about how you use the site and platform.
- We use it to deliver, secure and improve Enterprise Health, to support workforce-health and compliance programs, and to meet our legal obligations.
- We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
- We do not train AI on protected health information (PHI) or on identifiable customer data.
- You have rights to access, correct, delete and limit how your information is used, subject to applicable law and our agreements.
Scope and applicability
This Privacy Policy describes how Enterprise Health, a product of Medical Informatics Engineering (“MIE,” “we,” “us” or “our”), collects, uses, shares and protects information when you visit www.enterprisehealth.com, use the Enterprise Health platform, or interact with our email and other electronic communications (collectively, the “Platform”).
It supplements any signed Order Form, Master Services Agreement or Business Associate Agreement (BAA) between your organization and MIE. If you do not agree with this Policy, please do not use the Platform.
HIPAA status
When Enterprise Health processes protected health information (PHI) on behalf of a HIPAA-regulated customer — such as an employer-sponsored health program, a health system, a university or a government agency — MIE acts as a Business Associate. In those cases a separate BAA governs that PHI and controls over this Policy to the extent of any conflict.
Information we collect
Information you or your organization provide
- Identifiers and contact details (name, work email, telephone, employer, role).
- Account credentials (username, hashed password and multi-factor authentication settings).
- Occupational and employee-health information entered into the record — such as surveillance, immunization, clearance and case data — which may include PHI and is generally governed by a BAA.
- Records of correspondence, support requests and demo or sales inquiries.
Information we collect automatically
- Device and connection information (IP address, browser type, operating system, device identifiers, language settings).
- Usage information (pages and features accessed, referring URLs, timestamps, session duration and error logs).
- Authentication tokens and session cookies needed to keep you signed in securely.
Cookies and similar technologies
On our marketing website we use only strictly necessary cookies — authentication, session management and security tokens. We do not use cookies for advertising or cross-site tracking, and we honor Global Privacy Control (GPC) signals as a valid opt-out of any “sale” or “sharing” under applicable state law.
How we use information
- To deliver, operate, secure and maintain the Platform.
- To respond to demo, sales, support and partnership requests.
- To send product, compliance and resource updates you opt in to receive.
- To authenticate users and to prevent, detect and respond to fraud or abuse.
- To meet legal, regulatory and contractual obligations.
- To analyze usage and improve the quality, performance and accessibility of the Platform.
We do not sell personal information, we do not share it for cross-context behavioral advertising, and we do not train artificial-intelligence or machine-learning models on PHI or on identifiable customer data. We may use de-identified or aggregated data to improve the Platform.
HIPAA and protected health information
Enterprise Health is an ONC-ACB certified health record built for workforce, occupational and employee health. When we receive, maintain or transmit PHI on behalf of a HIPAA-regulated customer, MIE acts as a Business Associate as defined under 45 C.F.R. § 160.103. A separate BAA executed between MIE and the customer governs that PHI, including permitted uses and disclosures, safeguards, breach notification and termination.
In the event of a conflict between this Policy and an executed BAA, the BAA controls with respect to PHI. Individuals who believe their PHI has been used or disclosed improperly may contact the customer organization that controls the record, and may file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights.
Data retention
We retain personal information only as long as necessary to provide the Platform, comply with our legal obligations, resolve disputes and enforce our agreements. PHI and occupational-health records are retained as required by the applicable BAA and by federal and state law — for example, certain OSHA exposure records must be kept for the duration of employment plus thirty years under 29 C.F.R. § 1910.1020.
Marketing and prospect data is retained for a limited period after your last engagement and is then deleted or de-identified. Server, security and audit logs are retained for a limited period to support security and reliability.
Data security
MIE maintains administrative, physical and technical safeguards designed to protect personal information and PHI consistent with the HIPAA Security Rule and industry standards. Our program includes:
- Encryption of data in transit and at rest.
- Multi-factor authentication and least-privilege access controls.
- Continuous monitoring, vulnerability management and security event logging.
- Security and privacy training for personnel with access to personal information.
- A documented incident-response and breach-notification program.
No system is perfectly secure. You are responsible for keeping your credentials confidential, enabling multi-factor authentication where offered, and notifying us promptly if you suspect unauthorized access to your account.
Your privacy rights
Subject to verification and applicable law, you may request to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete information we hold, subject to legal and contractual retention obligations.
- Receive a portable copy of information you provided to us.
- Restrict or object to certain uses, or withdraw consent where processing relies on it.
- Opt out of marketing communications at any time.
Information entered by your employer or organization into the health record must generally be corrected through them, since they control that source data. To exercise any of these rights, contact us using the details in the final section.
California privacy rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), gives you rights to know, access, correct, delete and limit the use of sensitive personal information, and a right to non-discrimination for exercising them. Information governed by HIPAA or the California Confidentiality of Medical Information Act is exempt to the extent provided by law.
We do not “sell” personal information and do not “share” it for cross-context behavioral advertising as those terms are defined under the CCPA, and we have not done so in the preceding 12 months. We honor Global Privacy Control (GPC) signals as a valid opt-out request.
Other U.S. state privacy rights
Residents of states with comprehensive consumer-privacy laws — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Indiana and others — have rights similar to those described above, including the right to access, correct, delete and port their information and to opt out of targeted advertising, sale and certain profiling. To exercise these rights, use the channels in the final section. If we deny a request, you may appeal by replying to our response.
Artificial intelligence
Certain features of the Platform — including Ozwell AI — use artificial intelligence to assist, not replace, human judgment. A qualified person reviews any output that materially affects an individual’s access to services or employment. As stated above, we do not train AI or machine-learning models on PHI or on identifiable customer data.
Children's privacy
The Platform is intended for workforce use by adults and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us and we will delete it promptly.
Changes to this policy
We will post any changes to this Policy on this page and update the “Last updated” date above. If we make a material change, we will provide a more prominent notice. Your continued use of the Platform after the effective date of a change constitutes acceptance of the updated Policy.
Contact us
For questions, requests or complaints regarding this Policy or our privacy practices, contact us:
Medical Informatics Engineering
1690 Broadway, Suite 550
Fort Wayne, IN 46802
Or reach us through our contact page. You may also file a complaint with your state Attorney General or, for HIPAA matters, with the U.S. Department of Health and Human Services, Office for Civil Rights — though we ask that you contact us first so we can try to resolve your concern directly.
Questions about our policies?
Our team is here to help with privacy requests, questions about these terms, or accessibility feedback.
Contact us