Privacy Policy

What This Page Covers

This Privacy Policy explains how PatientLead Health LLC ("PatientLead," "we," "us," or "our") handles information in connection with PriorAuthPro, the prior authorization appeal packet tool available at priorauthpro.patientlead.health.

Read this page before you use the intake form. It explains, in plain terms, what information is collected, where it goes, and what we do and do not do with it.

If you have questions, contact us at priorauthpro@patientlead.health.

Section 1: Information We Collect

1.1  Information You Enter Into the Intake Form

The intake form asks for information about your insurance denial, including your name, email address, state, insurer, plan type, member ID, denial date, denial reason, treatment details, diagnosis, prior therapy history, and provider information.

This information is processed locally in your browser using JavaScript running on your device. It is used only to populate the documents in your appeal packet. It is not transmitted to PatientLead Health LLC servers, not stored in any database we control, and not accessible to us after your session ends.

When you click "Download," the documents are generated in your browser and saved directly to your device. At that point, the information exists only in the files on your device.

We do not have access to the contents of your packet after it is generated.

1.2  Information Collected Automatically When You Visit the Website

When you visit priorauthpro.patientlead.health, our web hosting infrastructure and any analytics tools we operate may automatically collect:

• Your IP address
• Browser type and version
• Operating system
• Referring URL (the page you came from)
• Pages visited and time spent on each page
• Date and time of your visit

This information is used to understand how the website is being used, to diagnose technical problems, and to improve the Service. It is not linked to the health information you enter into the intake form.

1.3  Payment Information

If you purchase a packet, payment is processed by a third-party payment processor. We receive confirmation that a payment was made and a transaction identifier. We do not receive, store, or have access to your credit card number, bank account number, or other full payment credentials.

1.4  Email Address

If you provide an email address, either through the intake form or through a contact or support request, we may use it to send you your order confirmation, to respond to support requests, and to notify you of material changes to this Privacy Policy or our Terms of Service. We do not sell email addresses. We do not send marketing emails without your consent.

1.5  Anonymized Appeal Data (Optional, With Your Consent)

At the time of packet generation, you may choose to share anonymized data about your appeal to help improve outcomes for future patients. This is entirely optional and does not affect your packet or any other aspect of the Service.

If you opt in, PriorAuthPro records the following non-identifying information in your browser's local storage:

• Insurer name and plan type
• State
• Denial category (e.g., "medical necessity" — not the specific denial reason text)
• A broad treatment category (e.g., "biologic therapy" — not the specific treatment, drug, or procedure name)
• Appeal level
• Which types of documents were included in the packet (e.g., whether a letter of medical necessity was included — not the document contents)
• Whether you indicated working with a patient advocate or attorney

This data does not include your name, email address, member ID, diagnosis, treatment details, therapy history, test results, provider information, denial letter text, authorization number, or any other health information.

This data is currently stored locally in your browser's local storage. It is not transmitted to PatientLead Health LLC servers at this time. In the future, if server-side transmission is enabled, the data will only be transmitted with your prior consent, to a secure database with strict access controls.

You can delete this data at any time by clearing your browser's local storage or site data for priorauthpro.patientlead.health.

1.6  Outcome Reporting (Optional, With Your Consent)

If you opt in to outcome reporting, you may receive a follow-up email approximately 30 days after packet generation asking about the result of your appeal. If you report that your appeal is still pending, you may receive one additional follow-up at approximately 60 days.

To enable this follow-up, a non-reversible hash of your email address is stored alongside your anonymized appeal data. This hash cannot be used to reconstruct your email address. Your email address in plaintext is never stored in connection with your appeal data.

Outcome reports you submit — the result of your appeal (approved, denied, or pending), approximate days to decision, and any notes on insurer process — are linked to your anonymized appeal record. No personal health information is collected through the outcome reporting form.

1.7  Anonymous Benchmarking ID (Optional, With Your Consent)

You may opt in to a system-generated anonymous identifier stored in your browser's local storage. This identifier allows PriorAuthPro to recognize that multiple appeal packets were generated by the same browser session over time, enabling personalized benchmarking. This identifier is a random value generated by your browser. It is not derived from your name, email, or any other personal information, and cannot be used to identify you.

Section 2: Third-Party Services That Load During Your Session

PriorAuthPro loads the following third-party resources when you use the Service. These connections happen automatically in your browser and are standard technical components of the product.

Cloudflare CDN (jsPDF and jsPDF-AutoTable)

The libraries that generate your PDF documents are loaded from cdnjs.cloudflare.com. Cloudflare's servers receive your IP address and browser user-agent string as part of this request. These libraries run entirely in your browser; they do not send form data to Cloudflare. Cloudflare's privacy practices are governed by Cloudflare's Privacy Policy at cloudflare.com/privacypolicy.

Payment Processor

If you complete a purchase, the payment page will load scripts and resources from our payment processor. The payment processor has its own privacy policy governing the information it collects.

We do not control the data practices of these third parties. If you prefer that your IP address not be transmitted to these services, do not use PriorAuthPro.

Section 3: How We Use Information

We use the information described in Section 1 for the following purposes:

• To operate and improve the Service
• To process payments and send order confirmations
• To respond to support requests and user inquiries
• To diagnose and fix technical problems
• To detect and prevent fraud or abuse
• To comply with applicable law
• To enforce our Terms of Service

We do not use your information to make automated decisions that produce legal or similarly significant effects on you.

We do not sell your information to third parties.

We do not share your information with advertisers.

Section 4: Information Sharing

We do not sell, rent, or trade personal information. We may share information in the following limited circumstances:

Service Providers

We may share limited technical information with vendors who help us operate the website and process payments, under contracts that restrict their use of the information to the services they provide to us.

Legal Compliance

We may disclose information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, the rights of users, or the safety of any person.

Business Transfers

If PatientLead Health LLC is acquired, merged, or its assets are transferred, user information may be transferred as part of that transaction. We will provide notice before any such transfer takes effect and before information becomes subject to a different privacy policy.

With Your Consent

We may share information for any other purpose with your explicit consent.

Section 5: Data Retention

Intake Form Data

We do not retain health information entered through the intake form. It is never stored on our servers. Once your session ends, we have no copy of it.

Purchase Records

We retain records of transactions (order identifiers, payment confirmation, amount, and date) for as long as required by applicable tax and financial recordkeeping laws, typically seven years.

Website Analytics

Automatically collected technical data (IP addresses, page views, session data) is retained for up to 13 months, after which it is deleted or aggregated.

Email Correspondence

Support emails and responses are retained for up to three years to allow us to address follow-up questions and to defend against claims.

Section 6: Security

We implement reasonable technical and organizational measures to protect the information we hold. These measures include HTTPS encryption for all connections to priorauthpro.patientlead.health, access controls on administrative systems, and regular review of our data handling practices.

Because the health information you enter into the intake form is processed entirely in your browser and never transmitted to our servers, our security measures do not govern the security of that information. The security of that information is determined by the security of your device and your browser.

No system is completely secure. We cannot guarantee that information will never be subject to unauthorized access.

Section 7: Your Rights

7.1  All Users

Regardless of where you are located, you may:

• Request that we correct inaccurate information we hold about you by contacting priorauthpro@patientlead.health.
• Request that we delete personal information we hold about you. Because we do not store health information from the intake form, deletion requests apply to purchase records, email correspondence, and website analytics data we hold.
• Opt out of any future marketing communications by contacting priorauthpro@patientlead.health or by using the unsubscribe link in any marketing email.

7.2  California Residents

If you are a California resident, the California Privacy Rights Act (CPRA) gives you the following rights with respect to personal information we hold about you:

• Right to Know. You have the right to know what categories of personal information we have collected about you, the sources of that information, the business purposes for which it was collected, and whether it has been sold or shared.
• Right to Delete. You have the right to request deletion of personal information we hold about you, subject to certain exceptions.
• Right to Correct. You have the right to request correction of inaccurate personal information we hold about you.
• Right to Opt Out of Sale or Sharing. We do not sell or share personal information as those terms are defined under the CPRA.
• Right to Limit Use of Sensitive Personal Information. Health information is sensitive personal information under the CPRA. We do not collect health information on our servers. To the extent any sensitive personal information is collected through website analytics, you may request that we limit its use to purposes permitted under the CPRA.
• Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, submit a request to priorauthpro@patientlead.health with your name, the email address associated with your purchase or correspondence, and a description of your request. We will respond within 45 days. We may ask you to verify your identity before processing your request.

You may also designate an authorized agent to make a request on your behalf.

7.3  Colorado, Virginia, and Other State Residents

Residents of Colorado (Colorado Privacy Act), Virginia (Virginia Consumer Data Protection Act), Connecticut, Texas, and other states with applicable privacy laws have similar rights to access, delete, correct, and opt out of the sale of personal information. We honor requests under these laws on the same terms as Section 7.2. Submit requests to priorauthpro@patientlead.health.

Section 8: Children's Privacy

PriorAuthPro is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided information through the Service, contact us at priorauthpro@patientlead.health and we will delete that information promptly.

Section 9: HIPAA Notice

PatientLead Health LLC is not a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). PriorAuthPro is not a health plan, healthcare provider, or healthcare clearinghouse. HIPAA's privacy and security requirements do not apply directly to our processing of information through this Service.

This does not reduce our commitment to keeping health information secure. As described in Section 2, health information entered into the intake form is processed in your browser and never transmitted to our servers.

Section 10: Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where feasible, notify users who have provided email addresses. Your continued use of the Service after any update constitutes acceptance of the revised Privacy Policy.

We maintain an archive of prior versions of this Privacy Policy. To request a prior version, contact priorauthpro@patientlead.health.

Section 11: Contact

For privacy-related questions, requests, or concerns:

We aim to respond to all privacy inquiries within 10 business days.