Privacy Policy
Riley Consulting Services, LLC
Effective Date: 7/15/2023
Last Updated: 4/6/2026
1. Introduction
By accessing or using our website, you acknowledge that you have read and understand this Privacy Policy and agree to the collection and use of information in accordance with this Policy.
Riley Consulting Services, LLC (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and security of personal information and data entrusted to us.
This Privacy Policy describes how we collect, use, disclose, and safeguard information in accordance with applicable laws, including:
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- The Massachusetts Data Security Law (201 CMR 17.00)
- Other applicable federal and state data protection laws
2. Scope
This Privacy Policy applies to:
- Visitors to our website
- Prospective and current clients
- Business partners and vendors
This policy applies to information collected via:
- Our website
- Email and electronic communications
- Business operations
3. Information We Collect
a. Personal Information
- Name, title, and organization
- Email address and phone number
- Business contact and billing information
- Information submitted through forms or communications
b. Client Data (Including Healthcare Data)
In the course of providing consulting services, we may access, process, or store data on behalf of clients, including:
- Operational and financial data
- Practice management and billing data
- Potentially Protected Health Information (PHI)
Important:
- We act as a Business Associate where applicable
- All PHI is handled in accordance with HIPAA and executed Business Associate Agreements (BAAs)
- We use such data solely to perform contracted services
c. Automatically Collected Data
- IP address
- Device and browser type
- Website usage activity
d. Cookies and Tracking Technologies
We may use cookies to:
- Improve website performance
- Analyze user behavior
You may disable cookies via browser settings.
4. How We Use Information
- Provide consulting and professional services
- Communicate with clients and respond to inquiries
- Manage contracts, billing, and operations
- Improve our services and website
- Maintain system security and prevent unauthorized access
- Comply with legal and regulatory obligations
5. HIPAA Compliance
Where Riley Consulting Services acts as a Business Associate, we:
- Comply with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule
- Execute Business Associate Agreements (BAAs) with clients
- Implement appropriate administrative, physical, and technical safeguards
- Limit use and disclosure of PHI to the minimum necessary
Website Limitation:
This website is not intended for the transmission of Protected Health Information (PHI).
Users should not submit PHI through website forms or unsecured email.
6. Massachusetts Data Security Compliance (201 CMR 17.00)
- Maintain a Written Information Security Program (WISP)
- Implement safeguards to protect personal information of Massachusetts residents
- Restrict access to personal data on a need-to-know basis
- Utilize secure authentication and access controls
- Monitor systems for unauthorized use
7. Disclosure of Information
We do not sell personal information.
We may disclose information:
- To trusted service providers under confidentiality obligations
- As required by law, regulation, or legal process
- To protect our legal rights or prevent fraud
- In connection with a business transaction
- Service providers are required to use information only for the services they perform and to maintain appropriate security safeguards
8. Data Security
- Secure systems and encrypted platforms where appropriate
- Access controls and least-privilege principles
- Vendor due diligence
- Ongoing monitoring for risks
While we implement reasonable safeguards, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.
Secure Handling and Disposal of Sensitive Data
Riley Consulting Services follows a data minimization and secure disposal approach when handling sensitive information.
- We do not store sensitive client data locally unless temporarily required
- Files are accessed only for the duration necessary to complete a task
- Files are not retained beyond operational necessity
- Files are permanently deleted using secure file deletion methods (e.g., file shredding tools)
- We prioritize secure, cloud-based, and access-controlled systems to minimize local storage risks
9. Data Retention
- Fulfill contractual and business obligations
- Comply with legal and regulatory requirements
- Support audit and compliance activities
10. Your Rights
- Access personal information
- Request correction
- Request deletion where applicable
Contact:
info@rileyhealthcareconsulting.com
11. Third-Party Services
We use reputable third-party platforms that maintain their own security and privacy standards.
12. Children’s Privacy
We do not knowingly collect information from individuals under 13.
13. Changes to This Policy
We may update this Privacy Policy periodically. Updates will be posted with a revised effective date.
14. Contact Information
Riley Consulting Services, LLC
info@rileyhealthcareconsulting.com
rileyhealthcareconsulting.com
