Legal
Privacy Policy
Last Updated: June 1, 2026
Last Reviewed: June 2026
Bettermeant Inc., DBA Rainfall Health
1. Purpose
Bettermeant Inc., DBA Rainfall Health (“Rainfall Health”) is committed to protecting the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. This Privacy Policy outlines how Rainfall Health, acting as a Business Associate to covered entities under HIPAA, collects, uses, maintains, and discloses PHI. This policy was last reviewed and updated in June 2026.
2. Definitions
PHI: Protected Health Information, as defined by HIPAA, includes any individually identifiable health information transmitted or maintained by Rainfall Health in any form or medium, whether electronic, paper, or oral.
ePHI: Electronic Protected Health Information — PHI transmitted or maintained in electronic form.
Covered Entity: A healthcare provider, health plan, or healthcare clearinghouse that transmits PHI electronically in connection with HIPAA transactions.
Business Associate: Rainfall Health, as a third-party entity that performs certain functions or services on behalf of a covered entity that involve the use or disclosure of PHI.
Business Associate Agreement (BAA): A written contract between Rainfall Health and a covered entity (or another business associate) that establishes permitted uses and disclosures of PHI and the responsibilities of each party under HIPAA.
3. Collection and Use of PHI
3.1 Purpose of Collection
Rainfall Health collects and uses PHI solely for the purpose of performing services as specified in our agreements with covered entities. These services may include, but are not limited to, connecting patients to providers, data processing, data analysis, and technical support related to healthcare operations or treatment.
3.2 Types of PHI Collected
PHI collected by Rainfall Health may include demographic information, medical history, test results, treatment plans, and other health-related information as necessary to fulfill our contractual obligations with covered entities.
3.3 Use of PHI
Rainfall Health will only use PHI as permitted or required by the HIPAA Privacy Rule and our agreements with covered entities. PHI may be used for purposes such as data aggregation, de-identification, quality improvement, or other activities necessary to support the proper functioning of the healthcare system. In all cases, Rainfall Health adheres to the minimum necessary standard, limiting access to PHI to only what is required to perform authorized functions.
4. Disclosure of PHI
4.1 Authorized Disclosures
Rainfall Health only discloses PHI to third parties as permitted or required by HIPAA and our agreements with covered entities. Prior to sharing any ePHI with a new business associate or subcontractor, Rainfall Health ensures that a signed Business Associate Agreement (BAA) is in place as required by HIPAA.
4.2 Data Security
Rainfall Health implements appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI. These safeguards include encryption, access controls, audit logs, and regular security assessments to prevent unauthorized access, use, or disclosure of PHI. Access to ePHI systems is limited to authorized personnel based on minimum necessary job functions, and all user accounts are reviewed on a regular basis.
5. Individual Rights
As a Business Associate, Rainfall Health does not have direct relationships with patients or plan members. Individual rights under HIPAA — including the right to access, amend, or restrict use of PHI — are administered by the applicable covered entity with which Rainfall Health has contracted. Individuals seeking to exercise these rights should contact the covered entity directly.
Where required by our Business Associate Agreement, Rainfall Health will cooperate with covered entities to facilitate individual rights requests, including providing access to relevant PHI records held by Rainfall Health, within the timeframes required by HIPAA.
6. Breach Notification
In the event of a breach of unsecured PHI, Rainfall Health will comply with HIPAA breach notification requirements. Rainfall Health will notify the applicable covered entity without unreasonable delay and no later than 60 calendar days following discovery of a breach, as required by the HIPAA Breach Notification Rule. The covered entity is responsible for notifying affected individuals and, where required, the Department of Health and Human Services (HHS). Rainfall Health will cooperate fully with the covered entity in any required breach response and documentation.
7. Documentation and Recordkeeping
Rainfall Health retains all HIPAA-related documentation and records, including policies, procedures, training records, and security documentation, for a minimum of six (6) years from the date of creation or the date the document was last in effect, whichever is later, as required by HIPAA.
8. Policy Updates
This Privacy Policy is reviewed and updated at least annually and whenever significant changes occur to HIPAA regulations, Rainfall Health’s business practices, or applicable technology. Any material updates to this policy will be communicated to covered entities as required by our Business Associate Agreements. The most recent version of this policy is available on our website.
Last Reviewed: June 2026 | Bettermeant Inc., DBA Rainfall Health