Skip to content
Parker
APEX Login
Back to legal
Privacy

Corporate Data Privacy and PHI Policy

How Parker Health, Inc. d/b/a Parker collects, uses, discloses, and protects information — especially Protected Health Information (PHI) — when you use our website, the APEX Platform, and any associated services.

Status · Active · effective February 15, 2026
Version · v1.0

Parker Health, Inc. d/b/a Parker is committed to protecting the privacy and security of your personal and health information. This Privacy Policy is the master policy that governs every data interaction across our marketing site, the Apex Ecosystem, and associated services.

1. Introduction and scope

Parker provides technology solutions to deliver the best care possible to our customers. The information we gather helps us to better understand and serve your needs. Any third-party partners we contract with to provide these services are, through contractual agreements (Business Associate Agreements where required by HIPAA), obligated to uphold the same stringent privacy and security standards outlined in this Statement.

This Policy describes your rights with respect to your individually identifiable information. By continuing to use this site and our services, you consent to the practices described in this Privacy Policy and our Terms of Use.

Disclaimer Regarding Medical Advice. The medical and health information presented on this website is intended to be general in nature and should not be viewed as a substitute for professional medical consultation, diagnosis, or treatment. Please consult with a qualified health care professional for all personal medical and health-related matters.

2. Health and Medical Information (PHI) and HIPAA

Certain health and medical information you provide, specifically PHI, is subject to the Health Insurance Portability and Accountability Act (HIPAA). Parker Health, Inc. d/b/a Parker is a business associate under HIPAA, not a covered entity. Parker provides technology services to covered entities (including hospitals, health systems, health plans, and healthcare providers) and handles PHI on their behalf pursuant to Business Associate Agreements. Patient-facing HIPAA rights (such as access, amendment, and accounting of disclosures) are generally exercised through your healthcare provider. Parker cooperates with covered entities to facilitate these rights as required by HIPAA and applicable Business Associate Agreements.

We protect and use covered health and medical information as required by HIPAA and applicable state laws. For a detailed understanding of how we handle your PHI, including your rights regarding access, amendment, and disclosure of this information, please review our separate HIPAA Privacy Practices Statement.

Data minimization and de-identification

In accordance with best practices and legal requirements, we employ data minimization techniques, collecting only the information strictly necessary for the specified purposes. For research and machine learning activities (Section 5), whenever possible, we use de-identified or anonymized data to protect your privacy while still enabling scientific advancement.

3. Security, confidentiality, and regulatory compliance

Data security measures

We maintain robust administrative, technical, and physical safeguards designed to protect the information you provide on this website and within the APEX Platform. These safeguards include, but are not limited to, encryption, access controls, and regular security audits.

Security disclaimer. While we implement state-of-the-art security measures, no system is entirely impenetrable. We cannot guarantee the absolute security of our website or that information transmitted to us over the Internet will be immune from interception. Parker Health, Inc. is not liable for the illegal acts of malicious third parties, such as criminal hackers.

Compliance and regulatory frameworks

Our commitment to data privacy and security is formalized through adherence to, and certification or attestation under, the following regulatory and security standards:

Standard / RegulationScope of compliance
HIPAA (U.S.)Protection and use of Protected Health Information (PHI).
GDPR (EU / Global)Lawful processing, transparency, and data subject rights (where applicable to EU residents).
PIPEDA (Canada)Fair information practices for personal information (where applicable to Canadian residents).
HITRUST CSFComprehensive risk-based framework for health industry security and compliance.
SOC 2Audited controls relevant to security, availability, processing integrity, confidentiality, and privacy.
State-Specific LawsCompliance with all relevant state data privacy requirements (e.g., CCPA/CPRA in California, and similar laws in other states where we conduct business).

4. Our APEX Platform and data management

Our proprietary APEX Platform serves as a connected intelligence ecosystem, designed to integrate various aspects of healthcare management and delivery.

ModuleDescriptionData managed
APEX NEXUSElectronic Health Record SystemComprehensive patient medical histories, clinical notes, lab results, imaging reports, and medication lists.
APEX PULSEPatient-facing appPersonal health information, appointment scheduling, prescription refill requests, and secure communication with providers.
APEX VELOCITYRevenue cycle managementBilling records, insurance claims processing, payment tracking, and financial performance data.
APEX CATALYSTAdvanced bioinformatics with AI/MLGenomic sequencing data, protein structure information, clinical trial data, and predictive model outputs.
APEX HORIZONPopulation health and informaticsAggregated, de-identified patient data for disease surveillance, trend analysis, and public health reporting.
APEX Data LakeCentralized data repositoryVerified, secured, and classified patient data (both PHI and non-PHI), organized for individual patient care, provider use, and authorized research.

5. Use of data in AI, machine learning, and research

Legal disclaimer. Data used for research and AI/ML purposes is handled with the highest level of care and regulatory oversight. Any utilization of your personal data for research requires informed consent or is strictly conducted using de-identified data as permitted by law (HIPAA Safe Harbor or Expert Determination).

The information we collect is used to:

  1. Conduct analysis and research: Utilize APEX Catalyst and APEX Horizon to perform advanced bioinformatics analysis, develop predictive models, and conduct approved research studies aimed at improving healthcare outcomes and clinical practices.
  2. Develop and improve AI models: Train our proprietary AI and ML algorithms to enhance diagnostic tools, personalize treatment plans, and optimize operational efficiency.
  3. Conduct research: Any research involving identifiable patient data is subject to your separate, written, and revocable authorization and oversight by an Institutional Review Board (IRB) or equivalent body, ensuring ethical and legal compliance.
  4. Operational improvement: Analyze aggregated and de-identified data to understand system usage, improve site performance, and enhance the features of the APEX Platform.

See our Consumer Bill of Rights for Health AI for the full set of protections we voluntarily extend to every patient interacting with AI features.

6. Information collection and storage

A. Information you provide directly to us

This information is provided when you use or register for a service, subscribe to notifications, or contact us. Examples include:

  • Contact information: Full name, address, phone numbers, and email address.
  • Account credentials: Username and password.
  • Financial data: Payment information (credit card number, expiration date, security code) for billing and payment processing.
  • Personal Health Information (PHI): Diagnoses, medical history, previous treatments, general health status, and health insurance information.
  • User feedback: Doctor reviews, survey responses, and customer support communications.
  • Any other information you voluntarily provide.

B. Automatically collected information (non-PHI)

Based on how you engage with our site, we may automatically collect information that generally does not identify you personally:

  • Activity information: Device and advertising identifiers, browser type, operating system, IP address, pages visited, date and time of visit, and referrer pages.
  • Cookies and tracking technologies: See our Cookie Policy. We may use third-party analytics companies (e.g., Google Analytics).
  • Location information: Generalized location information (e.g., based on IP address or, with your device permission, mobile GPS).
  • Local Shared Objects (“Flash Cookies”): Function similarly to standard cookies but may be larger.

7. Sharing and disclosure of information

We share information only in the following circumstances:

  1. With third-party vendors and service providers: Authorized vendors who perform specialized services on our behalf, including: billing and payment processing; telemedicine services; customer service, email deployment, and business analytics; marketing (advertising, optimization, and retargeting); hosting, data processing, and security monitoring. These vendors are contractually prohibited from using your information for purposes other than those related to the contracted services and must adhere to our security standards (e.g., Business Associate Agreements under HIPAA).
  2. For legal, safety, and enforcement purposes: We may disclose information if required by law, such as to comply with a subpoena or court order, to prevent fraud, to protect the rights or property of Parker, or to protect the personal safety of patients or the public.
  3. Corporate transactions: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website.
  4. Non-personally identifiable data: We may share aggregated, anonymized, or de-identified data with third parties for research, analysis, and marketing purposes.

8. Third-party services and social media

  • Third-party referrals: If you access our services from a third-party website, application, or advertisement, we may receive limited information related to you or that advertisement from the owner of the Third-Party Service.
  • Social logins: If you use third-party services (e.g., Facebook, Google) to log into our services, we may collect information from these third-party services as permitted by your privacy settings.
  • Public forums: If you choose to engage in public activities on external sites we link to, be aware that any information you share there can be read, collected, or used by other users. We are not responsible for the information you choose to submit in public areas.

9. Email communication and risk disclosure

Most email communication does not provide a completely secure and confidential means of communication.

Risk warning. It is possible that email could be viewed inappropriately by another Internet user or intercepted during transmission. If you choose to provide us with your email address or send us information via email, any misaddressing may result in unauthorized interception, alteration, or use. If you wish to keep your communication completely private, you should use secure communication methods provided within the APEX Platform or contact us by phone.

Marketing emails. Parker may occasionally distribute news and announcements via email. We do not sell, trade, or otherwise share our email lists with unauthorized third parties. You may remove your name from any non-essential mailing list using the established unsubscribe link.

10. Limiting data collection and your rights

Opt-out and cookie management

Most web browsers are set to accept cookies by default. You typically have the ability to set your browser to remove or reject browser cookies. Please be aware that removing or rejecting cookies could affect the availability and functionality of our services. To opt out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites.

Data subject rights (GDPR, CCPA/CPRA, etc.)

Depending on your jurisdiction, you may have specific rights regarding your personal information, including the right to:

  1. Access: Request access to the personal data we hold about you.
  2. Correction / Amendment: Request correction of inaccurate or incomplete personal data.
  3. Deletion (“Right to be Forgotten”): Request the deletion of your personal data, subject to legal and regulatory retention obligations (especially for PHI).
  4. Restriction / Objection: Object to or restrict the processing of your personal data.
  5. Data portability: Request a copy of your personal data in a portable, structured, common format.

For California-specific rights, see our California Privacy Notice. For GDPR, see our GDPR Compliance Statement. For PIPEDA, see our PIPEDA Privacy Commitment.

11. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes are effective immediately upon posting. We encourage you to review this Policy periodically. By continuing to use this site after any modifications, you consent to the revised terms.

12. Contact information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Parker Health, Inc. d/b/a Parker
Attention: Privacy Officer
Address: 818 18th St NW, Suite 810, Washington DC 20006
Email: privacy@parkerapex.com