Element RCM Privacy Policy

Effective 11/04/2020


This Privacy Policy is here to help you understand how we collect, use, disclose, and process your Personal Data (as defined below). We also describe your choices and rights with respect to how we process that Personal Data. Please read this Policy carefully.

Who We Are

This is the Privacy Policy (“Policy”) of Element RCM (“Element RCM, “us”, “our”, or “we”), a Colorado Limited Liability Company with offices at 8354 Northfield Blvd., Building G, Suite 3700, Denver, CO 80238. You can contact us using the information below.


This Privacy Policy applies to our website at www.elementrcm.ai (including any subdomains or mobile versions, the “Marketing Site”) including any forms, applications, or other features on the Marketing Site. 

This Privacy Policy reflects only how we process Personal Data through our Marketing Site. This Privacy Policy does not apply to our revenue cycle management services, or any services that we provide to you in our capacity as a provider or covered entity (even if linked from the Marketing Site), each of which are subject to HIPAA and our HIPAA Notice of Privacy Practices. 

If you are a current customer of Element RCM  or acting on behalf of an Element RCM  customer, please call us if you need to communicate with us regarding your services or if you need to share protected health information with us.

Additionally, this Privacy Policy does not apply to information processed by third parties, for example, when you visit a third-party website or use third-party services, unless those third parties collect or process information on our behalf. Please review any relevant third party’s privacy policy for information regarding their privacy practices. 


This Privacy Policy is incorporated into the Terms of Use governing your use of our Marketing Site. Any capitalized terms not defined in this Policy will have the definition provided in our Terms of Use.

Your use of our Marketing Site indicates your acknowledgment of the practices described in this Policy. 

Collection and Use of Personal Data

Personal Data We Collect

In order to provide our Marketing Site, we may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We may collect and process the following categories of Personal Data (note, specific Personal Data elements are examples and may change):

Identity Data: Personal Data about you and your identity, such as your name, unique identifiers, biographic/profile data, and other Personal Data you may provide on registration forms or as part of a user profile.

Contact Data: Identity Data used to contact an individual, e.g. email address, physical address, or phone number.

Device/Network Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session history and similar browsing metadata, and other data generated through applications and browsers, including via cookies and similar technologies. 

Inference Data: Data we create or infer from other personal data you provide, e.g. relating to certain characteristics, psychological trends, behavior, abilities, and aptitudes.

User Content: Personal Data included in content provided by users of the Marketing Site in any free-form or unstructured format, such as in a chat app, free text field, in a file or document, or messages to us.

Sources of Personal Data

We collect Personal Data from various sources based on the context in which the Personal Data will be processed:

You: We collect Personal Data from you directly, for example, when you input information into an online form, or contact us directly.

Our Service Providers: We receive Personal Data from third parties with whom we have a relationship, such as our service providers, and data aggregators.

Your Devices/Networks: We may automatically collect certain Personal Data about your devices/networks. For example, we collect IP addresses, identifiers from cookies and similar technologies, and similar information when you browse the Marketing Site or when you open our marketing communications.

How We Process Personal Data

Online Screening

We process Identity Data, Device/Network Data, and Inference Data when you use our online MCHAT-R screening quiz. The MCHAT-R screening quiz allows you to input information regarding your child’s behaviors and tendencies in order to assess your child’s development and evaluate certain autism risk factors. We use this information primarily in order to complete the screening, where we analyze the quiz responses, create Inference Data relating to your child’s development and correlation to various autism risk factors, and create a report summarizing those results.

You may request that we send you a copy of the report, in which case we will collect Contact Data. We will use that Contact Data as necessary to send you the report, and we may use your Contact Data as necessary in connection with the management and distribution of your marketing communications. We may also associate Identity Data, Device/Network Data, and Inference Data from the MCHAT-R screening quiz in order to create a user profile associated with your Contact Data so that we can send you information that may be more relevant to you and to customize the content of the marketing communications.

Marketing Communications

We may process Identity Data, Device/Network Data and Contact Data in connection with email marketing communications (such as promotional emails), which you might receive as a result of receiving a copy of your MCHAT-R screening report, by opting in to newsletters or other communications, or engaging in any other transactions where you provide your Contact Data. If you requested that we send you your MCHAT-R quiz results, we will also process Inference Data from that quiz in connection with  future marketing communications. Finally, we may also automatically collect Device/Network Data when you open or interact with marketing communications. 

We use Identity Data and Contact Data as necessary to customize, deliver, and otherwise process marketing communications, and in order to tailor their content to individuals’ preferences and interests. Additionally, we may process Device/Network Data from devices receiving those marketing communications as part of our business interests in understanding whether our emails are opened or other aspects of engagement with our marketing communications. 

Contact Us

When you contact us through the Marketing Site using our contact form, through our chat, or via email, we process Personal Data such as Identity Data, Device/Network Data, Inference Data, and User Content. We use this data as necessary to communicate with you about the subject matter of your request and related matters. If you provide us Contact Data in the contact form, we may also send you marketing communications if relevant to your request. If you use our chat feature, we may retain a log of the chat, as well as other information you provide through the chat platform, including ratings, reviews, feedback, and Inference Data we create, and this data may be made part of your user profile and used for personalization.

We do not guarantee the security of our chat and contact forms, and these features have not been designed to meet the requirements of HIPAA. Do not send us sensitive information or protected health information using our chat features or via any contact forms.  

Cookies and Similar Tracking Technologies

We, and certain third parties, automatically collect and process Identity Data, Contact Data, Device/Network Data, and (to the extent allowed) Inference Data when you interact with cookies and similar technologies on our Marketing Site. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may also apply to these technologies and the Personal Data collected through them.

Subject to your rights & choices, we may use this information as follows: 

  1. for “essential” or “functional” purposes, such as to enable certain features of the Marketing Site, or maintain an active session;
  2. for “analytics” and “personalization” purposes, consistent with our business interest in how the Marketing Site is used or performs, how users engage with and navigate through our Marketing Site, what sites users visit before visiting the Marketing Site, how often they visit the Marketing Site, and other similar information, as well as to greet users by name and modify the appearance of the Marketing Site to usage history, tailor the Marketing Site based on geographic location or Customer, and understand characteristics of users in various technical and geographic contexts; and
  3. for retargeting or targeted advertising, such as:
    • for social media integration e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Marketing Sites or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter;
    • to collect information about your preferences and demographics to help target advertisements which are more likely to be of interest to you using behavioral advertising; and
    • to allow us to carry out retargeting (this includes, for example, when advertisements are presented to you for products or services which you have previously looked at on a website but have not purchased).

Note: Some of these technologies can be used to identify you across platforms, devices, sites, and services. 

Business Purposes of Processing

In addition to the processing described above, we generally process Personal Data for several common purposes in connection with our business. 

Operate our Marketing Site and Fulfill Obligations

We process any Personal Data as is necessary to provide the Marketing Site, and as otherwise necessary to fulfill our obligations to you, e.g. to provide you with the information, features, and services you request.

Internal Processes and Marketing Site Improvement

We may use any Personal Data we process through our Marketing Site as necessary in connection with our improvement of the design of our Marketing Site, understanding how our Marketing Site is used or functions, in connection with the creation and analysis of logs and metadata relating to service use, and for improving the usability and stability of the Marketing Site. Additionally, we may use Personal Data to understand what parts of our Marketing Site is most relevant to users, how users interact with various aspects of our Marketing Site, how our Marketing Site perform or fail to perform, etc.

Personalization & User Profiles

In order to understand our users’ preferences, and better recommend relevant services to users, we may create a user profile by linking together and analyzing the Personal Data we collect through our Marketing Site. We include information we create (e.g. Inference Data) as part of these profiles, and we may obtain similar information from third party providers We use these user profiles to conduct market research and statistical analysis in connection with the improvement of our services, to help us provide more relevant information, as well as to tailor what services we may promote to you (e.g. through marketing communications), and for similar purposes.


We may process any Personal Data we collect in connection with our legitimate business interest in ensuring that our Marketing Site and services are secure, to identify and prevent fraud or other crimes, and ensure the safety of our users. Similarly, we process Personal Data on our Marketing Site as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns and characteristics, maintain and analyze logs, and process similar Personal Data in connection with our information security activities.

Compliance, Health, Safety & Public Interest

Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data subject to this Policy for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest or as required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Other Processing of Personal Data

If we process Personal Data in connection with our Marketing Sites in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it.

Commercial Purposes of Processing


We, and certain third parties operating on or through our Marketing Site, may engage in personalized advertising. This form of advertising includes various parties and services providers, including third-party data controllers, engaged in the processing of Personal Data to sell, deliver, personalize, and analyze online advertisements. Some of these parties may be able to identify you across sites, devices, and over time. 

The parties that control the processing of Personal Data for personalized advertising purposes may create, or leverage information derived from personalization and profiling. In some cases, these parties may also develop and assess aspects of a profile about you to determine whether you are a type of person a company wants to advertise to and determine whether ads you see are viewed or engaging. These third parties may augment your profile with demographic and other Inference Data derived from these observations, and may also track whether you view, interact with, or how often you have seen an ad, or whether you complete a transaction for a good or services you were shown in an advertisement. 

We generally use targeted advertising for the purpose of marketing our Marketing Sites and third-party goods and services, to send marketing communications, including by creating custom marketing audiences on third-party websites (such as Facebook).

Your Rights & Choices

Your Rights

Applicable law may grant you rights in your Personal Data. These rights vary based on your location, state/country of residence, and may be limited by or subject to our own rights in your Personal Data. To the extent you have rights in your personal data under applicable law, you may exercise rights you have by contacting us at info@elementrcm.ai

Please note, rights requests under HIPAA will be handled as set forth in our Notice of Privacy Practices. Please review those procedures for additional detail regarding your rights under HIPAA and the process for submitting those requests. 

All rights requests we receive will be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require you to verify certain Personal Data, that you have access to your account or the email on file, or other similar measures in order to verify your identity. If an agent submits the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

Your Choices

You may have the following choices regarding the Personal Data we process, to the extent required under applicable law:

Direct Marketing: You have the choice to opt out of or withdraw your consent to marketing communications. You may exercise your choice via the links in our communications or by contacting us re: direct marketing. 

Cookies & Similar Tech: If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies and certain similar technologies using your browser’s settings menu. You must opt out of the use of some third-party services directly via the third party. For example, to learn how to opt out of Google’s marketing and analytic services, visit Google Ads Privacy Policy, or Google Analytics Opt-out.

Data Sharing

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the categories of recipients or in connection with specific business purposes described below.

Service Providers

In connection with our business operations, product/service improvements, to enable certain features, and in connection with our other business interests, we may share Personal Data with service providers who provide certain services or process data on our behalf. For example, we may use cloud-based providers to host our Marketing Site, and to operate some internal systems.

Corporate Events

Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.


In order to streamline certain business operations, share promotions and content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our users, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies. 

Legal Disclosures

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use or a user agreement, or in the vital interests of us or any person. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to parties that request it.


We implement and maintain reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and though we may enter contracts to help ensure security, we do not control third parties’ security processes. We do not warrant perfect security, and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure. 

Data Retention

We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.


Our Marketing Site is neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it. If you are providing information to our Marketing Site that relates to a minor, you must have the right to provide such information, and you represent that you have the authority necessary to provide their Personal Data to us and that we may use it as described in this Privacy Policy.

Changes to Our Policy

We may change this Policy from time to time. Please visit this page regularly so that you are aware of our latest updates. Your use of the Marketing Site following such changes indicates your acceptance of any changes.

Contact Us

Feel free to contact us with questions or concerns using the appropriate address below.

General Inquiries: info@elementrcm.ai