Verisma Online Privacy Statement

Last modified:  September 6, 2021.

This Privacy Statement describes how Verisma Systems, Inc. and its affiliates (collectively, “Verisma”) may collect, use, transfer, and/or store “Personal Information”, i.e., data that can be used to identify or to contact a specific individual.  The Statement applies to the Verisma website,, and all associated websites linked to including, without limitation, the Verisma Requestor Portal website (, and Verisma’s Release Manager website ( (collectively, the “Websites”), and to the Verisma services available through the Websites (collectively, the “Services”).  All references in the Statement to “our,” “us,” “we,” or the “Company” refer to Verisma.

This Privacy Statement may be updated periodically and without prior notice to you to reflect changes in our information practices.  We will indicate above when it was most recently updated.  This Statement is not intended to, and does not, create any contractual or other legal right in or on behalf of any party.

Personal Information We Collect

Verisma does not collect any Personal Information at our Websites or via our Services unless you provide it to us voluntarily.  We may gather the following types of Personal Information at the Websites or via the Services:

  • contact information, such as name, organization and department, email and/or postal address, telephone number
  • information used to create an online account, such as username, password, and answers to security questions
  • financial information, such as credit card details, and billing name and address
  • purchase and customer service history

Verisma needs and uses this information primarily to process, track, and fulfill your Release of Information requests, to keep you informed about the status of your requests, and to administer your account (e.g., tracking payments, fraud detection).  From time to time, we may use Personal Information to send important notices, such as changes to the terms and policies concerning the Services.  We may use Personal Information for internal purposes such as auditing, data analysis, and research to improve the Services.

Verisma also is required by the healthcare providers it serves to retain copies of all medical records that it provides to requesters.  We retain these records to permit the providers, and government agencies, to monitor the quality of our Services and for other business purposes.

Protecting the Confidentiality and Security of Personal Information

We restrict access to Personal Information to Verisma personnel and other parties who assist us in providing the Services and/or conducting our normal business operations and who have agreed to maintain the confidentiality of the information and not to use it except in connection with the Services.  We reserve the right to disclose Personal Information as necessary in the event of a potential sale of Verisma or a part of our business or assets, provided that any party receiving such information agrees to privacy protections equivalent or greater than set forth in this Statement. Without your express authorization, Verisma will not sell, license, transmit, or disclose Personal Information to any other parties.

While no party that maintains a website can guarantee security, Verisma does utilize administrative, technical, and physical safeguards, consistent with applicable laws, that are designed to ensure the integrity of our systems and to protect Personal Information that we have collected against unauthorized access, disclosure, or use.  These safeguards include, without limitation, encrypting all Personal Information that is stored by us.  We periodically review and update our collection, processing, and storage practices with respect to Personal Information, including physical security measures, and implement any changes necessary to guard against unauthorized access, disclosure, or use to your Personal Information.

Collection and Use of Non-Personal Information

Verisma also collects data in a form that does not, on its own, permit direct association with a specific individual.  We may collect, use, transfer, or disclose non-personal information for any purpose.

Some examples of non-personal information Varisma may collect and how we may use it are:

  • “server logs” that record your IP address, web browser used, domain name, date and time of your access, and details of how you use the Services, all of which we may aggregate for use in maintaining and improving the functioning of the Websites
  • “cookies” or a file we send to your browser (but do not retain) that will help us identify you when visiting our Websites for the second and succeeding time.

You may disable cookies within your web browser, but this may render certain functionalities of our Websites unusable to you.

Our Websites utilize Azure Analytics, a service provided by Microsoft Corporation, that uses cookies to help analyze how individuals use the Services. Non-personal information generated in a cookie about your use of the Websites is transmitted to and stored by Verisma in the Microsoft Azure Cloud and is used to evaluate how to improve the Websites and the Services. Verisma does not transmit such data to any third parties and does not use any third party tracking services.

Other Important Privacy Information

A. Protection of the Privacy of Children. Verisma does not knowingly collect or use any PII from persons aged 13 or younger, and we do not knowingly allow persons aged 13 or younger to communicate with us or to use Versima’s Services.  If you are a parent or guardian and become aware that your child has provided us with any information, please contact us using the methods outlined in the Contact Information section at the end of this Statement, and we will work with you to address this issue.

Children’s Online Privacy Protection Act (COPPA).  Except in very limited circumstances, COPPA does not apply to Verisma’s Services.  Verisma’s websites and Services are not directed to children under 13 years old and cannot be used by children younger than 18 years old without Verisma’s prior written permission because, in most cases, federal and state privacy laws require that requests for release of records containing Protected Information be authorized by persons 18 years or older.  There are exceptions for cases where the person submitting the request is an emancipated minor or otherwise could legally consent to the medical treatment for which the release of information is sought.  However, these exceptions generally do not generally apply to persons younger than 13 years old.  Verisma will only permit a person under 13 years old to use its Services if they can establish that they fall into an excepted category.

B. California Consumer Privacy Act (CCPA). As noted above in this Privacy Statement, Verisma collects and may use or disclose your PII for various pruposes and to permit third parties to provide cloud-hosting and analytics services for Verisma (which may be considered a “sale” of PII under the CCPA).  California residents have the right to make the following requests of Verisma up to twice in a 12-month period:

  • a list of the specific types of PII Verisma has collected about you;
  • disclosure of the types of PII Verisma collects, uses, discloses, or sells; and
  • direction to opt out of a “sale” of your PII (as defined by the CCPA) by Verisma.

California residents also may ask their healthcare provider to direct Verisma to delete your PII from Verisma’s databases.


Privacy Statement Contact Information

If you have a question regarding this Privacy Statement, please contact Verisma at:

Verisma Systems, Inc.
Attn:  Privacy Officer
1421 Prince Street, Suite 250
Alexandria, VA 22314