EverVia Privacy Policy

1. Introduction

EverVia LLC dba EverVia (“Company,” “we,” “us,” or “our”) is a reproductive advisory services company headquartered in the State of Utah. We are committed to protecting the privacy, confidentiality, and security of our clients’ personal information, including Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

This Privacy Policy describes how we collect, use, disclose, and safeguard your clients’/patients’ information when you engage with our services, website, or communications. By using our services, you acknowledge that you have read and understood this Privacy Policy as have your clients’/patients’ if we will be accessing or working with their Personal Identifying Information (PHI) as we provide our business-to-business services. 

2. Information We Collect

We may collect the following categories of information:

a. Personal Identifying Information (PII)

  • Full name, date of birth, and contact information (address, phone number, email)
  • Government-issued identification numbers where required
  • Emergency contact information where required
  • Identification where required

b. Protected Health Information (PHI)

As a reproductive advisory company, we collect sensitive health-related information, which may include:

  • Medical history, diagnoses, and treatment records relevant to reproductive health
  • Fertility assessments and reproductive laboratory results
  • Medications and current treatment protocols
  • Information shared by or about reproductive partners, donors, or surrogates (where applicable)
  • Mental health and counseling records related to reproductive decisions

c. Financial Information

  • Insurance information and billing records
  • Payment method details (processed securely through our payment processor)

d. Technical & Usage Information

  • IP address, browser type, and device identifiers
  • Website usage data collected via cookies and analytics tools

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide reproductive advisory, consultation, coordination, and support services
  • Care Coordination: To communicate with healthcare providers, specialists, or other authorized parties with your consent
  • Billing & Administration: To process payments, submit insurance claims, and manage your account
  • Legal Compliance: To meet our obligations under HIPAA, Utah state law, and other applicable regulations
  • Service Improvement: To analyze usage and improve the quality of our services
  • Communications: To send appointment reminders, policy updates, and other service-related communications

We will not use your PHI for marketing purposes without your explicit written authorization.

4. HIPAA Compliance & Protected Health Information

We are a covered entity or business associate subject to HIPAA. We maintain HIPAA compliance through the following measures:

 a. HIPAA-Compliant Infrastructure

We store and process PHI using Google Workspace and/or Google Cloud Platform, under a HIPAA-compliant Business Associate Agreement (BAA) with Google LLC. This agreement obligates Google to safeguard PHI in accordance with the HIPAA Security Rule.

b. Your HIPAA Rights

As a client, you have the following rights with respect to your PHI:

  1. Right to Access – request a copy of your PHI held by us
  2. Right to Amend – request corrections to inaccurate or incomplete PHI
  3. Right to Accounting of Disclosures
  4. Request a record of certain disclosures of your PHI
  5. Right to Restrict – request restrictions on certain uses or disclosures of your PHI
  6. Right to Confidential Communications – request that we communicate with you via specific means or locations
  7. Right to Revoke Authorization – withdraw previously granted authorization for use or disclosure of PHI

To exercise any of these rights, please contact our Privacy Officer at the information provided in Section 10.

c. Permissible Disclosures of PHI

We may disclose your PHI without your authorization only as permitted or required by HIPAA, including:

  • For treatment, payment, and healthcare operations
  • As required by law (e.g., court orders, mandatory reporting)
  • For public health activities
  • To avert a serious threat to health or safety of yourself or any other person

All other disclosures require your written authorization.

5. Utah State Privacy Law

In addition to HIPAA, we comply with applicable Utah state privacy laws and regulations governing the confidentiality of reproductive health information. Utah law may afford you additional rights regarding your personal data. Where Utah law provides greater protection than federal law, we will follow the more protective standard.

6. Sensitive Reproductive Health Information

We recognize that reproductive health information is among the most sensitive categories of personal data. We take extraordinary care to:

  • Limit access to PHI strictly to authorized personnel on a need-to-know basis
  • Never disclose reproductive health information to employers, family members, or third parties without your explicit authorization (except as required by law)
  • Train all staff on the confidential handling of reproductive health records
  • Apply enhanced security controls to records involving surrogacy, donor information, fertility treatments, and related matters

7. Data Security

We implement administrative, technical, and physical safeguards to protect your information, including:

  • Role-based access controls and multi-factor authentication
  • Encryption of PHI at rest and in transit
  • Regular security risk assessments in compliance with the HIPAA Security Rule
  • Staff training on HIPAA Privacy and Security Rules
  • Incident response and breach notification procedures in compliance with the HIPAA Breach Notification Rule

In the event of a breach involving your PHI, we will notify you as required by HIPAA (within 60 days of discovery) and applicable Utah law.

8. Data Retention

We retain your PHI and personal information for as long as necessary to fulfill the purposes described in this Policy and to comply with applicable legal, regulatory, and professional obligations. Medical records are typically retained for a minimum of seven (7) years from the date of last service, or longer if required by law.

9. Third-Party Service Providers

We may share your information with trusted third-party vendors who assist in our operations, including:

  • Google LLC – Cloud infrastructure and productivity tools (covered under a HIPAA BAA)
  • Payment processors, billing services, and insurance verification vendors
  • Healthcare providers and specialists involved in your care (with your authorization)

All vendors who access PHI are required to execute a Business Associate Agreement and maintain HIPAA-compliant practices.

We do not sell your personal information or PHI to any third party.

10. Client and Potential Client Privacy Obligations to EverVia:

You agree not to communicate confidential information to any third party, nor to try to obtain confidential information to any third party, or use any confidential information in any manner not authorized by EverVia. 

11.  Contact Us & Privacy Officer

If you have questions about this Privacy Policy, wish to exercise your HIPAA rights, or need to report a privacy concern, please contact our designated Privacy Officer:

Bonnie Douglas
EverVia LLC dba EverVia
50 W Broadway, Ste 333 # 962026 
Salt Lake City UT 84101
Email: inquiry@evervia.com

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated Policy on our website and, where required, by direct notification. We encourage you to review this Policy periodically.

13. Acknowledgment

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the practices described herein.