Service: (833) -267-2455 / 833-CMR-Billing



Firewalls are fully implemented on our site. There are three basic types of firewalls: hardware firewalls, software firewalls, and web application firewalls (WAFs). Typically, an infrastructure has a combination of hardware and software firewalls, along with ones specifically designed for web applications, because apps create their own unique challenges and have become such a frequent target for intrusions. We making sure that technology is system-wide is one of the HIPAA compliant server requirements.


HIPAA-Compliant Encrypted VPN

Encrypted VPN

The VPN is encrypted.


HIPAA-Compliant Offsite Backups

Offsite backups

We have our data backed up in an external location. This requirement is a reasonable way to ensure the EHRs are safe.


HIPAA-Compliant MultiFactor Authentication

Multifactor authentication

On all parts of our site (from the administrative control panel associated with the server to our CMS to the operating system running throughout the network), we have MFA ( multifactor authentication). Multifactor authentication similar to the other HIPAA compliant server requirements.

HIPAA-Compliant Private Hosted Environment

Private Hosted Environment

We do not have a platform that shares resources with any other entities. We have achieved HIPAA compliant server requirements by working with a hosting provider with experience related to properly privatizing our infrastructure.


HIPAA-Compliant SSL Certificate

SSL certificates

We have secure sockets layer (SSL) certificate established throughout our site, for any domains and subdomains on which sensitive information is accessed. In other words, any parts of our site that need login credentials should always also have an SSL. Each server used for our site needs its own SSL certificate installed. Note that some companies provide certificates that can be installed on multiple or unlimited servers. Be aware that an EV certificate, creating a green address bar.



SSAE 18 SOC 1 SOC 2 Certifications

Note that Statement on Standards for Attestation Engagements (SSAE) 18, created by the American Institute of Certified Public Accountants (AICPA), is more stringent, in some ways, than HIPAA is regarding security. It’s not a requirement for HIPAA, but seeing that certification should make you feel more confident that our company meets HIPAA compliant hosting requirements.


HIPAA-Complaint BAA

Business Associate Agreement (BAA)

If you use any outside entity to assist with our EHR, including a hosting company, you must have a BAA signed with that organization. That document does not clear you of your own responsibilities related to HIPAA, but it does delineate the role that the hosting company takes and ways in which they should be held liable for any breaches, etc.


Other Privacy Policies:

[Effective Date: Aug 13, 2018]

UMS respects and is committed to protecting your privacy. This privacy policy applies to our publicly available website and the various publicly available subdomains thereof, owned and operated by UMS, Inc. (“UMS”, “We”, “Us”, and “our”). This privacy policy describes how UMS collects and uses the personal information you provide on our website. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. You can view our website without divulging any personal information other than your Internet Protocol (IP) address; however, certain content on our website requires registration and the transmittal of additional personal information.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

With respect to personal data processed in the scope of this privacy policy, UMS complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as adopted and set forth by the U.S. Department of Commerce regarding the processing of personal data. UMS commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.

To learn more about the Privacy Shield, and to view UMS’s certification, please visit and, respectively.

VeraSafe Privacy Program

UMS is a member of the VeraSafe Privacy Program, meaning that with respect to personal data (“PII” or “personal information”) processed in the scope of this privacy policy, VeraSafe has assessed UMS’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.

Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through UMS’s internal processes, UMS has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here:

Binding Arbitration

If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.

Regulatory Oversight
UMS is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.


In the context of this privacy policy, UMS acts as a data controller for the data we process.

Basis of Processing

In the context of this privacy policy, UMS processes personal data on the basis of the need to perform under our contractual obligations, or to take pre-contractual measures at the request of the data subject. Additionally, UMS processes personal data on the basis of the pursuit of our legitimate interests in selling and providing our services to potential and current customers. Personal data is erased when there is no longer any valid basis for processing the personal data

Information Collection and Use

For example, we may collect the following personal information from you:

  • Contact Information such as name, email address, mailing address, and phone number
  • Unique Identifiers such as user name and job title
  • Demographic information such as education, gender, ethnicity and citizenship status

We may collect such personal information when you:

  • Submit contact form(s) on our website
  • Post comment(s) to our blog
  • Subscribe to our email alerts and/or newsletter
  • Request printed materials to be sent to you in hardcopy
  • Send us your resume via our website

We may use this information to:

  • Assess the needs of your business to determine suitable products and services
  • Send you requested product or service information
  • Respond to customer service requests
  • Send you a newsletter or email alerts
  • Send you marketing communications
  • Process a job application
  • Respond to your questions and concerns
  • Improve our website and marketing efforts

Information Sharing

We will share your personal information with third parties only in the ways that are described in this privacy policy. We do not sell, trade, or rent personal information to any outside person or organization.

Service Providers

We may provide your personal information to companies that provide services to help us with our business activities such as offering customer service, hosting our website or processing emails. These companies are authorized to use your personal information only as necessary to provide these services to us. These service providers may be located in countries other than the United States, such as India; however, these service providers are contractually required to provide at least the same level of protection for your personal data as is described in this privacy policy. UMS remains liable for the protection of your personal data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

Legal Disclaimer

We may also disclose your personal information:

  • as required by law, such as to comply with a subpoena, or similar legal process;
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
  • if UMS is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information; and
  • to any other third party with your prior consent to do so.

If we must disclose your PII in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII.

User Access and Choice

You may correct, update, amend, or request access to or deletion of your information by emailing our Customer Support at  or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your access request within 30 days.

If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Tracking Technologies / Cookies

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on our website. However, we do not link the information we store in cookies to any personally identifiable information you submit while on our website.

We use both session ID cookies and persistent cookies. A session ID cookie expires and is automatically deleted when you close your browser. When the user logs in to the website a new session cookie will be generated, which will store the user’s browsing information and will be active until the user leaves the website and closes the browser.

When the user restarts the browser and goes back to the website that had created the cookie, the website will not recognize the user. The user will have to log back in (if login is required). A session cookie tracks visitor behavior from page to page so the visitors don’t get asked repeatedly for the same information they had already given to the website. Session cookies allow users to proceed through many pages of a website quickly and easily without having to authenticate or reprocess each new area they visit. We are not using the information stored in session cookies for any other purpose nor are these shared with third party tools or websites.

A persistent cookie remains on your hard drive for an extended period of time. These files stay in one of the browser’s subfolders until these are deleted manually or the browser deletes them based on the duration period specified within the persistent cookie. Persistent cookies help websites remember user information and settings when they visit them in the future. This results in faster and more convenient browsing during subsequent visits. Some of the features made possible by persistent cookies include: language selection, theme selection, menu preferences, and internal site bookmarks or favorites, among many others. We are not using the information stored in persistent cookies for any other purpose nor are these shared with third party tools or websites. You can remove persistent cookies by following directions provided in your Internet browser’s “help” menu. If you configure your Internet browser to reject cookies, you may still use our website, but your ability to use some areas of our website will be limited.

Web Beacons / GIFs

Third party tracking technologies on our website may employ a software technology called clear GIFs (a.k.a. web beacons) that help us better manage content on our website by informing us what content is effective. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of website users. In contrast to cookies, which are stored on a user’s computer hard drive, clear GIFs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. We are using analytics programs such as Google® Analytics, Hubspot and PardotTM. We do not tie the information gathered by clear GIFs to our visitors’ personally identifiable information, except for IP address. This information is used only for analytical purpose.

Analytics / Log Files

As is true of most websites, we gather certain information automatically through analytics programs such as Google Analytics, Hubspot and Pardot, and store it in log files. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users beyond their IP address, to analyze trends, to administer the website, to track users’ movements around the website and to gather demographic information about our user base as a whole.

Third Party Tracking

The use of tracking technologies by our service providers, technology partners or other third party assets (such as Google Analytics, Hubspot and Pardot) on the website is not covered by our privacy policy. These third parties may use cookies, clear GIFs, images, and scripts to help them better manage their content on our website. We do not have access or control over these technologies. We do not tie the information gathered to our customers’ or users’ personally identifiable information.

Behavioral Targeting / Re-Targeting

We may partner with a third-party ad network to display advertising on our website and to manage our advertising on other websites.  Our ad network partner uses cookies and web beacons to collect non-personally identifiable information (except potentially IP address) about your activities on this and other websites to provide you targeted advertising based upon your interests.  If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by contacting us. Please note, this does not opt you out of being served advertising. You will continue to receive generic ads.


The security of your personal information is important to us. UMS has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction. UMS maintains the international Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirement.”

Organizations can choose to comply with this information security management system that contains managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected and with the nature of our business. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.

Additional Information

Links to Third Party Websites

UMS may provide links to Internet websites maintained by others. UMS is not responsible for the contents of, or any products or services offered in, those third party websites. You should be aware when you are leaving UMS’s website and be sure to read the privacy statements of each and every website that collects personally identifiable information. Any links provided by UMS to any third party website are provided to you as a convenience only. You should not infer that UMS endorses or accepts responsibility for non-UMS websites by the inclusion of any such links to those websites.

Blog / Forum

Our website may make message boards, forums, chat rooms, and/or news groups available to its users. Please understand that any information disclosed in these areas becomes public information. These areas shall be used in a noncommercial manner only. Except where expressly authorized by UMS, you agree not to store or collect data about other users on our website.

Social Media Widgets

Our website may include social media features, such as the Facebook® like button, links to our social media pages and widgets, such as the AddThis® button or interactive mini-programs that run on our website. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing it.

Changes to This Policy

We may update this privacy policy to reflect changes to our privacy practices. If we make any material changes we may notify you by email (sent to the email address specified in your account) or by means of a notice on our website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

General Inquiries:

You can reach UMS through postal mail, phone or fax

Attn: UMS Privacy Officer
Unified Medical Systems, Inc.
1320 Tower Road
Schaumburg, Illinois 60173
United States
tel: +1-833-722-8664
fax: +1-833-722-8664

In case of any grievance, please email Grievances shall be redressed as expeditiously as possible, within 30 days of receipt.

If a privacy complaint or dispute cannot be resolved through UMS’s internal process, UMS has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure for EU- U.S. and Swiss-U.S. Privacy Shield disputes. To file a complaint with the Procedure, please submit the required information to VeraSafe here:

UMS regularly reviews its compliance with this privacy policy. When we receive formal written complaints, it is UMS’s policy to contact the complainant regarding his or her concerns. UMS will cooperate with the appropriate regulatory authorities, including local data protection authorities, in their investigation of any complaints regarding the processing of personal data that cannot be resolved between UMS and an individual.