Acceptable Use Policy

Effective Date: April 23, 2025

1. Purpose and Scope

This Acceptable Use Policy ("AUP") governs all access to and use of the HealthLink Secure platform (the "Platform") operated by Informed + Choice, LLC ("we," "our," or "us"). The Platform enables authorized users to access Medicare beneficiary data and other health‑related information, and provides supplemental tools such as chatbots, appointment‑scheduling modules, and customizable agent websites.

The AUP applies to every individual or entity that accesses or uses any portion of the Platform, including but not limited to:

  • Licensed Insurance Agents and brokers;
  • Clinicians and Other Health‑Care Professionals (e.g., physicians, nurses, care coordinators);
  • Authorized Staff of Health‑Care Organizations (e.g., administrators of Accountable Care Organizations, physician groups, or federally qualified health centers); and
  • Any other person granted access to the Platform or its data.

This AUP supplements—but does not replace—your independent legal and professional obligations, including those under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the CMS Blue Button 2.0 Terms of Service, state licensing laws, and Centers for Medicare & Medicaid Services ("CMS") marketing regulations.

2. Definitions

  • PHI means "protected health information" as defined by HIPAA.
  • Beneficiary Authorization means a documented, active consent or authorization by a Medicare beneficiary permitting the Platform to retrieve, store, and share that beneficiary's data with designated users.
  • User ("you") means any natural person or legal entity that accesses or uses any component of the Platform under an issued account or API credential.

3. Eligibility and User Credentials

  1. Active Licensure or Credentials. By registering an account you represent that you hold all licenses, certifications, and credentials required to perform your role. You must notify us immediately if any licensure or credential is suspended, revoked, or expires. Continued use of the Platform without valid credentials is prohibited.
  2. Single‑User Accounts. Each account is for a single named individual. You must keep credentials confidential, may not share them with others, and may not access the Platform using another person's credentials.
  3. Verification. We may request documentary proof of licensure or authorization, and may suspend or terminate access for failure to provide proof.

4. Authorized Uses of Data and Services

  1. Permitted Purpose. You may access PHI and other data obtained through the Platform solely to serve the beneficiary (e.g., enrollment assistance, clinical treatment, care coordination) in accordance with the scope of the beneficiary's authorization and applicable law.
  2. Minimum Necessary. You must limit any use, disclosure, or request for PHI to the minimum necessary information required to accomplish the intended purpose.
  3. Chatbot & AI Tools. Chatbots and AI features are provided for convenience. They may not be relied on as the sole source of clinical or financial advice, and you must not input PHI into tools that are not identified as HIPAA‑supporting.
  4. Custom Agent Websites. When using Platform‑provided websites or landing pages, you must comply with CMS Medicare Communications and Marketing Guidelines and display all required disclaimers. Misleading or deceptive content is prohibited.
  5. Scope‑of‑Appointment (SOA) & Scheduling Tools. SOA forms must be completed and stored in accordance with CMS rules, including the 48‑hour rule where applicable. You must not manipulate scheduling tools to circumvent regulatory timing requirements.
  6. Data Retention. The Platform stores certain records (e.g., SOA PDFs, audit logs) for your convenience, but ultimate regulatory retention duties remain yours. You must export and retain any records you are legally required to maintain.

5. Prohibited Activities

You shall not:

  1. Access Data Without Authorization or in excess of beneficiary consent.
  2. Redisclose or Sell Data obtained through the Platform to any third party except as expressly permitted by law and the beneficiary's authorization.
  3. Scrape, Mine, or Bulk‑Download data using automated scripts or tools.
  4. Impersonate Any Person or Entity or misrepresent your affiliation with Medicare or the U.S. government.
  5. Introduce Malicious Code or attempt to bypass security controls, probe for vulnerabilities, or disrupt system operation.
  6. Transmit Unlawful, Harassing, or Discriminatory Content, or use the Platform to facilitate illegal activity (e.g., insurance fraud, unapproved marketing).
  7. Violate CMS Marketing Rules, including unsolicited beneficiary contact or failure to provide required disclaimers.

6. Security and Privacy Obligations

  1. Safeguards. You must implement administrative, physical, and technical safeguards consistent with HIPAA to protect PHI, including encrypted transmission and storage, secure workstations, and proper screen‑locking.
  2. Breach Notification. You must promptly report to us any Security Incident or Breach involving PHI accessed via the Platform and cooperate with required notifications under applicable law.
  3. Audit. We reserve the right to audit Platform activity logs and user conduct to verify compliance. You agree to cooperate with any audit or investigation by us, CMS, OCR, or other regulators.

7. Enforcement and Remedies

  1. Suspension or Termination. Violation of this AUP may result in suspension or permanent termination of your access, deletion of data you uploaded, and other remedial steps at our discretion.
  2. Regulatory Reporting. We may report serious violations to licensing boards, CMS, OCR, or other authorities.
  3. Indemnification. You agree to indemnify and hold us harmless from any liability, loss, or expense arising out of your violation of this AUP or applicable laws.

8. Changes to the AUP

We may amend this AUP at any time. Material changes will be communicated via email or Platform notice at least 30 days before they become effective, unless a shorter period is required to comply with law or address an urgent security concern.

9. Contact Information

Questions about this AUP may be directed to:
Informed + Choice, LLC – Compliance Department
Email: [email protected]
Phone: (714) 317‑2779

By accessing or using any part of the Platform on or after April 23, 2025, you acknowledge that you have read, understood, and agreed to be bound by the terms of this Acceptable Use Policy.