Privacy Policy
Contents
Overview
Solstice Accrue ("we," "us," or "our") is committed to protecting the privacy and security of the personal and health information we process. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our accumulator bridge services.
Solstice Accrue operates as a service provider to employers, third-party administrators (TPAs), and healthcare entities. We process Protected Health Information (PHI) as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA).
Our Commitment
We process only the minimum necessary information required to provide accumulator credit services. We never sell personal or health information. We maintain HIPAA-compliant security controls at all times.
Information We Collect
Transaction Data
When processing transparent pharmacy transactions, we collect:
- Drug information (NDC, drug name, quantity, days supply)
- Transaction details (fill date, amount paid, pharmacy information)
- Patient identifiers (name, date of birth, member ID)
- Plan information (employer, group number)
Account Information
For employers and partners using our services:
- Contact information (name, email, phone)
- Organization details (company name, address)
- Billing information
- API credentials and access logs
Technical Data
We automatically collect:
- IP addresses and device information
- API request logs and timestamps
- Error logs and diagnostic data
How We Use Information
We use the information we collect to:
- Process Transactions: Validate pharmacy transactions, match members, generate EDI claims, and submit for accumulator credit
- Provide Services: Operate and maintain the Accrue platform, process requests, and provide customer support
- Generate Reports: Create savings reports, accumulator status, and analytics for employers
- Ensure Security: Detect fraud, protect against unauthorized access, and maintain system integrity
- Improve Services: Analyze usage patterns to enhance functionality and performance
- Comply with Law: Meet legal obligations and respond to lawful requests
Information Sharing
We share information only as necessary to provide our services:
| Recipient | Purpose | Data Shared |
|---|---|---|
| TPAs / Carriers | Accumulator credit processing | EDI claims with transaction details |
| Employers | Reporting and administration | Aggregated and member-level reports |
| Clearinghouses | Claim submission | EDI transaction data |
| Service Providers | Infrastructure and operations | As needed under BAA |
We do not sell, rent, or trade personal or health information. We do not share information for marketing purposes.
HIPAA Compliance
Solstice Accrue operates as a Business Associate under HIPAA. We maintain comprehensive safeguards to protect Protected Health Information (PHI):
Administrative Safeguards
- Designated Privacy and Security Officers
- Workforce training on HIPAA requirements
- Written policies and procedures
- Business Associate Agreements with all partners
- Regular risk assessments
Physical Safeguards
- Secure data center facilities (SOC 2 Type II certified)
- Access controls and monitoring
- Workstation security policies
Technical Safeguards
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Unique user identification and authentication
- Automatic session timeouts
- Audit logging of all PHI access
- Integrity controls and transmission security
Business Associate Agreements
We execute Business Associate Agreements (BAAs) with all covered entities and subcontractors who access PHI. Contact us at [email protected] to request a BAA.
Data Security
We implement industry-leading security measures to protect your information:
- Encryption: All data encrypted at rest using AES-256 and in transit using TLS 1.3
- Access Control: Role-based access with principle of least privilege
- Monitoring: 24/7 security monitoring and intrusion detection
- Audit Logging: Immutable logs of all data access and system changes
- Incident Response: Documented procedures for security incident handling
- Penetration Testing: Regular third-party security assessments
Data Retention
We retain information for the minimum period necessary to provide services and comply with legal obligations:
| Data Type | Retention Period | Reason |
|---|---|---|
| Transaction Records | 7 years | HIPAA / ERISA compliance |
| EDI Claims | 7 years | Audit trail requirements |
| Accumulator Data | Plan year + 2 years | Dispute resolution |
| Audit Logs | 7 years | HIPAA requirements |
| Account Data | Duration of relationship + 3 years | Business records |
Upon request, we will delete or de-identify information that is no longer required, subject to legal retention requirements.
Your Rights
HIPAA Rights
Individuals have rights under HIPAA regarding their PHI, including:
- Access: Request access to your PHI
- Amendment: Request correction of inaccurate PHI
- Accounting: Receive an accounting of disclosures
- Restriction: Request restrictions on certain uses
- Confidential Communications: Request alternative communication methods
Note: As a Business Associate, many of these requests should be directed to your employer or health plan (the Covered Entity). We will assist Covered Entities in responding to individual requests.
California Privacy Rights
California residents have additional rights under the CCPA/CPRA, including:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (we do not sell personal information)
- Right to non-discrimination for exercising rights
Exercising Your Rights
To exercise any of these rights, contact us at:
- Email: [email protected]
- Mail: Solstice Quantum Computing, Attn: Privacy Officer
We will respond to verified requests within 30 days (or as required by applicable law).
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Effective Date." For significant changes affecting how we use PHI, we will provide notice to our partners and, where required, obtain consent.
Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Privacy Inquiries
Email: [email protected]
Website: solsticeaccrue.com
Solstice Quantum Computing
A Solstice Accrue Division
For HIPAA-related complaints, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights.