top of page
Nemesis Logo - Dark G..png

Privacy Policy

A legal disclaimer

 Privacy is important to us. This Privacy Policy outlines how Nemesis Health ("we," "us," or "our") collects, uses, protects, and shares personal information, including Protected Health Information (PHI), when providing our engineering and analytics consulting services. We are committed to safeguarding the confidentiality, integrity, and security of our customers' data and adhering to applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). This includes ensuring transparency in data usage, honoring data subject rights, and maintaining secure processing practices for personal data. 

Scope

This policy applies to: 

  • All personnel handling data under service contracts 

  • All systems used for storing or processing data 

  • All data received, hosted, or transmitted through our infrastructure 

  • All engagements with clients where health data or personal data are processed 

Responsibilities

  • Nemesis Data Protection Officer (DPO): Manages HIPAA and GDPR compliance 

  • Engineering and Analysis Teams: Execute data handling per this SOP 

  • Subprocessors: Must be contractually bound to equivalent data protections 

Information We Collect and How we USe them

 Types of Information 

We do not collect personal health data from individuals directly. All data are provided by clients under contract and used solely for the purpose of fulfilling contractual obligations, such as ETL to common data models, vocabulary mapping, advanced analytics and reporting and federated research collaboration support. 
 

For technical and usage information, we also obtain data collected through cookies, analytics tools, and similar technologies to improve user experience on our website. 
 

How We Collect Information 

  • Directly from customers during the engagement process. 

  • Through secure integrations with client systems while performing analytics and data engineering. 

  • Automatically via our website, such as Internet Protocol (IP) addresses and browsing behavior. 

How We Use Your Information 

  • To provide consulting services, including data engineering and analytics, tailored to client needs. 

  • To comply with legal obligations, including HIPAA, GDPR and other applicable healthcare regulations. 

  • To enhance service delivery and improve website functionality. 

Re-identification of Personal Health Information 

When storing or manipulating health data, Nemesis de-identifies PHI from all data storage or exchange on Nemesis infrastructure. De-identification is defined as the removal of any information that may be used to identify an individual or of relatives, employers, or household members, including: 
 

  • Names or addresses 

  • Geographic subdivisions smaller than a city, county or similar designation in the geographical area 

  • Telephone numbers 

  • Driver's license numbers 

  • Electronic mail addresses 

  • Social security numbers 

  • Medical record numbers 

  • Health plan beneficiary numbers 

  • Account numbers 

  • Web Universal Resource Locators (URLs) and IP address numbers 

  • Biometric identifiers 

  • Full face photographic images and any comparable images 

  • Nemesis also will never attempt at any re-identification of PHI from anonymized health data, irrespective who the target is or whether it is done on the request of a person contained in the data. 

Sharing of Information 

We do not sell or rent personal information. We may share data in the following circumstances: 

  • With authorized personnel within our client organizations. 

  • With third-party service providers who support our operations, subject to confidentiality agreements. 

  • As required by law or in response to lawful requests from government authorities. 

Data Protection 

Security Measures 

We take appropriate technical and organizational measures to protect your data, including: 

  • Encryption of sensitive information during transmission and storage. 

  • Regular security audits and risk assessments. 

  • Access controls ensuring data is available only to authorized personnel. 

 

Retention of Information 

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy or comply with legal obligations. 

Your Rights 

Depending on your jurisdiction, you may have the following rights: 

  • The right to access your data. 

  • The right to request corrections to inaccurate information. 

  • The right to request deletion of your data, subject to legal or contractual obligations. 

  • The right to restrict processing of your data. 

  • The right to data portability. 

 

To exercise these rights, contact us at privacy@nemesis.health

Cookies and Tracking Technologies 

Our website uses cookies and similar technologies to: 

  • Analyze website usage and performance. 

  • Provide a better user experience. 

  • Ensure website security. 

 

You can manage your cookie preferences through your browser settings. 

Changes to This Privacy Policy  

We may update this Privacy Policy periodically to reflect changes in our practices, legal obligations, or other factors. Changes will be posted on this page, and the "Effective Date" at the top will be updated accordingly. 
 

Contact Us 
 

If you have any questions or concerns about our Privacy Policy or practices, please reach out to us at: 

  • Email: privacy@nemesis.health 

  • Phone: 

  • Mailing Address: 215 Avenue B Apt 5A, New York City NY 10009, USA 

 

Thank you for trusting Nemesis Health with your data. We are dedicated to maintaining your privacy and protecting your information. 

bottom of page