Privacy Policy

Last Updated: December 3rd, 2025

This Privacy Policy explains how Masonry Health (“we,” “us,” or “our”) collects, uses, shares, and protects information when you visit our website, communicate with us, or engage us for consulting services. We wrote this policy to be both clear and comprehensive—plain English where possible, combined with the structure and protections found in formal legal policies.

 

1. Who We Are

Masonry Health is a healthcare consulting firm focused on helping employers analyze and optimize their health plans. We are not a healthcare provider, insurance company, broker, or third-party administrator. Under HIPAA, we are generally not a Covered Entity; however, when necessary, we may act as a Business Associate under a written Business Associate Agreement (BAA) for engagements involving Protected Health Information (PHI).

 

2. Information We Collect

We collect information in several ways:

  • **Information You Provide Directly:** includes contact information (name, email, phone), employer or business details, uploaded files, and any information shared during consulting engagements.
  • **Client Data and Files:** including eligibility files, pharmacy data, medical claims data, financial data, and plan documents. This information is provided voluntarily under a contractual relationship.
  • **Website and Technical Data:** such as IP address, browser type, pages viewed, time spent on the site, and cookies used for analytics.
  • **Communication Data:** including emails, meeting notes, messages, and other correspondence.

 

3. How We Use Information

We use the information we collect for legitimate business purposes, including:

  • Delivering consulting and analytical services
  • Conducting health plan cost analysis (medical, pharmacy, and administrative)
  • Creating benchmarking, repricing, and reporting outputs
  • Communicating with clients and responding to inquiries
  • Maintaining the security and functionality of our website and internal systems
  • Complying with legal, regulatory, or contractual obligations
  • Improving our services and customer experience

 

4. Legal Basis for Processing (If Applicable)

For visitors from jurisdictions that require a legal basis for data processing (such as the EU/EEA), our legal bases may include: contract performance, legitimate interests, compliance with legal obligations, and, where required, consent.

 

5. Data Protection & Security

We use industry-standard administrative, technical, and physical safeguards to protect information, including:

  • Secure, access-controlled cloud storage
  • Encryption in transit and at rest
  • Least-privilege access practices
  • Vendor and system compliance reviews
  • Signed BAAs with vendors when appropriate

Although no system can guarantee perfect security, we take reasonable steps to safeguard the information entrusted to us.

 

6. Sharing of Information

We do not sell, rent, or trade personal information. We may share information with:

  • **Trusted service providers** who help operate our business (e.g., secure cloud storage, analytics platforms)
  • **Client-authorized partners or vendors** when necessary for a specific engagement
  • **Regulatory or legal authorities**, if required by law

All third parties are required to adhere to strict confidentiality obligations.

 

7. Data Retention

We retain information only as long as necessary for the purposes described in this policy, for the duration of a client engagement, or as required by law. Clients may request deletion or return of their files, subject to applicable legal and contractual restrictions.

 

8. Your Rights and Choices

Depending on your location, you may have rights to:

  • Access the information we hold about you
  • Request corrections or updates
  • Request deletion of certain data
  • Opt out of non-essential cookies

We will respond to such requests consistent with applicable law.

 

9. Cookies and Tracking Technologies

We may use cookies, analytics, and similar tools to understand site usage and improve website performance. These do not collect PHI or sensitive data.

 

10. Third-Party Links

Our website may contain links to external sites. We are not responsible for their privacy practices or content.

 

11. Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect information from them.

 

12. Changes to This Policy

We may update this Privacy Policy periodically. The updated version will be posted on our website with a new “Last Updated” date.

 

13. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact us:

Masonry Health
Email: info@masonryhealth.com




x

Packages

About Us

SCHEDULE A CONSULTATION

Contact Us!

Call us: (512) 262-9711

letstalk@masonryhealth.com