Privacy Policy

Privacy Policy

Effective Date: June 24, 2026
Last Updated: June 24, 2026

Avenex Software (“Avenex,” “we,” “our,” or “us”) is committed to protecting the privacy and security of the information we collect in connection with our non-emergency medical transportation (NEMT) software platform. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the rights available to you.

This Policy applies to all users of the Avenex platform, including NEMT providers, brokers, dispatchers, drivers, and any other individuals who access our services through our website or software applications.

1. Information We Collect

We collect several categories of information depending on how you interact with our platform:

a. Account and Business Information

When you register for or use Avenex, we collect information such as your name, email address, phone number, business name, business address, National Provider Identifier (NPI), Medicaid or Medicare provider numbers, and billing credentials.

b. Trip and Transportation Data

Our platform processes trip intake data, including passenger names, pickup and drop-off addresses, appointment times, trip authorization numbers, broker-assigned trip IDs, vehicle assignment data, and driver information. This data is used to schedule, dispatch, track, and complete NEMT trips.

c. Protected Health Information (PHI)

In connection with trip coordination and billing, we may receive or process Protected Health Information as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including patient names, dates of birth, Medicaid/Medicare member IDs, diagnosis codes (ICD-10), procedure codes, and eligibility data. We handle all PHI in accordance with applicable HIPAA regulations and our Business Associate Agreements (BAAs).

d. Billing and Claims Data

Our billing engine processes electronic claims data, including CMS-1500 forms, EDI 837 transactions, remittance advice (EDI 835), prior authorization records, and ERA/EOB data. This information is used to submit claims to Medicaid, Medicare, and managed care organizations (MCOs) on your behalf.

e. Driver and Fleet Data

We collect driver license information, vehicle identification numbers (VINs), insurance documentation, driver compliance records, and GPS location data for vehicles during active trips. Location data is used exclusively for dispatch optimization and trip verification purposes.

f. Usage and Technical Data

We automatically collect log files, IP addresses, browser types, device identifiers, pages visited, session duration, and error logs when you use our platform. This data is used to maintain system performance, troubleshoot issues, and improve our services.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Avenex NEMT platform, including trip intake, scheduling, dispatch, billing, and claims management
  • To process and submit insurance and Medicaid/Medicare claims on behalf of providers
  • To verify driver compliance, vehicle eligibility, and trip completion
  • To integrate with NEMT broker platforms (e.g., Modivcare, MTM, LogistiCare) and managed care organizations
  • To generate EVV (Electronic Visit Verification) records where required by state law
  • To send operational communications, including billing alerts, compliance notifications, and system updates
  • To perform analytics that improve the platform’s scheduling efficiency and reduce claim denials
  • To comply with legal, regulatory, and contractual obligations
  • To respond to your support requests and inquiries

3. Legal Basis for Processing

We process your information based on: (a) the performance of a contract with you or your organization; (b) compliance with legal obligations, including HIPAA, state Medicaid regulations, and EVV mandates under the 21st Century Cures Act; (c) our legitimate business interests in operating and improving our platform; and (d) your consent, where applicable.

4. How We Share Your Information

We do not sell your personal information or PHI. We may share data with the following categories of parties:

  • NEMT Brokers and MCOs: To fulfill trip assignments, confirm trip completion, and process billing authorizations
  • Clearinghouses and Payers: To submit electronic claims and receive remittance data from Medicaid, Medicare, and private insurers
  • State Medicaid Programs: To report EVV data and comply with state-specific reporting mandates
  • Cloud Service Providers: We use HIPAA-compliant cloud infrastructure. All subprocessors are bound by appropriate data processing agreements
  • Professional Services: Legal, compliance, and audit firms that assist us in meeting our regulatory obligations
  • Law Enforcement / Regulators: When required by applicable law, subpoena, or court order

5. HIPAA Compliance

Avenex functions as a Business Associate (BA) under HIPAA when processing PHI on behalf of Covered Entities (NEMT providers and healthcare organizations). We maintain a comprehensive HIPAA compliance program that includes:

  • Execution of Business Associate Agreements (BAAs) with all Covered Entities using our platform
  • Administrative, physical, and technical safeguards as required by the HIPAA Security Rule
  • Breach notification procedures in compliance with the HIPAA Breach Notification Rule
  • Regular workforce training on privacy and security obligations
  • Minimum necessary standard for access to and use of PHI

6. Data Retention

We retain personal information and PHI for as long as necessary to fulfill the purposes described in this Policy and to comply with applicable law. Trip records, billing data, and claims information are retained for a minimum of seven (7) years in accordance with Medicaid recordkeeping requirements. Driver compliance records and EVV data are retained in accordance with state-specific mandates. Account data is retained for the duration of your contract plus six (6) years thereafter unless a shorter retention period is required or permitted by law.

7. Data Security

We implement industry-standard security measures to protect your data, including AES-256 encryption at rest and TLS 1.2+ in transit, role-based access controls (RBAC), multi-factor authentication (MFA), audit logging of all data access and modifications, intrusion detection and monitoring, and regular third-party security assessments. Despite these measures, no system is perfectly secure. We encourage you to protect your account credentials and notify us immediately at info@avenexsoftware.com if you suspect unauthorized access.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request transfer of your data in a machine-readable format
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Objection: Object to processing based on legitimate interests

For PHI access rights under HIPAA, please direct requests to your healthcare provider (the Covered Entity). To exercise any of the rights above, contact us at info@avenexsoftware.com.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to maintain session state, analyze usage patterns, and improve functionality. You can control cookie preferences through your browser settings. We do not use advertising cookies or sell browsing data to third parties.

10. Third-Party Links and Integrations

Our platform integrates with third-party broker portals, clearinghouses, and mapping services. This Policy does not apply to third-party services, and we encourage you to review their respective privacy policies.

11. Children’s Privacy

Our platform is designed for use by healthcare and transportation businesses. We do not knowingly collect personal information from children under the age of 13. Patient information related to pediatric trips is processed solely as part of authorized NEMT service delivery.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify current users of material changes by email or through an in-platform notice at least 30 days before the changes take effect. Continued use of our platform after the effective date constitutes acceptance of the revised Policy.

13. Contact Us

If you have questions about this Privacy Policy, your rights, or our data practices, please contact us:

Avenex Software
Privacy & Compliance Team
Email: info@avenexsoftware.com
Phone: +1 (470) 800-0170
Hours: Monday–Friday, 8:00 AM – 5:00 PM ET