Our Story
Our YoutUbe
Our Blog
COntact Us
Our Free tools

Privacy Policy

Introduction

This Privacy Policy describes how CareKate, LLC d/b/a CareKate Analytics (“we,” “our,” or “us”), a Limited Liability Company formed and operating in Illinois, collects, uses, and discloses information when you use our websites. This policy applies to all websites and digital properties owned and operated by CareKate Analytics, including but not limited to carekate.com, carekateanalytics.com, and our suite of risk assessment tools at *.carekateanalytics.com subdomains (such as hfrisk.carekateanalytics.com, pnrisk.carekateanalytics.com, psirisk.carekateanalytics.com, icd10chat.carekateanalytics.com, pocketcard.carekateanalytics.com, and others) (collectively referred to as the “Sites”).

CareKate Analytics specializes in healthcare quality rating and ranking improvement consulting and provides online tools, resources, and information related to healthcare quality metrics.

Information We Collect

Information You Provide to Us

  • Contact Information: When you fill out contact forms on our Sites, we may collect your name, email address, organization name, and any messages you submit.
  • Tool Usage Data: When using our risk assessment applications (including Heart Failure Risk and other clinical tools), data you enter is processed during your session but is not stored by us after your session ends. For batch processing features, CSV files you upload are processed in memory only and are regularly purged.

Information Collected Automatically

  • Usage Data: We collect information about how you interact with our Sites, including pages visited, time spent on pages, and other browsing actions.
  • Cookies and Similar Technologies: We use cookies to remember your preferences and improve your experience. For example, our Heart Failure Risk application uses cookies to remember your preferences about viewing certain warnings and disclaimers.
  • Analytics Data: We use Google Analytics to collect standard internet log information and details of visitor behavior patterns. This helps us understand how visitors use our Sites.

How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide customer support
  • Improve and optimize our Sites and services
  • Remember your preferences
  • Analyze usage patterns to enhance user experience
  • Send you newsletters or marketing communications if you’ve opted in (via Mailchimp)
  • Ensure the security and functionality of our Sites

Cookies

Our Sites use cookies for the following purposes:

  • Functional Cookies: To remember your preferences, such as whether to display certain warnings or disclaimers
  • Analytics Cookies: To understand how visitors interact with our Sites (via Google Analytics)

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Sites.

Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information with:

  • Service Providers: Third-party vendors who provide services on our behalf, such as Mailchimp for email newsletters, Google Analytics for website analytics, GoDaddy for hosting carekate.com, and WordPress for hosting carekateanalytics.com
  • Legal Requirements: When required by applicable law, court order, or governmental regulation
  • EMR Data: We do not share EMR data with third parties except as explicitly consented to by you and your organization, or as required by law.

Social Sharing Features

Our blog includes social media features, such as LinkedIn and Reddit sharing buttons. These features may collect information about your IP address and which page you’re visiting, and may set cookies to enable the feature to function properly. Your interactions with these features are governed by the privacy policies of the companies providing them.

Data Security

We take reasonable measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Using industry-standard encryption for data transmission
  • Maintaining secure cloud hosting environments with Google Cloud Platform (GCP) on US-based servers
  • Implementing access controls that limit data access to authorized personnel only
  • Regularly reviewing and updating our security practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Data Retention

We retain contact form submissions and related communications indefinitely to maintain our business relationships and provide ongoing support.

For our risk assessment applications and batch processing tools, data you enter is only processed during your session and is not stored by us after your session ends. Uploaded CSV files are processed in memory and regularly purged.

Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: You may request access to the personal information we hold about you
  • Correction: You may request that we correct inaccurate or incomplete information
  • Deletion: You may request that we delete your personal information
  • Restriction: You may request that we restrict the processing of your data
  • Objection: You may object to the processing of your personal information
  • Data Portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format

To exercise any of these rights, please contact us using the contact information provided at the end of this policy.

Children’s Privacy

Our Sites are not directed at children under the age of 16, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us to have it removed.

California Privacy Rights

If you are a California resident, you may have certain rights regarding your personal information under the California Consumer Privacy Act (CCPA). These rights may include the right to request access to and deletion of your personal information.

To exercise your CCPA rights, please contact us using the contact information provided at the end of this policy.

Consulting Services and PHI

Important Note: This Privacy Policy applies only to our Sites and does not cover information we process as part of our consulting services. As a healthcare quality improvement consultant, we may access and process Protected Health Information (PHI) as part of our consulting engagements. Such processing is governed by separate Business Associate Agreements (BAAs) and other contractual arrangements with our clients, not by this Privacy Policy.

EMR Integration Data Use

When you use our applications through an electronic health record (EHR) system:

How We Use Epic Data:

  • Automated quality measure risk variable analysis during your session only
  • Review of clinical information to validate quality measure performance for your organization
  • Develop insights that enable your organization to optimize quality metrics, rankings, and ratings
  • Quality improvement analytics and reporting for your organization
  • Internal operations improvement for our application and services to better serve our clients
  • We access only the minimum data necessary to provide our quality improvement services

Data Retention from EMR data:

  • Data from FHIR APIs and HL7 messages is processed in memory and not stored after your session ends
  • Audit logs: Maintained for compliance. Logs keep who accessed what type of information for a particular patient and when. A patient identification number is kept in audit logs, but no other PHI.

Data Elements Accessed:

  • Data elements include, but are not limited to, patient, encounter, and billing information
  • Patient data may include identifiers, patient demographics (age, sex, race, ethnicity, language), and acute and chronic diagnoses
  • Encounter data may include encounter type, location, providers, dates, procedures, orders, observations, and clinical notes
  • Billing information may include payer, ICD-10 diagnosis and procedure codes, present on admission status, and dates

No Secondary Uses from EMR data:

  • We will not use or sell your EMR data for unauthorized secondary uses
  • Your data will not be shared with third parties, including other healthcare organizations, without your explicit, written permission
  • We will not use your EMR clinical data for other marketing or commercial use

Your Control:

  • Before accessing any of your EMR data, our application will request your explicit consent for each type of data access. You may decline any data access request.
  • You and your organization retains all rights to your data outlined this policy
  • You may revoke access at any time by stopping application access to your EMR
  • To request audit log information or to request CareKate Analytics stops accessing your EMR, please contact us with the Contact Us information below

Notifications:

  • We will share applicable insights from your data in session or to our approved contacts in your organization 
  • In the event of a data breach involving EMR data, we will notify affected organizations and individuals as required by applicable law.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

  • Name: Thomas A. Webb, DBA
  • Title: Managing Partner
  • Email: tom@carekate.com
  • Address: 10428 S. Artesian Ave., Chicago, IL 60655
  • Phone: 708-252-3255

Last Updated: 4-24-2026