Legal

Privacy Policy

Effective date: May 14, 2026  ·  Last updated: May 14, 2026

Acuity Systems is a managed care technology platform operated by Atlas Managed Care, Inc. ("Atlas," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, request information, or interact with our services, including voice and SMS communications.

We take privacy seriously because the work managed care does depends on it. Where we handle Protected Health Information (PHI) on behalf of a covered entity, we do so as a Business Associate under HIPAA, and the terms of the applicable Business Associate Agreement (BAA) govern that handling. This Privacy Policy applies to information we collect from website visitors, prospective customers, claimants, injured workers, providers, employers, and other individuals who interact with Atlas or Acuity Systems.

Quick reference for SMS and voice communications. If you exchange text messages or phone calls with Acuity Systems, see the section below titled SMS, voice, and recorded communications. We do not share your mobile phone number or message content with third parties for marketing purposes, and we never sell your information. Message and data rates may apply. Reply STOP to opt out of SMS at any time.

1. Information we collect

1.1 Information you provide

  • Contact information: name, employer, email address, phone number, mailing address.
  • Case and claim information: when you are referred to Atlas as a claimant, injured worker, provider, or employer representative, we receive information necessary to triage, route, and coordinate your case (claim number, date of injury, employer, treating providers, scheduling preferences).
  • Protected Health Information (PHI): in our role as a Business Associate, we receive PHI from covered entities to perform managed care services. PHI is handled under the applicable BAA and not for our own purposes.
  • Communications content: the content of emails, web forms, phone calls, and SMS messages you exchange with us.
  • Consent records: the timestamp, channel, and language used when you grant consent for SMS, recorded calls, or other communications.

1.2 Information collected automatically

  • Website analytics: pages visited, referring URL, approximate location (city / region from IP), device type, browser, and timestamps.
  • Cookies and similar technologies: small files that help the site function and let us measure traffic. You can disable cookies in your browser; the marketing site will still load.
  • Edge logs: our content delivery network (Cloudflare) logs requests for security and abuse prevention.

1.3 Information from third parties

  • Referring covered entities: employers, payers, and providers may send us information needed to perform requested services.
  • Service providers: infrastructure, communications, and analytics providers send us operational data (call records, message delivery receipts, error logs).

2. How we use information

  • To deliver the managed care services requested by the referring entity (intake, triage, clinical review, scheduling, follow-up).
  • To communicate with you about an active case, an inquiry, a demo request, or a customer relationship.
  • To send transactional SMS messages and place phone calls related to an active case or service relationship (see SMS, voice, and recorded communications).
  • To operate, secure, and improve our platform.
  • To comply with legal, regulatory, and accreditation obligations (including HIPAA, the California Confidentiality of Medical Information Act, California Labor Code provisions governing workers' compensation managed care, URAC accreditation standards, and applicable state privacy laws).

We do not sell personal information, and we do not share personal information with third parties for cross-context behavioral advertising.

3. SMS, voice, and recorded communications

Acuity Systems uses SMS and phone calls to support active managed care cases (triage, intake, clinical follow-up, scheduling) and to respond to inbound inquiries from prospective customers. The following terms apply to all such communications.

3.1 Consent

We send SMS messages only after you provide affirmative consent. Consent is captured in one of these ways:

  • You provide your mobile number in a web form on a page that discloses the SMS purpose and frequency, and you check a consent box (web opt-in).
  • You verbally agree to receive SMS messages during a recorded phone call with an Acuity Systems agent, after being told the purpose, the sender identity, message frequency, that message and data rates may apply, and how to opt out.
  • A covered entity who has obtained your consent forwards your contact information to us under a BAA for the purpose of contacting you about your active case.

We do not share, sell, rent, or transfer mobile phone numbers, SMS opt-in records, or SMS message content to any third party or affiliate for marketing, promotional, or lead-generation purposes. SMS consent is not transferred between programs. Service providers acting on our behalf (for example, our SMS carrier) receive only what they need to deliver the message and are bound by confidentiality and data-protection terms.

3.2 Message types and frequency

  • Case-related transactional messages (appointment reminders, intake confirmations, document requests, clinical follow-up): variable frequency tied to the case, typically 0–10 messages per case.
  • Account-related messages (verification codes, account notices): as needed.
  • Sales and demo follow-ups: only after you submit an inquiry; typically 1–3 messages.

We do not send promotional or marketing SMS to individuals who have not specifically opted in for that purpose. Message and data rates may apply. Message frequency varies.

3.3 Opt out and help

You can opt out of SMS at any time by replying STOP to any message we send. You will receive a single confirmation that you have been unsubscribed, and we will not send further SMS to that number. Reply HELP for assistance, or contact privacy@atlasmanagedcare.com.

3.4 Call recording

Phone calls with Acuity Systems may be recorded for quality assurance, training, accreditation, and regulatory compliance. Where required by law (California is a two-party consent state), you will be informed at the start of the call that the call is being recorded and given the opportunity to decline. If you decline recording, we will work with you through a non-recorded channel. Recordings are retained under the schedule described in Section 5.

3.5 AI-assisted communications

Some calls and messages are placed by an AI voice agent operating on behalf of Acuity Systems. When you interact with an AI agent, the agent identifies itself as an AI representative of Acuity Systems and offers escalation to a human at your request. AI agents follow the same consent, recording, and opt-out terms as human agents.

4. How we share information

We share information only as needed to deliver our services or as required by law:

  • Covered entities and their authorized agents (employer, payer, insurer, treating provider) involved in your case, consistent with the applicable BAA.
  • Service providers who operate infrastructure, communications, or analytics on our behalf under written contracts that restrict use to delivering our services. Categories include cloud hosting, database, telephony and SMS, AI voice and language model providers, email delivery, error monitoring, and accreditation tooling.
  • Legal and regulatory authorities when compelled by valid legal process, or where reasonably necessary to protect rights, safety, or property.
  • Business transfers: if Atlas is acquired or merges with another entity, information may transfer to the successor under terms at least as protective as this Policy.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not share PHI outside the terms of the applicable BAA.

5. Retention

We retain information for as long as needed to deliver our services and meet legal, regulatory, and accreditation obligations:

  • Case and PHI records: retained per the BAA with the referring covered entity, and at minimum for the period required by HIPAA, California Labor Code, and URAC accreditation (generally seven years from case closure, longer if a minor or open dispute).
  • Call recordings and SMS logs: retained for at least the period required by URAC and applicable state regulations; deleted on a defined schedule when no longer required.
  • Marketing inquiry records: retained while the relationship is active and for a reasonable time after, then deleted.
  • Web analytics and edge logs: retained on a rolling basis (typically 30–90 days).

6. Security

We use technical, administrative, and physical safeguards designed to protect information, including encryption in transit and at rest, role-based access controls, audit logging, MFA on administrative accounts, network segmentation, and regular vulnerability management. We hold a HIPAA Business Associate Agreement with our cloud infrastructure provider, and we require BAAs from any subcontractor who may receive PHI. No system can be guaranteed perfectly secure; if a breach affects your information, we will notify you and the relevant authorities as required by HIPAA, state breach laws, and our BAA obligations.

7. Your rights

Depending on where you live and the role you play in our services, you may have rights regarding your information.

7.1 California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect, the purposes for which it is used, and the categories of third parties with whom it is shared.
  • Request access to and a copy of the personal information we hold about you.
  • Request correction of inaccurate personal information.
  • Request deletion of personal information, subject to legal exceptions (HIPAA-regulated PHI and workers' compensation records are generally exempt).
  • Opt out of any sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
  • Limit use of sensitive personal information.
  • Non-discrimination for exercising any of these rights.

To exercise a California right, email privacy@atlasmanagedcare.com with the subject line "California privacy request." We will verify your identity before responding and reply within 45 days (with one 45-day extension where allowed).

7.2 Individuals with PHI in our systems

If your PHI is held by Acuity Systems as a Business Associate, your rights to access, amend, request restrictions, request accounting of disclosures, and request confidential communications run through the covered entity that referred you. We will work with that covered entity to fulfill your request.

7.3 SMS-specific rights

You may opt out of SMS at any time by replying STOP. You may also email privacy@atlasmanagedcare.com to request removal of your number from all SMS lists.

8. Children

Our services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 outside the case-management context. Where minors are involved in a workers' compensation or other managed care case, we receive only the information needed from the covered entity to perform the requested service.

9. International users

Acuity Systems is operated from and for the United States. Information is processed and stored on infrastructure located in the United States. If you access the site from outside the United States, you do so on your own initiative and are responsible for compliance with local law.

10. Third-party links

The website may link to third-party sites we do not control. This Policy does not apply to third-party sites. Review the privacy policies of any third-party site you visit.

11. Changes to this Policy

We may update this Policy from time to time. When we do, we will update the "Last updated" date at the top of the page. Material changes will be highlighted on the site or communicated through other reasonable means. Your continued use of the site or our services after an update constitutes acceptance of the updated Policy.

12. Contact us

For privacy questions, requests, or complaints, contact our Privacy Officer:

Atlas Managed Care, Inc.
Attn: Privacy Officer
3400 Cottage Way, Suite G2 #34605
Sacramento, CA 95825
Email: privacy@atlasmanagedcare.com

If you believe we have not addressed a privacy concern adequately, you may also contact the California Attorney General (oag.ca.gov/privacy) or the U.S. Department of Health and Human Services Office for Civil Rights (hhs.gov/ocr) regarding HIPAA-related concerns.