Privacy Policy

🔐 Nexus Disability EMR

 

 

 

Privacy Policy

 

 

Effective Date: February 27, 2026

Last Updated: February 27, 2026

 

 

 

 

1. Introduction

 

 

Norman Solutions LLC (“Company,” “we,” “us,” or “our”) operates Nexus Disability EMR (“Nexus” or the “Service”), a cloud-based electronic medical record platform designed for Social Security Administration (SSA) Consultative Examination (CE) providers.

 

We are committed to protecting the privacy, confidentiality, and security of personal information entrusted to us.

 

This Privacy Policy explains:

 

  • What information we collect
  • How we use it
  • When we share it
  • How we protect it
  • Your rights regarding your information

 

 

This Policy applies to:

 

  • The Nexus EMR web platform
  • www.nexusemr.com
  • The Nexus Disability EMR Chrome Extension
  • Any related services or integrations

 

 

 

 

 

2. Important HIPAA Notice

 

 

Nexus Disability EMR is designed to support healthcare providers who may handle Protected Health Information (PHI).

 

When Nexus processes PHI on behalf of covered entities, we act as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and enter into a Business Associate Agreement (BAA) where required.

 

PHI is governed by:

 

  • HIPAA
  • Applicable state medical privacy laws

 

 

This Privacy Policy does not override obligations under an executed Business Associate Agreement.

 

 

 

 

3. Information We Collect

 

 

We collect information in three categories:

 

 

 

 

A. Account & Business Information

 

 

  • Name
  • Email address
  • Business name
  • Phone number
  • Billing address
  • User role within Nexus

 

 

 

 

 

B. Payment Information

 

 

Payments for Nexus subscriptions are processed by third-party payment processors:

 

  • Stripe
  • GoCardless

 

 

We do not store full bank account numbers or full credit card details on our servers.

 

Payment processors handle financial data in accordance with:

 

  • PCI-DSS standards
  • Their respective privacy policies

 

 

 

 

 

C. Usage & Technical Data

 

 

  • IP address
  • Browser type
  • Device identifiers
  • Login timestamps
  • System logs
  • Feature usage metrics

 

 

This data is used for:

 

  • Security monitoring
  • Performance optimization
  • Fraud detection
  • System improvement

 

 

 

 

 

D. Chrome Extension Data

 

 

The Nexus Disability EMR Chrome Extension:

 

  • Reads SSA ERE appointment data only when initiated by the user
  • Transmits only user-selected appointment data to Nexus
  • Does not monitor browsing history
  • Does not sell or share data
  • Stores authentication tokens locally in the browser

 

 

The Extension complies with Google Chrome Web Store Limited Use requirements.

 

 

 

 

4. How We Use Information

 

 

We use information to:

 

  • Provide and maintain Nexus
  • Authenticate users
  • Process payments
  • Provide customer support
  • Improve platform functionality
  • Ensure system security
  • Comply with legal obligations
  • Support AI-assisted documentation features (when enabled)

 

 

We do not use PHI for marketing purposes.

 

 

 

 

5. AI & Automation Disclosure

 

 

If AI-assisted features are enabled:

 

  • AI tools may process user-entered text to generate summaries or documentation drafts.
  • We configure AI services to operate in a secure, privacy-oriented manner.
  • PHI is not used to train public AI models.
  • AI outputs require user review before clinical use.

 

 

 

 

 

6. How We Share Information

 

 

We do not sell personal information.

 

We may share information only with:

 

 

A. Service Providers

 

 

  • Cloud hosting providers
  • Email service providers
  • Payment processors (Stripe and GoCardless)
  • Security monitoring vendors

 

 

All service providers are contractually obligated to protect data.

 

 

B. Legal Compliance

 

 

We may disclose information:

 

  • To comply with law
  • In response to subpoenas or court orders
  • To protect rights and security

 

 

 

C. Business Transfers

 

 

In the event of merger or acquisition, data may transfer subject to confidentiality obligations.

 

 

 

 

7. Data Security

 

 

We implement administrative, technical, and physical safeguards including:

 

  • TLS encryption in transit
  • Encrypted storage where applicable
  • Role-based access controls
  • Audit logging
  • Authentication protections
  • Infrastructure hosted in secure U.S. data centers

 

 

While no system is 100% secure, we maintain industry-aligned security practices.

 

 

 

 

8. Data Retention

 

 

We retain:

 

  • Account data for the duration of service
  • Billing records as required by law
  • Usage logs for security monitoring
  • PHI according to customer agreements and healthcare retention requirements

 

 

Data may be deleted upon written request, subject to legal obligations.

 

 

 

 

9. Your Privacy Rights

 

 

Depending on your jurisdiction (including California under CCPA/CPRA), you may have rights to:

 

  • Access your personal information
  • Correct inaccurate information
  • Request deletion
  • Limit use of sensitive personal information
  • Opt out of certain data sharing

 

 

We do not sell personal information.

 

To exercise rights:

rich@nexusemr.com

 

We will respond within required legal timeframes.

 

 

 

 

10. Children’s Privacy

 

 

Nexus is intended for licensed professionals and business users.

We do not knowingly collect information from individuals under 13.

 

 

 

 

11. International Transfers

 

 

Nexus primarily operates in the United States.

Where third-party providers process data outside the U.S., appropriate safeguards are implemented.

 

 

 

 

12. Updates to This Policy

 

 

We may update this Privacy Policy periodically.

Material changes will be posted on our website with an updated effective date.

 

 

 

 

13. Contact Information

 

 

Norman Solutions LLC

349 Bentley Street

Oviedo, Florida 32765

 

Email: support@nexusemr.com

Website: www.nexusemr.com