Effective Date:  April 10, 2020

This Privacy Policy relates to www.urac.org and any related or local sites, including but not limited to telemed.org and www.chqi.com. It also relates to the services provided through our portals and software services, such as AccreditNet and ParityManager™.

This Privacy Policy explains how URAC controls, processes and protects your personal information. This policy applies where we are the data controller including our social media activities on LinkedIn, Twitter, and Facebook (“our Official Social Media Accounts”); our official blogs. In other words, where we determine the means and purposes of how your personal data is processed.


This Privacy Policy is incorporated into and made part of our Terms of Use. Please read this Privacy Policy and our Terms of Use carefully. When you submit Personal Information to us, you consent to the collection, use and disclosure of your Personal Information as described in this Privacy Policy.

Key Policy Definitions:

  • “I”, “our”, “we”, or “us” refer to the business, URAC
  • “you”, “the user”, refer to the person(s) using this website or submitting data
  • Cookies mean small files stored on a user’s computer or device

This Privacy Policy does not apply to our data collection practices conducted offline. Unless we notify you, this Privacy Policy does not apply to any third-party website or service that you may access through the Services.


The Effective Date of this Privacy Policy is set forth at the top of this webpage. As business needs change, we may amend this Privacy Policy. If we materially change the way we collect, use or disclose your Personal Information, we will notify you in advance through the Services and offer you the opportunity to opt out and delete your Personal Information. The amended Privacy Policy supersedes all previous versions. Your continued use of the Services after the Effective Date constitutes your acceptance of the amended Privacy Policy. 


We collect, use and disclose Personal Information for all lawful purposes in the operation and conduct of our business. 

How We May Collect Personal Information

We and our service providers may collect Personal Information through your use of the Services, such as when you register with us, contact URAC for information on any of our programs participate in surveys and questionnaires, apply for employment, or subscribe to newsletters and blog updates. We also may collect the Personal Information that you publish or display on public areas of the Services, such as comments on one of URAC’s blogs. And public comment sfiware You make such information publicly available at your own risk. We do not control the actions of third parties that access such information.  

Through Contact with URAC.  We may obtain information about you directly from and about you in a number of ways including through conversations with someone at URAC, any interactive process with URAC and/or URAC personnel, registration and attendance at events, and/or through interactive forms on our website if you choose to provide it, as well as your activities on our website.

Through Social Media: Certain Services may link to social media platforms and plug-ins, such as Facebook. LinkedIn and Twitter (collectively, “Social Media”). When accessing the Services through a Social Media account, we may (depending on the applicable user privacy settings) automatically receive information from that Social Media platform. We may collect and use this information for the purposes described in this Privacy Policy or as described at the time the information was collected.

Through Mobile Applications: We may offer mobile applications (“Apps”) as part of the Services or at certain URAC events that we host. When we offer Apps, we may collect information about your use of and interaction with the Apps, such as operating system type, browser type, domain and other system settings, search queries, the country and time zone in which the mobile device or tablet is located, metadata and other information associated with other files stored on your device. We also may collect information about the location of the mobile device or tablet used to access the Services (“Location Data”). Location Data includes: (i) the location of the mobile device or tablet derived from GPS or WiFi use, (ii) the IP address of the mobile device or tablet or internet service used to access the Services, and (iii) other information made available by a user or others that indicates the current or prior location of the user, such as geotag information in photographs. If you do not want us to collect Location Data from your device, please delete the App or disable the location settings on your device or tablet. Note, however, that disabling the location setting may affect your ability to access and use an App.

How We May Use Personal Information

We may use Personal Information for the purposes described at the time of its collection or as described in this Privacy Policy. For example, we may use Personal Information as follows:

  • To respond to inquiries for accreditation, certification and various other URAC programs, confirm registrations, respond to your inquiries or fulfill your requests, such as providing you program information, register you for a URAC webinar or program or to email you materials you requested
  • To send you information, such as program updates and event announcements, that we think may interest you
  • To allow you to send Services-related content through the Services
  • If you contact us through the services, to keep a record of your contact information and correspondence to use when responding to you
  • To notify you about important information regarding changes to our terms, conditions and policies
  • To analyze use of the Services to help us detect problems, prevent fraud, identify usage trends and improve user experience
  • If you apply for employment with us, to process your employment application and other related activities only

How We May Use and/or Disclose Personal Information

We may disclosure your Personal Information as follows:

  • With your consent. We may disclose your Personal Information to any party for whom your consent has been provided. For example, we may disclose your Personal Information to anyone to whom you send messages through the Services. 
  • Within our corporate structure, Board of Directors, Accreditation Committees, Standards Committees, any URAC approved Committee or Advisory Board or Council and our affiliated entity. We may disclose your Personal Information within our corporate structure to conduct our business, for the purposes described in this Privacy Policy, to further URAC Standards, processes and as required by law.  
  • To our service providers. We may disclose information with third-party service providers that support our operations, through services such as registering and hosting webcast and live events, and employee recruitment.
  • In relation to a corporate transaction. We may disclose and transfer Personal Information if we are involved in an acquisition, divestiture, restructuring, reorganization, or other change of ownership or control (whether in whole or in part).
  • As we believe to be necessary and appropriate. We may also disclose Personal Information: (i) as permitted by law; (ii) if we determine that the disclosure of specific information is necessary to comply with the request of a law enforcement or regulatory agency or other legal process; (iii) to protect the legitimate rights, privacy, property, interests or safety of our company or our affiliated entity customers, business partners, URAC Committees in furtherance of our work, employees or the general public; (iv) to pursue available remedies or limit damages; (v) to enforce our Terms of Use; and (vi) to respond to an emergency.

What Data We Collect

When you use the Services, we may collect Personal Information and various types of Data. For purposes of this Privacy Policy, “personal information” means information from or about you that identifies you directly and information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.   

URAC controls any personal data that has been lawfully and voluntarily submitted electronically. We collect data that includes but is not limited to names, email addresses, business affiliations, times, dates, IP addresses, opens, clicks, geographic and demographic data.

We may collect data about your use of our website and services (“usage data“). Usage data may include IP address, location, browser type and operating system information, computer or device type, length of visit and page views, time spent navigating certain webpages or connected via mobile applications, information collected through data collection as set forth below. It may also include information about the frequency and pattern of your use of our website. We use Google Analytics and HubSpot for collecting usage data. This usage data may be processed for the purposes of analyzing the use of the website and making improvements. We will process your information for this purpose until you withdraw consent, or it is determined your consent no longer exists.

Generally, we do not consider Usage Data as Personal Information, because Usage Data by itself usually does not identify an individual. However, in some jurisdictions, Usage Data may be considered Personal Information because it can be used to make inferences about you.

We may process information contained in any inquiry you submit about our products or services (“enquiry data“). This data may be processed to market or sell relevant products or services to you. We will process your information until you withdraw consent, or it is determined your consent no longer exists.

We may process information contained in any commercial transaction you submit to buy our products or services (“ecommerce data“). This data may be processed to complete the sale of a product or service to you. We will process your information until you withdraw consent, or it is determined your consent no longer exists.

We may process your user account data (“account data“). The account data may include your name, email address and business information. The source of the account data is you or your company. The account data may be used for providing services, maintaining back-ups of databases and communicating with you. We will process your information until you withdraw consent, or it is determined your consent no longer exists.

We may process information that you submit to subscribe to email alerts and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. We will process your information until you withdraw consent, or it is determined your consent no longer exists.

URAC may collect additional data so that we can process orders, process employment applications, request voluntary information related to surveys or contests, address compliance or legal obligations and more (“miscellaneous data“). The miscellaneous data may be processed for the purposes of sending you relevant information and/or updates. We will continue to process your information until you withdraw consent, or it is determined your consent no longer exists.

URAC may collect data from third-party sources, such as social media platforms, third-party data providers and our joint marketing partners. We take steps to ensure that such third parties are legally or contractually permitted to disclose such information to us and have provided proper notification of the sharing of this data. This data may include information such as name, email address, company information, location, and click data. This data may be processed for the purposes of sending you relevant information about URAC. We will continue to process your information until you withdraw consent, or it is determined your consent no longer exists.

Please do not supply any other person’s personal data to us, unless we prompt you to do so.

URAC securely stores your data, including the above-mentioned data, for seven (7) years or until we receive a deletion request. Once this period has expired, we anonymize and remove your data from our systems.

Under no circumstances will URAC sell your personal data.


We allow the processing of payments on our site for the purchasing of select products. We do not retain, share, store or use personal data for any secondary purposes beyond filling your order. These transactions are processed via PayPal, Inc. and secured according to PCI DSS standards. We also use SendOwl for transactions.

Please read the PayPal, Inc. Privacy Statement and Terms of Service and the SendOwl Privacy Statement and Terms of Service.

Additionally, any purchases of URAC services are covered under our Terms of Use.

How We May Use and Disclose Data

We collect, use and disclose data for all lawful purposes in the operation and conduct of our business. We may use and disclose Data for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat certain types of Data as Personal Information under applicable law, we use and disclose it as described in this Policy. 

We may disclose your data to suppliers and service providers. This enables such parties to perform functions on our behalf and under our instructions. We require such parties by contract to be compliant with privacy laws and provide reasonable security and to use and process such data on our behalf only.

We also communicate with to active portal users, as well as general communications to current and prospective clients.

In addition to the disclosures of personal data set out above, we may also disclose your personal data to comply with any subpoena or court order or other legal process. We also share personal data to establish or protect our legal rights, property or safety; or the rights, property or safety of others; or to defend against legal claims.

In some instances, we may combine Usage Data with Personal Information (such as your device ID with your name). If we combine any Data with Personal Information, the combined information will be treated by us as Personal Information as long as it is combined and can be used to identify you.

We use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in this Policy.   Any email marketing messages we send are done so through an email marketing service provider (EMS). An EMS is a third-party service provider of software that allows marketers to send email marketing campaigns.

Email marketing messages we send may contain tracking beacons, tracked links or similar technologies. This is to track subscriber activity within email marketing messages. Such messages may record a range of data such as: times, dates, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations, will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with privacy laws. We provide you with an easy method to withdraw your consent via unsubscribe or manage your preferences at any time. See any marketing message for instructions on how to unsubscribe or manage your preferences.

Your Data Protection Rights

Your principal rights are:

  • the right to be informed – we must make it clear what personal data of yours is being processed, why, and who it is being passed to;
  • the right to access – you can ask for copies of your personal data;
  • the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
  • the right to erasure – you can ask us to erase your personal data;
  • the right to data portability – you can ask that we transfer your personal data to another organization or to you;
  • the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent; and
  • the right to equal services and price – you cannot be discriminated against for exercising any of these above rights.

These rights are subject to certain limitations and exceptions.

You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.


When you visit our Website or open an email, newsletters, blogs or other content that we send you, we may collect information about your usage and device by automated means or by using technologies such as cookies, web server logs, and web beacons.  We may also collect information about your usage and browsing habits using various web-based technologies, including but not limited to Cookies.  Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict or disable certain cookies. Some cookies may exist for only a single session and some are persistent for multiple sessions over time.   To learn more about cookies and web beacons, visit allaboutcookies.org.

You have a right to a copy of the personal information which we hold about you, and you have a right to have that information amended if it is inaccurate. You may contact us via email: privacy@urac.org to request your personal information from URAC.

A cookie is a file containing an identifier (a string of letters and numbers) sent by a web server to a web browser and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. We use cookies on this website to provide you with a better user experience. Some cookies are required to enjoy and use the full functionality of this website.

Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user. But personal data that we store about you may be linked to the information stored in and obtained from cookies.

You can change or withdraw cookie consent by deleting all cookies for the website. You can also change your browser settings to block cookies or to alert you when cookies are being delivered. Please refer to your browser instructions to learn more about how to adjust or change your settings at:

You can also delete cookies already stored on your computer.

Cookies Used by URAC

URAC uses Google Analytics to understand how visitors engage with urac.org. It may use a set of cookies to collect information and report website usage statistics without personally identifying individual visitors to Google. The main cookie used by Google Analytics is the ‘__ga’ cookie. Click here to learn more about Google Analytics Cookie Usage on Websites. Learn more about Google Analytics here: “How Google uses data when you use our partners’ sites or apps” (www.google.com/policies/privacy/partners/)

We also use cookies from HubSpot, Inc. and AddThis social-sharing widget, as well as Google pixels.

Cookies are not the only way to recognize or track visitors to a website. Web beacons (sometimes called “tracking pixels” or “clear gifs”) are tiny graphics files that contain a unique identifier. This identifier enables us to recognize when someone has visited our website or taken an action in relation to our website. In many instances, these technologies are reliant on cookies to function properly. As a result, declining cookies will impair their functioning. 

Data security and protection

We secure your data by using secure storage technologies and procedures in how we store, access and manage that information. Our security measures are designed to protect your information from loss, disclosure, alteration or destruction. This includes the use of Secure Sockets Layer (SSL) technology, which encrypts information you input. This protects your information and helps prevent unauthorized access.

Offline, personal data is stored within secured data servers. Although we take measures to protect your information, no system is completely secure. We cannot guarantee the complete security of information transmitted to or through the website. Any transmission is at your own risk.

In case of a data breach, system administrators will immediately take appropriate countermeasures. We will also notify affected users and local authorities.


Marketing Emails: If you do not wish to receive marketing-related emails from us, please click the unsubscribe link at the bottom of a marketing email or contact us at marketing@urac.org. 

Access Requests: You may request access to any of your Personal Information that you have previously provided to us through the Services. You may also request that we update, modify or delete your Personal Information that we have collected. Please contact us by email at privacy@urac.org.

Please note that we cannot remove or modify your Personal Information from the databases of third parties to which we have disclosed your information prior to your opt-out or access request. Please contact those third parties directly.


California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Information to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us at privacy@urac.org. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this Section.


The Services may include links to third-party websites and services that we do not operate, such as social media plug-ins. If you visit a third-party website or service via a link on the Services, you are subject to that third party’s privacy practices and policies. This Privacy Policy does not apply to any Personal Information that you provide to third-party websites or services. A link to a third-party website or service does not mean that we endorse that third party or the quality or accuracy of the information presented on its website or service.


The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than the United States. Your Personal Information are stored in the United States.   By using the Services, you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country. 

EU Residents

Under the EU Standard Contractual Clauses, individuals whose Personal Information is forwarded to URAC have legal rights in addition to the rights and options described in this Privacy Statement. URAC may enter into a separate Data Transfer Agreement.  

Additional Rights for EEA Residents

Under the conditions provided for by the General Data Protection Regulation and in addition to the rights stated above, EEA residents have the right to request the restriction of the processing of their personal information, to object to the processing of their personal information for direct marketing purposes or, where the processing is based on legitimate interest, on grounds relating to their particular situation and to receive their personal information to transmit it to another data controller.

Transfers of Personal Information from Other Countries

We will comply with applicable law regarding collection and transfer of personal information from countries that have privacy or data security laws that are inconsistent with the practices described in this Privacy Statement.


We take reasonable precautions intended to help protect the Personal Information that we collect and store; however, no system or online transmission of data is completely secure. We cannot guarantee the security of information transmitted to or through the Services. Any transmission is at your own risk. Please use security measures to protect your Personal Information.


The Services are not directed to or intended for use by minors. Consistent with the requirements of the US Children’s Online Privacy Protection Act, if we learn that we have received information directly from a child under age 13 without his or her parent or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services. Subsequently, we will make commercially reasonable efforts to delete such information.  


URAC keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on April 10, 2020.


This website is owned and operated by URAC. Our principal place of business is at 1220 L Street NW, Suite 900, Washington, DC 20005. You may contact us the following ways: