Antelope Privacy Policy and Email Communications Notice

Overview

Antelope is a HIPAA-compliant technology platform that facilitates the administration of CAHPS surveys (e.g., OAS-CAHPS, HCAHPS, etc.) and related patient communication services on behalf of healthcare providers and organizations across the United States. Our services are governed by strict regulatory, security, and privacy standards to protect the confidentiality, integrity, and availability of Protected Health Information (PHI).

We act as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and have executed Business Associate Agreements (BAAs) with each healthcare organization (Covered Entity) we serve.

Our Role as a Business Associate

Antelope performs survey distribution and patient communication functions solely on behalf of the provider or healthcare organization (Covered Entity) that you visited. In accordance with our Business Associate Agreements:

• We collect, process, store, and transmit patient information only for purposes permitted under HIPAA, such as healthcare operations and quality assurance.

• We do not sell, share, or disclose PHI to third parties except as required by law or as authorized by the Covered Entity.

• All communications are sent under the provider’s direction, not Antelope’s.

If you received a message from Antelope, it was because your provider designated us as an authorized survey or communication service partner.

Email Classification: Why Our Emails Are Not Marketing

Emails sent by Antelope are classified as transactional or healthcare operations communications, not marketing, because they:

• Are tied to a specific clinical encounter (e.g., a procedure or outpatient visit).

• Relate directly to a mandated patient experience survey (e.g., OAS-CAHPS) or patient education content relevant to your treatment.

• Contain no advertising or promotional content.

• Are sent only after you received services from a provider with whom we have a BAA.

Examples include:

• Invitations to complete a CAHPS survey.

• Reminders or follow-ups regarding survey completion.

• Educational messages to help you understand your care or recovery process.

These communications are permitted under HIPAA without requiring separate patient authorization, as they are part of healthcare operations or treatment support initiated by your provider.

Inquiries and Requests

If you have questions about:

• Why you received a message,

• The content of a survey or email,

• Your healthcare records or preferences,

Please contact the healthcare organization or facility where you received care. Antelope does not make decisions about which patients are contacted, nor do we retain ownership of the data. We operate solely under the direction of the Covered Entity.

If you wish to opt out of future communications, we will honor such requests in accordance with the policies of the provider we serve and applicable HIPAA and CMS guidelines.

Data Protection

Antelope uses industry-standard encryption, access controls, audit logging, and secure infrastructure (e.g., AWS with BAA) to protect your information. All PHI is encrypted at rest and in transit. Access is limited to only those personnel required to fulfill our responsibilities as a Business Associate.