Novari adheres to rigid privacy policies to ensure personal health information is protected. This policy helps to ensure the following: that Novari staff are aware of the purposes for which PHI is collected and trained on their legal obligations to protect PHI; that third parties acting on our behalf are contractually obligated to protect PHI to the same standard that they protect their own information; that staff is tasked with monitoring security on a scheduled basis to detect any possible breaches; and that any security incident is reported to the affected health information custodian, should they occur. Novari has a privacy officer and chief information security officer responsible for managing compliance with privacy requirements. They implement best practice as it relates to privacy software features and requirements. PHI is not used or disclosed for purposes other than those for which it was collected. PHI is retained only as long as necessary for the fulfillment of the purposes stated above or as required by law.