Skip to main content
MedicareNPIMedicareNPI

Privacy Policy

Effective date: February 21, 2026

1. Introduction

MedicareNPI (“we,” “our,” or “us”) operates the website located at www.medicarenpi.com (the “Service”). This Privacy Policy describes how we collect, use, disclose, retain, and protect your information when you access or use our Service. By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

This policy applies to all visitors, users, and anyone who accesses the Service, regardless of location. For users in jurisdictions with specific data protection laws (EU/EEA, United Kingdom, California, and other US states), additional rights and disclosures are described in Sections 10–12 below.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily submit when you contact us, submit a data correction request, provide feedback, or use interactive features. This may include:

  • Name and email address
  • Message content and attachments in correspondence
  • Any other information you choose to provide

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical and usage data, including:

  • IP address (may be anonymized or truncated for analytics)
  • Device type, operating system, and browser type/version
  • Pages visited, time spent on pages, click patterns, and scroll depth
  • Referring URL, search terms, and entry/exit pages
  • Date, time, and timezone of access
  • Screen resolution and viewport size
  • Language preference

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies (local storage, session storage) to operate the Service and collect usage information. The types of cookies we use include:

  • Strictly Necessary Cookies: Required for the Service to function (e.g., session management, security). Cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with the Service. We may use Google Analytics or similar services that set their own cookies. These services may collect your IP address and browsing behavior across sites.
  • Preference Cookies: Remember your settings and choices (e.g., search filters, comparison selections).

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling certain cookies may affect the functionality of the Service. For more information, visit allaboutcookies.org.

2.4 Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. There is currently no industry standard for recognizing DNT signals. At this time, we do not respond to DNT signals. If a standard is established in the future, we will update this policy accordingly.

2.5 Healthcare Provider Data

All healthcare provider information displayed on MedicareNPI — including NPI numbers, names, addresses, specialties, credentials, and Medicare enrollment data — is sourced exclusively from publicly available US government databases (NPPES NPI Registry, CMS Provider Data Catalog, Hospital Compare, DMEPOS Supplier Data). This data is public record created and maintained by the Centers for Medicare & Medicaid Services (CMS) and is not considered private personal information under this policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide, operate, maintain, and improve the Service
  • Process and respond to your inquiries, feedback, and support requests
  • Analyze usage trends and optimize user experience
  • Monitor and ensure the security and integrity of the Service
  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Comply with legal obligations and enforce our Terms of Service
  • Generate aggregated, de-identified analytics and reports

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Basis for Processing

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a legal basis for processing personal data, we rely on the following:

  • Legitimate interests: Operating and improving the Service, ensuring security, and analyzing usage — where these interests are not overridden by your data protection rights.
  • Consent: Where you have provided explicit consent (e.g., for non-essential cookies or marketing communications). You may withdraw consent at any time.
  • Contractual necessity: Processing necessary to respond to your requests or provide the Service.
  • Legal obligation: Processing required to comply with applicable laws and regulations.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information only in the following limited circumstances:

  • Service providers: Trusted third-party vendors who assist in operating the Service (e.g., hosting, content delivery, analytics). These providers are contractually bound to use your data only for the purposes we specify and to maintain appropriate security measures.
  • Legal requirements: When required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • Aggregated/de-identified data: We may share aggregated, statistical, or de-identified information that cannot reasonably be used to identify you.

6. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Specifically:

  • Contact/correspondence data: Retained for up to 2 years after your last communication with us, or longer if required for legal or compliance purposes.
  • Analytics data: Retained in aggregated or anonymized form. Raw analytics logs are deleted or anonymized within 26 months.
  • Cookies: Session cookies expire when you close your browser. Persistent cookies have varying expiration periods as described in their respective settings.

When personal information is no longer needed, we securely delete or anonymize it.

7. Data Security

We implement industry-standard administrative, technical, and physical security measures to protect your information, including:

  • TLS/SSL encryption for all data in transit
  • Access controls and authentication for internal systems
  • Regular security assessments and monitoring
  • Secure hosting with reputable infrastructure providers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your jurisdiction.

For users in the EEA or UK, we ensure that any international data transfer is carried out in compliance with applicable data protection laws, including through the use of Standard Contractual Clauses (SCCs) or other approved transfer mechanisms where required.

9. Third-Party Links and Services

The Service may contain links to third-party websites and services, including government databases (CMS.gov, NPPES, data.cms.gov), analytics providers, and content delivery networks. We are not responsible for the privacy practices, content, or security of these external sites. We encourage you to review the privacy policies of any third-party sites you visit through links on our Service.

10. Your Privacy Rights — EEA, UK, and Switzerland (GDPR/UK GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and/or UK GDPR:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data (“right to be forgotten”).
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at privacy@medicarenpi.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

11. Your Privacy Rights — California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:

  • Right to know: Request what personal information we collect, use, disclose, and sell.
  • Right to delete: Request deletion of your personal information.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to opt-out of sale/sharing: We do not sell or share your personal information as defined by CCPA/CPRA.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined by CPRA.

To submit a request, contact us at privacy@medicarenpi.com. We will verify your identity before processing your request and respond within 45 days.

Categories of personal information collected in the preceding 12 months: Identifiers (email address, IP address), internet activity information (browsing history, search queries on our Service). We have not sold personal information in the preceding 12 months.

12. Other US State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with consumer privacy laws may have similar rights to access, delete, correct, and opt out of certain data processing. To exercise these rights, contact us at privacy@medicarenpi.com.

13. Children’s Privacy

The Service is not directed to individuals under the age of 16 (or 13 in jurisdictions where COPPA applies). We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information without appropriate parental consent, we will promptly delete that information. If you believe a child has submitted personal information to us, please contact us at privacy@medicarenpi.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Effective date” at the top of this page. We encourage you to review this page periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will make every effort to respond to your inquiry within 30 days (or sooner where required by law).

Terms of ServiceContact Us