The short version
We collect almost nothing: a hospital website URL and, if you choose to give it, an email address. We use them to run your scan and send you the results. We don't use cookies or analytics, and we never sell, share, publish, or benchmark your information or your scan results. Ask us to delete your data and we will.
Who we are
RootCheck ("we," "us") is an independent monitoring service that checks hospitals' publicly available price-transparency files against the published technical requirements of 45 CFR Part 180. We are not affiliated with the Centers for Medicare & Medicaid Services (CMS) or any government agency.
What we collect
When you request a free scan, the form collects:
- Your hospital's website URL — required, so we know what to scan.
- An email address — optional, only if you want the results emailed to you.
If you correspond with us (for example, replying to a scan report or asking about a subscription), we keep that correspondence. If you become a paying customer, we also collect the business contact and billing details needed to invoice you.
That's the full list. We never ask for, and never want, patient data or protected health information (PHI). RootCheck reads only public web pages — it never connects to your internal systems and needs no logins or credentials.
What we don't collect
- No cookies.
- No analytics or tracking scripts, and no third-party trackers of any kind.
- No data stored in your browser (no localStorage or similar).
- No advertising identifiers, and no data purchased from data brokers.
Like most web servers, our hosting provider may keep standard technical logs (such as IP addresses and request timestamps) for security and reliability. We don't use these logs to identify or profile visitors.
What we scan
Our scans read only content your hospital already publishes on its public website — the machine-readable files and pages that 45 CFR Part 180 requires to be publicly accessible. We do not access non-public systems, password-protected areas, or patient records, and no business associate agreement (BAA) is needed because no PHI is involved.
How we use your information
- To run the scan you requested and deliver the report.
- To respond when you contact us.
- To provide, invoice, and support the monitoring service if you subscribe.
If you request a free scan, you get one email with your results — no drip campaign, no follow-up sequence. We won't email you again unless you ask us to.
What we never do with your data
- We never sell your information — to anyone, for any reason.
- We never publish, share, or benchmark your scan results. Your results go to you and stay with us.
- We never use your data for advertising.
We share information only with the service providers needed to operate RootCheck (such as our hosting and email providers, acting on our instructions), or if the law requires it.
Retention and deletion
We keep free-scan submissions and reports only as long as needed to deliver them and respond to you. If you ask us to delete your free-scan report and the information you submitted, we will — reply to the email that delivered your report, and we'll confirm once it's done.
For paying customers, we retain scan records during the subscription so you have a documented monitoring history, plus whatever billing records the law requires us to keep. Customers can request deletion of their scan history when their subscription ends.
Security
We keep the data we hold to a minimum — that's the best protection there is — and restrict access to it. No method of transmission or storage is perfectly secure, but there is very little here to lose: no PHI, no credentials, no access to your systems.
Your choices and rights
You can use the free scan without providing any email at all. You can ask us at any time to delete your data, correct it, or tell you what we hold about you. Depending on where you are, you may have additional rights under applicable privacy laws; we'll honor reasonable requests regardless.
Children
RootCheck is a business service for hospital teams. It is not directed to children, and we do not knowingly collect information from anyone under 16.
Changes to this policy
If we change this policy, we'll update it here and revise the "Last updated" date above. If a change meaningfully affects how we handle data you've already given us, we'll make that clear on this page.
Contact
Privacy questions or requests? Use the form on our site — a real person reads every submission — or reply to any email you've received from us.