TrueEnroll

Legal

Privacy Policy

Last updated June 26, 2026

TrueEnroll ("we," "us," "our") provides provider credentialing services to medical practices. This policy explains what information we collect from providers and the practices we work with, how we use it, and how it's protected. We built TrueEnroll's data handling around one rule: never collect or store more than the credentialing process actually requires.

What We Collect

When a provider completes an intake or gap form, we collect the information required to build and maintain their CAQH and payer enrollment profile: name, date of birth, contact information, practice and billing address, NPI, taxonomy/specialty, state license details, DEA registration, education and training history, hospital affiliations, malpractice insurance information, and the last 4 digits of their Social Security Number. We also accept document uploads (license, malpractice certificate, W-9, CV) needed to complete enrollment applications.

Social Security Numbers

Full Social Security Numbers are never stored in our database or written to disk anywhere in our system. If a provider enters their full SSN on an intake form, it exists only in memory for the duration of that one request: it is immediately sent as a single password-protected PDF to the two authorized credentialing coordinators who need it to complete payer enrollment, and only the last 4 digits are retained in the provider's permanent record.

How We Use Your Information

  • To build and maintain a verified provider profile for credentialing purposes
  • To prepare CAQH ProView and payer-specific enrollment applications (Molina, Superior, Driscoll, and others)
  • To identify missing or incomplete information and request it directly from the provider
  • To notify credentialing coordinators when a submission is received or requires review

We do not sell, rent, or share provider data with any third party for marketing purposes. Data is shared only with the payers and credentialing bodies (such as CAQH) the provider is being enrolled with, and only after a named coordinator has reviewed and approved it.

How We Protect It

  • All data is encrypted in transit (HTTPS)
  • Our server storage runs on encrypted infrastructure at the hosting-provider level; uploaded documents (licenses, malpractice certificates, W-9s) receive an additional layer of encryption applied by TrueEnroll itself, on top of that
  • Every field in a provider's profile carries a full audit trail — source, timestamp, and confidence — and no data reaches a payer without human review and approval
  • Database backups are encrypted by TrueEnroll before they ever leave our server, and the encryption key is never included in the backup itself
  • Access to the credentialing dashboard is restricted to named, authenticated coordinators — providers never need an account or password to submit their information

Data Retention

We retain provider profile data for as long as we are actively supporting that provider's credentialing and re-credentialing needs. A practice may request deletion of a provider's record at any time by contacting us at the email below.

Your Rights

Providers and practices may request a copy of the information we hold about them, request corrections, or request deletion of their record, subject to any retention required to complete an in-progress credentialing application.

Contact

Questions about this policy or your data can be sent to contact@trueenroll.com.