Effective Date: April 10, 2026
Non-Emergency Medical Transportation Accreditation Commission, Inc. (“NEMTAC®,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal and organizational information entrusted to us. This Privacy Policy explains how we collect, use, process, store, and share information across our platforms and services.
This policy applies to all NEMTAC-operated websites and systems, including nemtac.co, nemtproviderregistry.org, and nemttoday.com, as well as related services such as credentialing, accreditation, education programs, event participation, and communications.
By using our services, you acknowledge that your information will be handled in accordance with this Privacy Policy.
NEMTAC operates an integrated data environment that includes credentialing, accreditation, education delivery, event management, and communications systems. As part of this environment, NEMTAC utilizes third-party service providers to support specific operational functions.
Credentialing and registry services are supported by Professional Credentials Exchange, Inc. (“ProCredEx”), which operates as a service provider to NEMTAC and processes credentialing data on NEMTAC’s behalf. Additional systems support education delivery, customer relationship management, event registration, and event engagement. Information submitted to NEMTAC may be processed across these systems as necessary to deliver services and maintain operational continuity.
We collect information based on your interaction with our services, the nature of your participation, and the information you choose to provide.
3.1 Personal Information
We collect personal information that you voluntarily provide when you interact with our platforms, including when you register for services, submit forms, enroll in programs, or contact us. This information may include your name, email address, phone number, mailing address, job title, organization, and account credentials. The specific information collected depends on the context of your interaction and the services requested.
3.2 Credentialing and Compliance Data (NNPR™)
For participation in the NEMTAC® National Provider Registry (NNPR™) and related credentialing services, we collect and process detailed organizational and compliance-related information. This may include business ownership and identity information, licensing and regulatory status, insurance documentation, certifications, operational capabilities, and other materials necessary to evaluate and validate credential status.
This category of data is materially more extensive than standard website information and is used to support credential validation, compliance monitoring, and accreditation readiness. Credentialing data may also include validation outcomes, status designations, and historical records associated with credential review and monitoring activities.
3.3 Automatically Collected Information
When you access our platforms, we may automatically collect technical and usage information necessary to operate and secure our systems. This may include IP address, device and browser characteristics, operating system, usage patterns, access times, and pages viewed. This information is used to maintain system performance, security, and analytics.
3.4 Event and Participation Data
When you register for or participate in NEMTAC events, including Transform conferences, we collect information necessary to facilitate event operations. This may include registration details, attendance records, session participation, and engagement metrics. This information is used to manage event logistics, improve programming, and support attendee experience.
3.5 Communications and Consent Records
We maintain records of communications and communication preferences, including email and SMS consent. This includes documentation of when and how consent was provided, as well as records of communications sent and user preferences regarding those communications.
We use the information we collect to operate, maintain, and improve our services, and to fulfill our organizational mission.
This includes facilitating credentialing and validation processes, supporting accreditation programs, delivering education and certification services, managing event participation, and communicating with users regarding services, updates, and opportunities. Information is also used to maintain system security, prevent fraud, conduct analytics, and comply with applicable legal and regulatory obligations.
Where required, we rely on user consent, contractual necessity, legitimate organizational interests, or legal obligations as the basis for processing information.
Credentialing data collected through the NNPR™ is used to support structured validation and monitoring of provider credentials. This includes reviewing submitted documentation, confirming conformity with defined baseline criteria, tracking credential status and expiration, identifying potential deficiencies, and generating compliance-related reporting.
Credentialing processes are designed to support transparency, standardization, and accreditation readiness within the NEMT industry. Validation and monitoring activities are conducted in accordance with NEMTAC-defined criteria and may include attestation based on available documentation at the time of review. Any validation or attestation reflects documentary review based on information available at the time and should not be interpreted as a guarantee of ongoing compliance, operational performance, or service quality.
NEMTAC maintains internal administrative and procedural controls governing credential validation, data access, and monitoring processes, which are periodically reviewed to support consistency, integrity, and program reliability.
NEMTAC maintains a structured approach to data classification based on sensitivity and intended use.
Certain information, such as basic provider identification and directory information, may be publicly displayed as part of registry listings. More sensitive credentialing data, including licenses, insurance documentation, and compliance records, is restricted and accessible only to authorized parties within defined credentialing workflows. Internal system data, such as logs and analytics, is used exclusively for operational and administrative purposes.
Data is handled in accordance with its classification to ensure appropriate access control and protection.
We may share information in limited and controlled circumstances consistent with the purposes described in this policy.
Credentialing data may be shared with authorized entities designated by the provider, including payers, brokers, government entities, and other organizations participating in credentialing and network validation processes. Such sharing is limited to the minimum necessary information required to support credential verification, compliance evaluation, and participation in relevant programs.
We also share information with service providers who support our operations, including ProCredEx (credentialing infrastructure), Thinkific (education), GoHighLevel (CRM and communications), RegFox (event registration), and EventMobi (event engagement). These providers process data on our behalf and are expected to maintain appropriate safeguards.
We may disclose information where required by law, regulation, legal process, or to protect the rights, safety, or integrity of NEMTAC, its users, or the public.
By submitting information through our platforms, you provide express consent to receive communications from NEMTAC, including email, SMS/text messages, and event-related notifications. Consent is obtained through affirmative user action at the time of submission or registration.
Communications may include service-related updates, program information, reminders, and event communications. Message frequency may vary based on user engagement. Standard message and data rates may apply for SMS communications.
Users may opt out of SMS communications at any time by following opt-out instructions (such as replying STOP), and may unsubscribe from email communications through provided mechanisms. Certain service-related communications may still be sent where necessary for account administration or service delivery.
We may use cookies and similar technologies to support system functionality, analyze usage patterns, and improve user experience. These technologies allow us to understand how users interact with our platforms and to enhance performance and security.
Users may adjust their browser settings to control or disable cookies; however, doing so may affect the functionality of certain features.
We retain information for as long as necessary to fulfill the purposes described in this policy, including operational, contractual, legal, and regulatory requirements.
Credentialing data may be retained for the duration of participation in the Registry and for additional periods necessary to support compliance monitoring, audit requirements, and legal obligations. Certain records, including audit logs and historical credentialing data, may be retained beyond active participation where necessary to preserve system integrity and meet regulatory expectations.
We implement administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of information. These measures include access controls, encryption where appropriate, and system monitoring.
In the event of a data security incident, NEMTAC will take appropriate steps to investigate, mitigate, and notify affected parties as required by applicable law.
Despite these safeguards, no system can be guaranteed to be completely secure, and users acknowledge that information transmitted electronically carries inherent risk.
You may request access to, correction of, or updates to your personal information. You may also request deletion of your data, subject to limitations related to legal obligations, credentialing requirements, and system integrity.
Requests may be submitted through NEMTAC using the contact information provided below. We will respond to such requests in accordance with applicable laws and operational requirements.
Our platforms may contain links to third-party websites or services. NEMTAC does not control and is not responsible for the content, policies, or practices of third-party sites. Users are encouraged to review the privacy policies of any external services they access.
We may update this Privacy Policy from time to time to reflect changes in our practices, systems, or legal requirements. Material changes may be communicated through website notices or direct communications.
Continued use of our services following updates constitutes acceptance of the revised policy.
This Privacy Policy and any disputes related to the collection or use of information are governed by the laws of the State of Arizona, without regard to its conflict of law principles.
Non-Emergency Medical Transportation Accreditation Commission, Inc.
Website: https://nemtac.co
Email: info@nemtac.co
Phone: 866-636-8221
