About

Midwest IT Shield provides managed IT, cybersecurity, and digital infrastructure for data-sensitive organizations. We secure operations, reduce liability, and give leadership teams confidence in their technology.

Services
Managed ServicesCyberSecurityBackup & RestoreM365 ManagementDigital Infrastucture
Mac & Linux Support
Industries
HealthcareLaw FirmsFinancial & AccountingManufacturingProfessional ServicesNon-Profits
Contact
Free Consultation
(217) 577-5878

Privacy Policy

Midwest IT Shield

Effective Date: Febuary 13th, 2026
Address: 1246 Broadway St, Suite B, Quincy, IL 62301
Phone: (217) 577-5878
Email: sgoldhaber@midwestitshield.com

1. Overview

Midwest IT Shield (“Company,” “we,” “our,” or “us”) provides managed IT, cybersecurity, infrastructure, and compliance-support services to businesses, including healthcare organizations.

This Privacy Policy explains how we collect, use, and safeguard information through this website and during the delivery of services.

This policy applies to website visitors and business clients.
It does not replace any executed Business Associate Agreement (BAA).

2. HIPAA & Protected Health Information (PHI)

Midwest IT Shield may provide services to Covered Entities and Business Associates as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Where applicable:

  • We act as a Business Associate under HIPAA.

  • We process electronic Protected Health Information (ePHI) only under a signed Business Associate Agreement.

  • Our responsibilities regarding PHI are governed by the executed BAA with the client.

We do not intentionally collect or request medical records or Protected Health Information through this public website.

If you are a patient of one of our healthcare clients, you must contact your healthcare provider directly regarding access to your medical records or your rights under HIPAA.

3. Information We Collect (Website)

We may collect:

  • Name

  • Business email address

  • Phone number

  • Company name

  • IP address

  • Browser/device information

  • Submitted form data

We do not request or intentionally collect medical or health information through contact forms.

4. How We Use Information

We use collected information to:

  • Respond to inquiries

  • Provide managed IT services

  • Maintain cybersecurity operations

  • Improve website performance

  • Fulfill contractual obligations

  • Comply with applicable legal requirements

5. Security Safeguards

We implement administrative, technical, and physical safeguards designed to protect information, including:

  • Role-based access controls

  • Multi-factor authentication

  • Encryption in transit where applicable

  • Endpoint protection and monitoring

  • Incident response procedures

  • Vendor risk management

For healthcare clients, safeguards aligned with HIPAA Security Rule requirements are defined within executed Business Associate Agreements.

No system can guarantee absolute security.

6. Data Retention

We retain personal and client information only as long as necessary to:

  • Provide services

  • Meet contractual and legal obligations

  • Resolve disputes

  • Enforce agreements

Healthcare-related data retention is governed by the applicable BAA and regulatory requirements.

7. Third-Party Service Providers

We may utilize third-party platforms and vendors to deliver services, including:

  • Cloud productivity platforms

  • Endpoint management systems

  • Backup and disaster recovery providers

  • Security monitoring tools

Where required, vendors are subject to contractual data protection obligations.

8. Your Rights

Subject to applicable law, you may request:

  • Access to personal data

  • Correction of inaccurate data

  • Deletion where legally permissible

Healthcare-related requests must be directed to the relevant Covered Entity (your healthcare provider).

Requests may be submitted to:
sgoldhaber@midwestitshield.com

9. Incident Response

In the event of a confirmed security incident involving regulated data:

  • We follow our internal Incident Response Plan.

  • For HIPAA-regulated clients, notification procedures follow the executed BAA and applicable federal and state breach notification laws.

10. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted with a revised effective date.