Privacy Policy

At BILLNORARCM, we prioritize the privacy and security of your personal and medical information. This Privacy Policy comprehensively outlines how we collect, manage, use, and protect identifiable information within our medical billing, coding, and revenue cycle management (RCM) services. We operate strictly under the Health Insurance Portability and Accountability Act (HIPAA) regulations to ensure the utmost protection of patient data.

1. Information We Collect

We collect information necessary to provide seamless and accurate RCM services to our healthcare partners and their patients.

Personal and Protected Health Information (PHI): This includes identification details (name, address, phone number, email), appointment history, medical records, claims data, date of birth, and insurance information. This data is fundamental to the billing, coding, and revenue management processes.
Usage Data: We automatically collect non-personal information when you interact with our website, such as your IP address, browser type, and navigation patterns. This helps us optimize user experience and improve our digital infrastructure.

2. How We Use Your Information

We utilize the collected data strictly for professional and operational purposes:

Medical Billing & Coding Services: To ensure accurate medical billing and coding, translating healthcare services into clear claims to secure timely and correct reimbursements.
Communication & Client Support: To address inquiries, provide customer support, and keep our clients informed about our service updates.
Legal & Regulatory Compliance: To fulfill our legal obligations under OSHA regulations, HIPAA, and other applicable federal or state laws.

3. HIPAA Compliance & PHI Protection

BILLNORARCM is fully committed to upholding all principles and mandates of the HIPAA Act. Protecting the confidentiality, integrity, and availability of Protected Health Information (PHI) is our top priority.

Employee Training & Awareness: Our entire workforce, including IT personnel, undergoes rigorous, ongoing HIPAA compliance and data privacy training. We maintain a culture of strict security awareness.
Technical & Administrative Safeguards: We deploy advanced technical safeguards, including end-to-end encryption, multi-factor authentication, access controls, and routine system vulnerability assessments. Administrative policies ensure only authorized personnel can access PHI based on a “need-to-know” basis.
Business Associate Agreements (BAAs): Any third-party vendors or partners involved in processing PHI on our behalf are required to sign comprehensive BAAs. This guarantees they uphold the same strict data security and privacy standards as BILLNORARCM.
Data Breach Response Plan: While data breaches are highly rare due to our stringent security protocols, we maintain a robust contingency and incident response plan. In the unlikely event of a breach, we follow all HIPAA notification requirements to immediately alert affected parties, assess risks, and mitigate any potential harm.

4. Data Protection Measures

We employ industry-leading security practices to handle all sensitive information:

Data Encryption: All electronic transmission of PHI and sensitive data is fully encrypted, safeguarding information both in transit and at rest.
Strict Access Controls: System access is role-based, ensuring that sensitive data is only retrievable by explicitly authorized personnel.
Continuous Audits & Monitoring: We conduct regular internal and external audits of our systems to identify and resolve potential vulnerabilities proactively.

5. Information Sharing

We do not sell your personal information. We only share information under the following circumstances:

Service Providers and Partners: We may share necessary data with trusted third-party business partners who assist in operating our platforms and services. These partners are legally bound by our privacy policies and strict HIPAA standards.
Legal Obligations: We may disclose information if required to do so by law, court order, or formal regulatory request.

SMS Consent Exception: All the above categories exclude text messaging originator opt-in data and consent; this specific information will not be shared with any third parties under any circumstances.

6. Your Rights Under HIPAA

We strictly respect and uphold your rights regarding your health information, which include:

Right to Access: You have the right to request an electronic or physical copy of your health information under certain conditions.
Right to Request Amendments: If you believe your health information is incorrect or incomplete, you may request corrections or updates.
Right to Restrict Disclosure: You can request restrictions on how we use or disclose your information for treatment, payment, or healthcare operations.
Right to Confidential Communications: You have the right to request that we communicate with you via specific means or at alternative locations to ensure your privacy.

7. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our compliance team: