Privacy Policy

As a medical billing and coding company, we function as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We handle Protected Health Information (PHI) on behalf of covered healthcare providers strictly in accordance with applicable HIPAA Privacy and Security Rules.

Our HIPAA obligations include

• Entering into Business Associate Agreements (BAAs) with all covered entity clients
• Using PHI only for the purposes outlined in each BAA and as permitted by law
• Implementing administrative, physical, and technical safeguards to protect PHI
• Reporting breaches of unsecured PHI to the covered entity as required by the Breach Notification Rule
• Training our staff on HIPAA requirements and privacy best practices

From healthcare providers & their staff

Patient information (PHI) processed on your behalf

From website visitors

• Name, email address, phone number (via appointment or contact form submissions)
• IP address, browser type, and pages visited (via standard server logs and analytics)
• Any message content you voluntarily submit

Service delivery

• Claim entry, coding, submission, and resubmission on behalf of clients
• Denial management, payment posting, and AR follow-up
• Generating reports and communicating billing performance

Business operations

• Responding to inquiries and scheduling consultations
• Sending service updates, compliance notices, and account communications
• Improving our website and service quality
• Complying with legal, regulatory, and audit requirements

We do not sell, rent, or trade your personal information or PHI to any third party for marketing purposes.

We may disclose information in the following limited circumstances:

• Insurance payers & clearinghouses — to submit and adjudicate claims on your behalf
• Subcontractors / sub-Business Associates — only under BAAs with equivalent privacy protections
• Technology providers — billing software, secure cloud storage, encrypted communications tools
• Legal requirements — when required by law, court order, or government authority
• Business transfers — in the event of a merger or acquisition, subject to confidentiality obligations

We employ industry-standard security measures to protect the information we process:

Despite these measures, no system is 100% secure. In the unlikely event of a data breach involving PHI, we will notify affected covered entities in accordance with the HIPAA Breach Notification Rule within 60 days of discovery.

Our website may use cookies and similar tracking technologies to enhance your browsing experience and analyze site traffic. These may include:

• Essential cookies — required for basic website functionality
• Analytics cookies — help us understand how visitors use our site (e.g., Google Analytics)

You may disable cookies through your browser settings. Disabling cookies will not affect access to our core informational content.

As a Michigan-based business, we comply with applicable Michigan state privacy laws. Michigan residents who interact with our website may have the right to:

• Request access to personal information we hold about them
• Request correction of inaccurate personal information
• Request deletion of personal information (subject to legal retention requirements)
• Opt out of non-essential marketing communications at any time

For HIPAA-covered PHI, patient rights (access, amendment, accounting of disclosures) are governed by the covered healthcare provider’s Notice of Privacy Practices — not this policy.

We retain client and PHI-related records for a minimum of six (6) years following the termination of a service agreement, or longer where required by state law, payer contracts, or federal regulations. Website inquiry data is retained for a reasonable period to fulfill the purpose for which it was collected.

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised effective date. We encourage you to review this policy regularly. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.