Privacy & Data Security Policy
Medical Bill Forensics LLC is committed to protecting the privacy and security of your health, financial, and personal information. This policy describes how we handle individually identifiable health and financial data in compliance with best practices, industry standards, and relevant data privacy laws.
1. Our Role and Regulatory Status
Medical Bill Forensics LLC is not a “covered entity” or “business associate” as those terms are defined under the Administrative Simplification and Privacy Rule provisions of the Health Insurance Portability and Accountability Act (HIPAA) (45 C.F.R. § 160.103). We are not a HIPAA covered entity (health plan, healthcare clearinghouse, or healthcare provider) and we do not transmit health information electronically in connection with any HIPAA-standard transaction. No HIPAA-covered transaction arises from our business operations.
Accordingly, HIPAA’s Privacy and Security Rules do not directly apply as a matter of law to the information Medical Bill Forensics LLC receives, reviews, stores, or transmits. However, as a matter of strict corporate policy and consumer protection, Medical Bill Forensics LLC voluntarily maintains enterprise-grade data security and confidentiality practices that mirror these federal standards, as described below.
2. Information We Collect
We collect only the minimum necessary information required to perform a comprehensive forensic medical billing document audit. This data typically includes:
- Identification Data: Name, physical address, email address, phone number, and related unique identifiers for the client (the patient named on the billing documents for whom the forensice audit is being produced) or their legally designated agent.
- Medical Billing Data: Itemized lists of charges, hospital statements, bills, Explanations of Benefits (EOBs), and institutional billing documents (such as CMS-1450/UB-04 forms).
- Financial Data: Tax-related documentation required for forensic report generation, and payment information for our services (which is securely processed via an independent, PCI-DSS compliant third-party payment gateway).
3. Data Protection and Technical Safeguards
We utilize enterprise-grade security protocols designed to prevent unauthorized access, disclosure, alteration, or destruction of your information:
- End-to-End Encryption: All data transmitted to and through our client portal is encrypted in transit using SSL/TLS (Secure Sockets Layer/Transport Layer Security) technology. Data at rest is securely stored within an encrypted environment built to meet federal healthcare hosting standards.
- Strict Access Controls: Access to your transmitted information is strictly restricted to authorized forensic auditors with a verified need to know to execute your audit. Internal systems are protected by Multi-Factor Authentication (MFA), role-based access configurations, and unique user identifiers.
- Comprehensive Audit Logs: We maintain immutable, detailed system logs tracking all data access, file modifications, and system events to guarantee total operational accountability and detect unauthorized access attempts.
4. Data Sharing Restrictions
- Absolute Prohibition on Data Sharing or Monetization: We do not sell, rent, lease, or trade your health data, personal identifiers, or financial information to third-party marketers, data brokers, or any external entities. We will never ask you to sign a release to use your data for anything outside of a foresnice audit of your billing documents which does not required a release signature.
- Non-Disclosure: Your final forensic report is delivered exclusively to you or your legally designated agent. We do not share your report, billing data, or audit findings with any other third-party.
- Legal Process: In the event that a lawful subpoena, court order, or government investigative demand is issued for your information, we will notify you immediately to the extent permitted by law prior to any disclosure, allowing you the opportunity to seek protective orders.
5. Data Retention and Secure Destruction
Once your forensic audit is finalized and delivered, we retain your data only as long as necessary to fulfill administrative obligations, support corporate accountability, or satisfy applicable legal requirements (typically for a period of up to 10 years to maintain a verifiable audit trail). Upon expiration of this retention period, electronic records are permanently purged and destroyed using secure data sanitization methods aligned with National Institute of Standards and Technology (NIST) guidelines.
6. Use of Tracking Technologies (Cookies)
Our website utilizes only “Strictly Necessary” cookies required for baseline site functionality, secure portal logins, and session management. We explicitly prohibit the use of tracking pixels, behavioral advertising trackers, or third-party marketing cookies (such as the Meta Pixel or unauthorized advertising analytics) on any page where health or billing information is uploaded or collected, ensuring your browsing behavior remains entirely confidential.
7. Consumer and Client Rights
As a client or former client of Medical Bill Forensics LLC, you retain the following voluntary administrative rights regarding your data:
- Right of Access: The right to request and receive a digital copy of the forensic data, itemized bills, and payment records we maintain on file for you.
- Right of Correction: The right to request that we correct or update any inaccurate or obsolete personal identification data in our system.
- Accounting of Disclosures: The right to request an accounting of any instance where your data was disclosed outside the standard audit process due to legal mandates or statutory compliance.
8. Contact Our Privacy Officer
If you have questions regarding our security protocols, wish to exercise your data rights, or believe your privacy has been compromised, please contact us directly at:
Email: [email protected]
