Consultation and Audit Booking

Privacy & Data Security Policy (HIPAA Notice)

Medical Bill Forensics LLC is committed to protecting the privacy and security of your health and financial information. This policy describes how we handle Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other relevant data privacy laws.

1. Our Role as a Business Associate

While we are an independent forensic firm and not a healthcare provider, the data you provide (medical bills) contains PHI. We handle this data under the strict standards of a Business Associate as defined by HIPAA, ensuring that your information is used only for the purpose of the forensic audit you have requested.

2. Information We Collect

We collect only the “Minimum Necessary” information required to perform a forensic audit, which typically includes:

  • Identification Data: Name, address, contact information, and identifying information.
  • Medical Billing Data: Itemized lists of services in a legitimate medical bill, dates of care, CPT/HCPCS codes, and provider information.
  • Financial Data: Tax information that may be necessary for our foresnic report and payment information for our services (processed via a secure, PCI-compliant third-party processor).

3. How We Protect Your Data (Technical Safeguards)

We utilize enterprise-grade security protocols to ensure your data is never compromised:

  • End-to-End Encryption: All data transmitted to our portal is encrypted using SSL/TLS (Secure Sockets Layer) technology. Data at rest is stored in encrypted, HIPAA-compliant cloud environments.
  • Access Controls: Only authorized forensic auditors with a “need to know” have access to your uploaded files. Our internal systems utilize Multi-Factor Authentication (MFA) and unique user identifiers.
  • Audit Logs: We maintain detailed logs of all system access and data modifications to ensure accountability and detect any unauthorized attempts to view your information.

4. Data Sharing and “The Firewall”

  • No Marketing Sales: We never sell, rent, or trade your personal health information to third-party marketers or data brokers. Additionally, we will never sell, rent, or trade your non-health information (any information that you provide that is not PHI).
  • Non-Disclosure: Your forensic report is delivered directly to you. We do not share your report or your billing data with your hospital, your insurance company, any other individual or enitity, or any government agency unless required by a specific court order or subpoena. Should a subponea be issued for your information, we will notify you as required under law.
  • Third-Party Vendors: We may use HIPAA-compliant subcontractors (e.g., secure cloud storage providers). All such vendors are required to sign a Business Associate Agreement (BAA) with us to ensure they maintain the same high level of security.

5. Data Retention and Destruction

Once your forensic audit is complete and delivered, we retain your data only as long as necessary for administrative purposes or as required by law (typically for a period of up to 10 years to support the “Audit Trail”). After this period, electronic records are permanently purged using secure, NIST-standard data destruction methods.

6. Use of Tracking Technologies (Cookies)

Our website uses “Necessary Cookies” to maintain your secure session while you are logged into the portal. We do not use tracking pixels or marketing cookies (like Facebook Pixel or Google Analytics) on any page where PHI is collected, ensuring that your browsing behavior related to your medical bill remains private.

7. Your Rights

Under HIPAA and the Privacy Rule, you have the right to:

  • Access: Request a copy of the forensic data we have on file for you.
  • Correction: Request that we correct any errors in the identification data we have collected.
  • Accounting of Disclosures: Request a list of any instances where your data was shared outside of the standard audit process (e.g., for legal compliance).

8. Contact Our Privacy Officer

If you have questions about our security protocols or believe your privacy rights have been violated, please contact our Privacy Officer at [email protected]