Privacy & Policy

 

Last Updated Date: 07/04/2025

 

MediBilliX (“we”, “us”, “our”) respects your privacy and is committed to protecting the personal information of clients, patients, visitors to our website (www.medibillix.com), prospects, and business contacts. This Privacy Policy explains what information we collect, how we use and share it, your rights, and how we protect information — including special protections for health information where applicable.

1. Scope & Purpose

This Policy applies to information collected through our website, contact forms, email, phone, and other interactions with MediBilliX in connection with the provision of revenue cycle management (RCM), medical billing, patient access, business development, and related services for healthcare providers serving the United States market.

2. Information We Collect

We collect the following categories of information:

 

A. Personal Information

• Identifiers: name, title, organization, mailing address, email address, phone numbers.

• Contact & account information you provide in forms or during calls.

• Payment and billing details when needed for commercial transactions (note: we do not store full payment card data unless explicitly required and only through PCI-compliant payment processors).

B. Health Information (Protected Health Information — PHI)

• When you provide patient details or clinical/billing information necessary for RCM services, we may process PHI in order to perform contracted services. PHI includes patient names, dates of service, diagnosis codes, treatment codes, insurance information, and other data as necessary.

 

C. Technical & Usage Data

• Browser type/version, IP address, device and operating system, pages visited, referring/exit pages, and other analytics collected via cookies and similar technologies.

D. Communications Metadata

• Call logs, call recordings (where permitted and disclosed), messages, and other communications metadata when interacting with our staff.

 

3. How We Use Your Information

We use information for the following legitimate business purposes:

• To provide RCM, medical billing, patient access, and other contracted services.

• To contact you regarding inquiries you submit — including business development outreach and onboarding.

  • Important update: After you submit our website “Contact Us” form, you should expect a call from MediBilliX (from our Business Development or Client Services team) to discuss your inquiry and next steps. If you prefer not to receive a call, please indicate that preference on the form or contact us via email at the address listed in Section 12. You may also opt out later (see Section 9).

• To communicate about account updates, service questions, billing, and support.

• To analyze and improve our services, website and user experience.

• To comply with legal, regulatory, and audit requirements (including HIPAA compliance where applicable).

• To detect, prevent and investigate fraud, security incidents, or unlawful activity.

 

 

4. Legal Bases for Processing (where applicable)

• For clients and business contacts: processing is necessary for contract performance and legitimate business interests (e.g., service delivery, communications).

• For marketing/outreach: with consent where required, or our legitimate interest balanced against your rights.

• For PHI: processing is performed pursuant to service agreements and applicable law (including HIPAA). We execute Business Associate Agreements (BAAs) with covered entities as needed.

 

5. How We Share & Disclose Information

We do not sell your personal data. We may share information in the following ways:

• Service Providers & Subprocessors: vendors who perform services on our behalf (cloud hosting, analytics, payment processors, telephony, transcription, collections, security, legal and compliance). They are contractually required to keep data confidential and secure.

• Authorized Personnel & Partners: staff, subcontractors, or partners involved in providing RCM services (e.g., clearinghouses, coding teams). Access is limited to what is necessary to perform services.

• Business Associates: when handling PHI for covered entity clients, we act as a Business Associate and will sign BAAs; we share PHI only as permitted by the BAA and HIPAA.

• Legal & Regulatory: when required by law, court order, or regulatory requests, including to respond to subpoenas or to comply with governmental audits.

• Business Transfers: in connection with mergers, acquisition, or sale of assets — with notice and appropriate safeguards.

 

6. Data Security

We implement industry-standard technical, administrative, and organizational safeguards designed to protect personal data and PHI, including but not limited to:

• Access controls and role-based permissions.

• Encryption in transit (TLS) and at rest where feasible.

• Network and application security monitoring, firewalls, and intrusion detection.

• Regular security risk assessments, vulnerability scanning, and patch management.

• Employee privacy and security training, background checks for personnel handling PHI.

• Business Associate Agreements with vendors handling PHI.

While we use reasonable measures to protect data, no system can be 100% secure. In the unlikely event of a data breach affecting personal data or PHI, we will follow applicable breach notification laws and notify affected parties and regulators as required.

 

7. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law, including:

• Client and billing records: retained to satisfy contractual requirements, accounting, and regulatory obligations (commonly 6–10 years depending on context).

• Contact form and outreach records: retained for a limited business period (e.g., 2 years) unless you become a client or request longer retention.

• PHI: retained and disposed of in accordance with our retention policies, client agreements, and HIPAA where applicable.

Specific retention periods will be set in client contracts or applicable law. Contact us if you need the exact retention schedule for your data.

 

8. Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies for site functionality, analytics, and performance. You may control cookies through your browser settings and opt-outs where provided by analytics vendors.

 

9. Communications Preferences & Opt-Outs

• By submitting a contact form, you consent to being contacted by MediBilliX by phone, email, or text as described above.

• To opt out of marketing calls or emails, follow the unsubscribe instructions in communications or contact us (see Section 12). Opting out of necessary service communications may impact our ability to provide services.

• You may request to limit or stop phone outreach related to business development; we will honor reasonable requests as required by law.

 

10. Your Rights

Depending on where you live and the nature of the data, you may have the right to:

• Access the personal information we hold about you.

• Correct or update inaccurate or incomplete data.

• Request deletion of your personal information (subject to legal and contractual limitations).

• Request restrictions on processing.

• Receive a copy of your data in a portable, commonly used format where applicable.

• Object to certain processing (including direct marketing).

• For California residents: rights under the California Consumer Privacy Act (CCPA)/CPRA — e.g., right to know, delete, and opt out of sale (we do not sell personal data).

• For patients: rights under HIPAA to request access to, amendment of, or accounting of disclosures of PHI — where we act as a business associate, access requests should be directed to the covered entity; where we act as a covered entity, submit requests as described in applicable forms.

To exercise rights, contact us as in Section 12. We may need to verify your identity before fulfilling requests. We will respond within applicable statutory timeframes.

 

11. International Transfers

We operate primarily to serve the U.S. healthcare market but may transfer and process data in jurisdictions outside your country (for example, service providers or staff based in India). We use appropriate safeguards for cross-border transfers (e.g., contractual protections and restricted access). Where additional legal safeguards are required, we will implement them.

 

12. Contact Us / Requests

For privacy inquiries, access requests, opt-outs, or to request deletion or other rights, please contact:

MediBilliX Privacy Team

Email: info@medibillix.com
Phone: +1 (208) 379 – 3722 
Wyoming (US): 30 N Gould St Ste R, Sheridan, WY 82801, USA
Mumbai (IND):  10th Floor, Building 4, Nesco IT Park, Western Express Highway, Goregaon (East), Mumbai, Maharashtra 400063

 

13. Children & Minors

Our services are intended for business and healthcare use, not for children under 16. We do not knowingly collect personal information directly from children. If we learn that we have collected information from a child in violation of applicable law, we will take steps to delete the information.

 

14. Third-Party Websites & Links

Our website may contain links to third-party sites. This Policy does not cover third-party privacy practices. We encourage you to read the privacy notices of any site you visit.

 

15. Changes to This Policy

We may update this Policy to reflect changes in our practices or legal requirements. We will post a revised Policy with an updated “Last Updated” date. Material changes may be communicated through our website or other reasonable means.

 

16. HIPAA & Business Associate Notes

• When MediBilliX handles PHI for covered entities, we operate in accordance with HIPAA and related regulations and enter into Business Associate Agreements (BAAs) with covered entities.

• Our internal safeguards, training, and vendor contracts reflect HIPAA requirements where applicable.

 

18. Mobile Communications & SMS Disclosure

If you provide a mobile telephone number and opt in to receive SMS messages:

• By submitting a request or form, you consent to be contacted by SMS in relation to your inquiry, account, or services.

• Message frequency may vary. Message and data rates may apply.

• Reply STOP to opt out; reply HELP for more information.

• No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

• All other data-sharing categories exclude SMS opt-in data and consent.

17. Legal Disclaimer

This Privacy Policy explains our practices but is not a contract and does not provide legal rights. It is not a substitute for legal advice. If you require legal advice about privacy or compliance (for example, HIPAA, CCPA/CPRA, or other laws), please consult qualified counsel.