Privacy Policy

Last Updated: May 9, 2025

Our Commitment to Privacy

Clinical Billing Solutions ("we," "our," or "us") is a healthcare business associate committed to the highest standards of data privacy and security, including full compliance with the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy explains our practices regarding Protected Health Information (PHI) and other personal data.

As a medical billing service provider for PT, OT, and SLP clinics, we take our responsibility to protect patient information seriously. All our systems, processes, and staff training are designed with HIPAA compliance as our top priority.

HIPAA Compliance Statement

Clinical Billing Solutions operates as a Business Associate to healthcare providers (Covered Entities) as defined by HIPAA. We have implemented:

  • Administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI
  • Policies and procedures aligned with HIPAA Privacy, Security, and Breach Notification Rules
  • Regular risk assessments and compliance reviews
  • Comprehensive staff training on HIPAA requirements and privacy protocols
  • Business Associate Agreements (BAAs) with all subcontractors who handle PHI

We maintain compliance with all applicable state and federal laws governing the use and disclosure of health information.

Protected Health Information (PHI)

As a medical billing service, we may have access to Protected Health Information, which includes:

  • Patient demographics and contact information
  • Health insurance and billing information
  • Medical record numbers and treatment codes
  • Dates of service
  • Diagnostic and procedure information required for billing

How we handle PHI:

  • We access and use PHI only as necessary to provide billing services to healthcare providers
  • We do not use or disclose PHI for purposes other than those permitted by our Business Associate Agreements and HIPAA
  • We implement appropriate encryption and security measures for PHI in transit and at rest
  • We maintain detailed access logs for all PHI systems
  • We promptly report any potential data breaches affecting PHI in accordance with HIPAA requirements

Minimum Necessary Standard

We follow the HIPAA "Minimum Necessary" standard, meaning we limit PHI access and use to the minimum amount needed to accomplish the intended purpose. Our staff are trained to access only the information required for their specific job functions.

Website Information Collection

When healthcare professionals or clinic staff visit our website or submit information through our contact form, we collect:

  • Name and contact information
  • Clinic or practice name
  • Professional role or position
  • General information about the practice needs

Note: Our website contact form is designed for healthcare professionals to inquire about our services. Patients should never submit any personal health information through our website. Our contact form is not intended for patient communication.

Non-PHI website data we may collect automatically includes:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referring websites

This technical information is collected using cookies and similar technologies and is used solely for website functionality, security, and improvement purposes.

Data Security Measures

We implement robust security measures to protect all data, with particular emphasis on PHI:

  • End-to-end encryption for data transmission
  • Secure, HIPAA-compliant hosting environments
  • Multi-factor authentication for system access
  • Role-based access controls
  • Regular security assessments and penetration testing
  • Continuous monitoring for unauthorized access attempts
  • Secure backup systems with encryption
  • Physical security controls at our facilities

Data Retention and Disposal

We maintain PHI only for the period necessary to provide services to our healthcare clients and as required by law. Our retention policies follow HIPAA guidelines and applicable state regulations for medical records and billing information. When no longer needed, PHI is securely destroyed using methods that prevent reconstruction.

Patient Rights Under HIPAA

While Clinical Billing Solutions does not interact directly with patients, we support our healthcare clients in fulfilling patient rights under HIPAA, including:

  • Right to access their health information
  • Right to request corrections to their records
  • Right to an accounting of disclosures
  • Right to request restrictions on certain uses and disclosures
  • Right to confidential communications

Patients seeking to exercise these rights should contact their healthcare provider directly. As a business associate, we will cooperate with our healthcare clients to fulfill these requests in accordance with HIPAA regulations.

Breach Notification

In the unlikely event of a breach of unsecured PHI, we will:

  • Promptly notify affected healthcare clients in accordance with HIPAA Breach Notification Rules
  • Assist healthcare providers in fulfilling their notification obligations to affected individuals, the Department of Health and Human Services, and, when required, the media
  • Conduct a thorough investigation and implement corrective actions
  • Document all breach-related activities as required by law

Business Associate Agreements

We maintain formal Business Associate Agreements (BAAs) with all healthcare providers we serve. These agreements establish:

  • Permitted and required uses and disclosures of PHI
  • Security and privacy safeguards we will maintain
  • Obligations to report unauthorized uses or disclosures
  • Terms for secure disposal or return of PHI when our business relationship ends
  • Assurances that any subcontractors will follow the same restrictions and conditions

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or regulatory requirements. Healthcare clients will be notified of significant changes through their designated contacts. The latest version will always be available on our website with the "Last Updated" date.

Contact Information

For questions or concerns about our privacy practices or HIPAA compliance:

Privacy Officer: Privacy Officer
Email: [email protected]
Phone: 888-550-2112
Mail: PO Box 14155, Orange, California

For general inquiries:
Email: [email protected]
Phone: 888-550-2112

← Return to Home Page