MedStream Medical Billing is committed to protecting the privacy, confidentiality, and security of personal and protected health information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard information in compliance with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA).
1. Information We Collect
We may collect and process the following types of information:
a. Personal Information
- Name, address, email address, phone number
- Employer or practice information
- Login credentials (for authorized systems)
b. Protected Health Information (PHI)
- Patient demographic data
- Insurance information
- Medical billing and claims data
- Coding, payment, and reimbursement information
c. Technical Information
- IP address
- Browser type and device information
- System access logs
2. How We Use Information
MedStream uses collected information strictly for legitimate business and healthcare operations, including:
- Medical billing, coding, and claims submission
- Revenue cycle management services
- Insurance verification and follow-ups
- Compliance with legal and regulatory requirements
- Quality assurance, audits, and reporting
- Client communication and support
3. Disclosure of Information
We do not sell or rent personal or patient information. Information may be disclosed only:
- To healthcare providers, payers, and clearinghouses as required for billing services
- To authorized business associates under written agreements
- When required by law, regulation, or court order
- To protect the rights, safety, or property of MedStream or others
All disclosures comply with HIPAA and applicable privacy laws.
4. HIPAA Compliance
MedStream acts as a Business Associate under HIPAA. We:
- Implement administrative, physical, and technical safeguards
- Limit access to PHI to authorized personnel only
- Ensure workforce training on privacy and security practices
- Execute Business Associate Agreements (BAAs) with clients
5. Data Security
We maintain strong security measures to protect information, including:
- Secure servers and encrypted systems
- Role-based access controls
- Regular system monitoring and audits
- Secure data transmission and storage
Despite our efforts, no system can be guaranteed 100% secure.
6. Data Retention
We retain personal and medical billing information only as long as necessary to:
- Fulfill contractual obligations
- Comply with legal, regulatory, and audit requirements
- Resolve disputes or enforce agreements
Data is securely destroyed once retention periods expire.
7. Your Rights
Depending on applicable law, individuals may have the right to:
- Request access to their information
- Request corrections to inaccurate data
- Request restrictions on use or disclosure
- Receive an accounting of disclosures
Requests must be submitted in writing.
8. Third-Party Services
Our services may involve third-party systems (e.g., clearinghouses, EHRs). MedStream is not responsible for the privacy practices of external platforms but ensures contractual safeguards where required.
9. Changes to This Privacy Policy
MedStream reserves the right to update this Privacy Policy at any time. Updates will be posted on our website with a revised effective date.
10. Contact Information
For questions, concerns, or privacy-related requests, please contact:
MedStream Medical Billing
Email: info@medstream.com]
