Privacy Policy

1. Information We Collect

Personal Information

We may collect the following personal information when you contact us or use our services:

• Full name and professional title
• Email address and phone number
• Practice name and address
• Medical specialty and provider information
• National Provider Identifier (NPI) numbers
• Tax Identification Numbers (TIN) for billing purposes
• Insurance and payer information

Protected Health Information (PHI)

In the course of providing revenue cycle management services, we may access Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). All PHI is handled in strict compliance with HIPAA Privacy and Security Rules. We enter into a Business Associate Agreement (BAA) with all clients before accessing any PHI.

Website Usage Data

We automatically collect certain information when you visit our website, including IP address, browser type, pages visited, time spent on pages, and referring URLs. This data is used to improve our website and services.

2. How We Use Your Information

We use the information we collect to:

• Provide revenue cycle management, medical billing, and coding services
• Process insurance claims and manage accounts receivable
• Communicate with you about your account and our services
• Send newsletters and RCM insights (with your consent)
• Improve our website, services, and user experience
• Comply with legal and regulatory obligations
• Prevent fraud and ensure the security of our systems
• Respond to your inquiries and provide customer support

3. HIPAA Compliance

Rafsons Med Billing operates as a Business Associate under HIPAA regulations. We implement and maintain comprehensive safeguards to protect all PHI we access, receive, maintain, or transmit on behalf of our clients:

• Administrative Safeguards: Staff training, access controls, and security policies
• Physical Safeguards: Secure facilities and workstation controls
• Technical Safeguards: Encryption, audit logs, and automatic logoff
• Business Associate Agreements: Signed with all clients and subcontractors
• Breach Notification: Procedures in place per HIPAA Breach Notification Rule

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: Trusted third-party vendors who assist in our operations, bound by confidentiality agreements
• Insurance Payers: As necessary to process claims on your behalf
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In the event of a merger, acquisition, or sale of assets
• With Your Consent: For any other purpose with your explicit consent

5. Data Security

We implement industry-leading security measures to protect your information:

• 256-bit AES encryption for data in transit and at rest
• Secure Socket Layer (SSL/TLS) technology on all web pages
• Multi-factor authentication for all system access
• Regular security audits and penetration testing
• SOC 2 Type II certified infrastructure
• Zero-trust security architecture
• Regular employee security training

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small data files stored on your device. We use:

• Essential Cookies: Required for website functionality
• Analytics Cookies: To understand how visitors use our website (Google Analytics)
• Marketing Cookies: To deliver relevant advertisements (Google AdSense)

You can control cookie settings through your browser settings. Disabling cookies may affect website functionality.

7. Google AdSense and Advertising

We use Google AdSense to display advertisements on our website. Google AdSense uses cookies to serve ads based on your prior visits to our website or other websites. You may opt out of personalized advertising by visiting Google Ads Settings.

Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to our website. These cookies do not contain any personally identifiable health information.

8. Newsletter and Email Communications

If you subscribe to our newsletter, we will send you periodic emails with RCM insights, billing tips, and industry news. Each email includes an unsubscribe link. You may unsubscribe at any time by:

• Clicking the “Unsubscribe” link in any email
• Emailing us at info@rafsonsmedbilling.com

9. Your Rights

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal obligations
• Portability: Request transfer of your data in a machine-readable format
• Opt-Out: Opt out of marketing communications at any time
• HIPAA Rights: Additional rights regarding your PHI under HIPAA regulations

10. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Medical billing records are retained in accordance with applicable state and federal regulations, typically 7-10 years.

11. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of significant changes by posting the updated policy on our website with a new “Last Updated” date. Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: