Privacy Policy
At Avenue Billing Services, we are committed to protecting your privacy and ensuring the confidentiality and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), HITECH Act, and other applicable U.S. healthcare privacy laws. This Privacy Policy describes how we collect, use, disclose, and safeguard PHI and other personal information.
1. Our Commitment to HIPAA Compliance
We take our role as a HIPAA-compliant medical billing company seriously. Our internal systems, staff protocols, and third-party partnerships are all designed with strict adherence to HIPAAโs Privacy and Security Rules.
Key Measures:
Encryption: All PHI is encrypted during transmission (via SSL/TLS) and while stored (AES-256 encryption).
Access Controls: Only authorized personnel have access to PHI through strict role-based access systems.
Business Associate Agreements (BAAs): We execute signed BAAs with all vendors, contractors, and associates who process or store PHI on our behalf.
Audit Trails: Comprehensive logging and monitoring ensure all access to PHI is recorded and auditable.
2. Information We Collect
We collect only the data necessary to perform our services as a medical billing and coding partner.
From Healthcare Providers:
Patient demographic information (e.g., name, DOB, gender)
Diagnosis codes (ICD-10)
Procedure codes (CPT/HCPCS)
Treatment records
Insurance provider details
Claim submission and remittance information
From Patients:
Name and contact information
Insurance identification numbers
Limited financial data required for billing and claims
Any communication sent directly to our support or billing teams
We do not collect or store clinical treatment notes unless required for billing purposes.
3. How We Use Your Data
We use PHI strictly for purposes related to medical billing, revenue cycle management, and healthcare operations, including:
Preparing and submitting insurance claims
Verifying insurance eligibility and benefits
Following up on unpaid or denied claims
Resolving billing and payment issues
Generating reports for providers (using de-identified or limited datasets where possible)
We do not sell, rent, or use your PHI for marketing or commercial purposes.
4. Your Rights Under HIPAA
Patients have the following rights regarding their PHI, which Avenue Billing Services fully supports and facilitates:
Right to Access: You may request a copy of your billing records.
Right to Amend: You can request corrections to inaccurate or incomplete PHI.
Right to Restrict Use: You can request restrictions on how your PHI is used or disclosed for treatment, payment, or operations (subject to legal limitations).
Right to an Accounting of Disclosures: You may receive a list of disclosures of your PHI not related to treatment, payment, or operations.
5. Security Measures to Protect Your Data
Technical Safeguards:
End-to-end data encryption (SSL, AES-256)
Secure VPN access for remote operations
Intrusion detection and malware protection systems
Multi-factor authentication (MFA) for all internal systems
Physical Safeguards:
Restricted server access with 24/7 monitoring
Biometric or card access control systems at facility entrances
Secure disposal of physical records
Administrative Safeguards:
Annual HIPAA compliance training for all staff
Internal policies for breach prevention and response
Regular third-party security audits and assessments
6. Breach Notification Protocol
Despite our best efforts, if a data breach affecting your PHI occurs, we will:
Notify you in writing within 60 days of discovery
Provide details about the nature of the breach, what information was involved, and the steps taken
Report the breach to the HHS Office for Civil Rights, as required under the HIPAA Breach Notification Rule
We may also inform state or local authorities depending on jurisdictional laws.
7. Third-Party Vendors and Data Sharing
We only share data with vendors who have signed Business Associate Agreements and meet HIPAA compliance requirements. These vendors may assist with:
Claims processing systems
Clearinghouses
Secure cloud storage providers
Accounting and auditing services
We do not permit any vendor to use PHI for purposes beyond what is required for service delivery.
8. Data Retention Policy
We retain PHI only as long as required by law or contract. Once data is no longer needed, it is securely deleted or destroyed in accordance with HIPAAโs data disposal requirements.
9. Childrenโs Privacy
Our services are not directed to children under 13. We do not knowingly collect personal data from minors without appropriate legal or parental consent.
10. Policy Updates
We may revise this Privacy Policy to reflect changes in regulations, technologies, or business practices. Updates will be posted on our website with a new effective date.
We encourage you to review this page periodically to stay informed about how we protect your information.