Privacy Policy

We take our role as a HIPAA-compliant medical billing company seriously. Our internal systems, staff protocols, and third-party partnerships are all designed to comply with HIPAA’s Privacy and Security Rules.

Key Measures:

Encryption: All PHI is encrypted during transmission (via SSL/TLS) and while stored (AES-256 encryption).
Access Controls: Only authorized personnel have access to PHI through strict role-based access systems.
Business Associate Agreements (BAAs): We execute signed BAAs with all vendors, contractors, and associates who process or store PHI on our behalf.
Audit Trails: Comprehensive logging and monitoring ensure all access to PHI is recorded and auditable.

We collect only the data necessary to provide our medical billing and coding services.

From Healthcare Providers:
Patient demographic information (e.g., name, DOB, gender)
Diagnosis codes (ICD-10)
Procedure codes (CPT/HCPCS)
Treatment records
Insurance provider details
Claim submission and remittance information

From Patients:
Name and contact information
Insurance identification numbers
Limited financial data required for billing and claims
Any communication sent directly to our support or billing teams
We do not collect or store clinical treatment notes unless needed for billing purposes.

We use PHI strictly for purposes related to medical billing, revenue cycle management, and healthcare operations, including:
Preparing and submitting insurance claims
Verifying insurance eligibility and benefits
Following up on unpaid or denied claims
Resolving billing and payment issues
Generating reports for providers (using de-identified or limited datasets where possible)
We do not sell, rent, or use your PHI for marketing or commercial purposes.

Patients have the following rights regarding their PHI, which Avenue Billing Services fully supports and facilitates:
Right to Access: You have the right to request a copy of your billing records.
Right to Amend: You have the right to request corrections to inaccurate or incomplete PHI.
Right to Restrict Use: You can request restrictions on how your PHI is used or disclosed for treatment, payment, or operations (subject to legal limitations).
Right to an Accounting of Disclosures: You may receive a list of disclosures of your PHI not related to treatment, payment, or operations.

Technical Safeguards:
End-to-end data encryption (SSL, AES-256)
Secure VPN access for remote operations
Intrusion detection and malware protection systems
Multi-factor authentication (MFA) for all internal systems
Physical Safeguards:
Restricted server access with 24/7 monitoring
Biometric or card access control systems at facility entrances
Secure disposal of physical records
Administrative Safeguards:
Annual HIPAA compliance training for all staff
Internal policies for breach prevention and response
Regular third-party security audits and assessments

Despite our best efforts, if a data breach affecting your PHI occurs, we will:
Notify you in writing within 60 days of discovery
Provide details about the nature of the breach, what information was involved, and the steps taken
Report the breach to the HHS Office for Civil Rights, as required under the HIPAA Breach Notification Rule.
We may also inform state or local authorities, depending on jurisdictional laws.

We only share data with vendors who have signed Business Associate Agreements and meet HIPAA compliance requirements. These vendors may assist with:
Claims processing systems
Clearinghouses
Secure cloud storage providers
Accounting and auditing services
We do not allow any vendor to use PHI beyond what is necessary to deliver services.

We retain PHI only as long as required by law or contract. Once data is no longer needed, it is securely deleted or destroyed in accordance with HIPAA’s data disposal requirements.

Our services do not target children under 13, and we do not knowingly collect personal data from minors without proper legal or parental consent.

We may update this Privacy Policy to reflect changes in regulations, technology, or business practices. We will post all updates on our website with a revised effective date.
Please review this page periodically to stay informed about how we protect your information.