Privacy Policy

Welcome to Elite Square Medical Billing (“Company,” “we,” “our,” or “us”). We are a professional medical billing service provider dedicated to helping healthcare practices optimize their revenue cycle management while maintaining the highest standards of privacy and security.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our medical billing services, or interact with us in any way. It applies to healthcare providers who use our services, their patients, and any other individuals whose information we may process in connection with our services [citation:1].

We understand the sensitive nature of medical and billing information and are committed to protecting it with the utmost care. This policy outlines our practices in compliance with applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), state privacy regulations, and other relevant data protection laws [citation:4].

By using our services or accessing our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our services [citation:6].

We collect various types of information depending on your interaction with us. This may include personal information, protected health information (PHI), and technical data [citation:3][citation:4].

2.1 Information You Provide Directly

2.2 Protected Health Information (PHI)

2.3 Information Collected Automatically

When you visit our website, we may automatically collect certain information about your device and usage patterns [citation:4][citation:6]:

• Log Data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps
• Device Information: Device type, screen resolution, unique device identifiers
• Usage Data: How you interact with our website, features used, time spent on pages
• Cookies and Similar Technologies: We use cookies to enhance your experience and analyze site traffic [citation:3]

2.4 Information from Third Parties

We may receive information about you from third parties, including [citation:1]:

• Healthcare Providers: When they engage our services, they may provide patient information necessary for billing
• Insurance Companies and Payers: To verify coverage, process claims, and resolve payment issues
• Clearinghouses: To facilitate electronic claim submissions
• Service Providers: Who assist us in delivering our services

As a medical billing company, HIPAA compliance is the foundation of our operations. We take our obligations to protect PHI seriously and have implemented comprehensive measures to ensure compliance with all applicable HIPAA rules [citation:9].

3.1 Our Role as a Business Associate

Under HIPAA, Elite Square Medical Billing acts as a “Business Associate” to covered entities (healthcare providers, hospitals, clinics). This means we perform services involving the use or disclosure of PHI on behalf of our healthcare clients [citation:5][citation:7].

Our responsibilities as a Business Associate include [citation:4][citation:8]:

• Entering into written Business Associate Agreements (BAAs) with all healthcare provider clients
• Using PHI only for the purposes permitted by the BAA and as required by HIPAA
• Implementing administrative, physical, and technical safeguards to protect PHI
• Reporting any security incidents or breaches to covered entities as required by law
• Ensuring that any subcontractors who handle PHI also comply with HIPAA requirements
• Making PHI available for access, amendment, and accounting of disclosures as required
• Returning or destroying all PHI at the termination of the BAA

3.2 Permitted Uses and Disclosures of PHI

We use and disclose PHI only for permitted purposes under HIPAA, primarily for [citation:2]:

3.3 Minimum Necessary Standard

We adhere to the HIPAA “minimum necessary” standard, meaning we make reasonable efforts to limit PHI access, use, and disclosure to the minimum amount necessary to accomplish the intended purpose [citation:5][citation:9].

3.4 Breach Notification

In the event of a breach of unsecured PHI, we have protocols in place to [citation:5]:

• Investigate the breach promptly
• Notify affected covered entities without unreasonable delay
• Provide necessary information to facilitate patient notifications
• Document all breaches and our response actions
• Implement corrective measures to prevent future occurrences

We use the information we collect for various purposes related to providing our medical billing services and operating our business [citation:1][citation:4]:

4.1 No Sale of Information

We do not sell, rent, or trade your personal information or PHI to third parties for marketing purposes [citation:4][citation:6].

We may share your information in the following circumstances [citation:4][citation:8]:

5.1 With Healthcare Providers

We share PHI with the healthcare providers who engage our services, as they are the covered entities responsible for your care.

5.2 With Insurance Companies and Payers

We share information necessary for claims processing, payment, and coordination of benefits with insurance companies and other payers [citation:10].

5.3 With Service Providers

We may share information with third-party service providers who assist us in delivering our services, such as [citation:4][citation:6]:

• Technology Providers: Hosting services, software platforms, and IT support
• Clearinghouses: Electronic claims transmission services
• Payment Processors: Secure payment processing (e.g., Stripe)
• Analytics Providers: Website analytics and performance monitoring

All service providers are required to sign confidentiality agreements and comply with applicable privacy laws, including HIPAA where relevant [citation:8].

5.4 Legal Requirements

We may disclose information if required to do so by law or in response to valid legal requests, such as [citation:4][citation:10]:

• Court orders, subpoenas, or other legal processes
• Requests from government or regulatory authorities
• To comply with tax or reporting obligations

5.5 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, customer information may be transferred as part of the transaction. We will notify affected individuals of any such change [citation:4].

We implement comprehensive security measures to protect your information from unauthorized access, use, or disclosure [citation:3][citation:9]:

While we implement strong safeguards, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously work to maintain the highest standards [citation:4][citation:6].

Depending on your relationship with us and applicable laws, you may have certain rights regarding your information [citation:3][citation:4]:

7.1 For Patients

If you are a patient whose information we process on behalf of your healthcare provider, please direct your requests to your healthcare provider directly. They are the “covered entity” responsible for your PHI [citation:1].

7.2 How to Exercise Your Rights

To exercise your rights, please contact us using the information in Section 12. We will respond to all legitimate requests within the timeframes required by law [citation:4].

Our website uses cookies and similar technologies to enhance your experience, analyze traffic, and improve our services [citation:3][citation:6].

You can control cookies through your browser settings. However, disabling cookies may affect certain website functionality [citation:6].

We retain information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law [citation:3][citation:4].

9.1 Retention Periods

• PHI: Retained in accordance with federal and state record retention requirements (typically 6-10 years)
• Account Information: Retained for the duration of your account plus a reasonable period afterward
• Website Data: Retained for analytics purposes for up to 26 months

9.2 Data Destruction

When information is no longer needed, we securely destroy or anonymize it using methods that prevent reconstruction or read access [citation:1].

Our services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us, and we will take steps to delete such information [citation:6][citation:8].

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or industry standards [citation:3][citation:4].

When we make changes, we will:

• Update the “Effective Date” at the top of this policy
• Post the revised policy on our website
• Provide additional notice for material changes (such as email notification) as required by law

We encourage you to review this policy periodically to stay informed about how we protect your information [citation:6].

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us [citation:3][citation:4]: