Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get this information. Please review it carefully.

Effective Date: January 1, 2026

Who This Notice Applies To

This Notice of Privacy Practices describes the privacy practices of DoctorBilling.ai and its affiliates ("we," "our," or "us"). We are committed to protecting the privacy of your health information and maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Your Health Information Rights

You have the following rights regarding your protected health information (PHI):

  • Right to Access: You have the right to request access to your PHI that we maintain. To request access, please submit your request in writing to our Privacy Officer.
  • Right to Amend: If you believe that your PHI is incomplete or incorrect, you may request an amendment. Your request must be in writing and explain why you believe the information should be amended.
  • Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI. This list does not include disclosures made for treatment, payment, or healthcare operations.
  • Right to Request Restrictions: You have the right to request a restriction on certain uses and disclosures of your PHI. We are not required to agree to your request unless the disclosure is to a health plan for purposes of carrying out payment or healthcare operations and the PHI pertains solely to a healthcare item or service for which the healthcare provider involved has been paid in full by you or someone other than the health plan.
  • Right to Confidential Communications: You have the right to request that we communicate with you in a certain way or at a certain location. For example, you may request that we contact you only at work or by mail.
  • Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice at any time, even if you have agreed to receive this Notice electronically.

Uses and Disclosures of Your Health Information

We may use and disclose your PHI for the following purposes without your authorization:

Treatment

We may use and disclose your PHI to provide, coordinate, or manage your healthcare and any related services. For example, we may disclose your information to healthcare providers who are involved in your care, such as billing companies, insurance companies, or other healthcare entities involved in your treatment.

Payment

We may use and disclose your PHI to bill and receive payment for treatment and services you receive. For example, we may send a bill to you or your health insurance company. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and supplies used.

Healthcare Operations

We may use and disclose your PHI for our healthcare operations. Healthcare operations include quality assessment, employee review, training programs, accreditation, certification, licensing, credentialing, and other activities that improve the quality and cost effectiveness of care.

Other Permitted Uses and Disclosures

We may also use or disclose your PHI for the following purposes without your authorization:

  • To comply with federal, state, or local laws
  • To respond to lawsuits and legal actions
  • To law enforcement officials as required by law or in response to a court order
  • For research purposes (with appropriate privacy protections)
  • To coroners, medical examiners, and funeral directors as necessary
  • To organ donation organizations as required by law
  • To avert a serious threat to health or safety
  • For specialized government functions such as military and national security
  • To workers' compensation programs as required by law

Our Responsibilities

We are required by law to:

  • Maintain the privacy of your PHI and provide you with notice of our legal duties and privacy practices
  • Notify you if a breach occurs that may have compromised your PHI
  • Follow the duties and privacy practices described in this Notice
  • Notify you of any changes to this Notice that may affect your privacy rights

Security Measures

We take the following administrative, physical, and technical safeguards to protect your PHI:

  • Administrative Safeguards: Regular risk assessments, employee HIPAA training, documented policies and procedures, and designated privacy and security officers.
  • Physical Safeguards: Secure facilities with controlled access, workstation security measures, and policies for the disposal of PHI.
  • Technical Safeguards: 256-bit AES encryption for data at rest, TLS 1.3 for data in transit, role-based access controls, multi-factor authentication, and comprehensive audit logging.

Breach Notification

In the event of a breach of your unsecured PHI, we will notify you in writing as required by HIPAA. This notification will include:

  • A description of what happened
  • The types of information involved
  • Steps you should take to protect yourself
  • What we are doing to investigate and mitigate the breach
  • Contact procedures for further information

We will provide this notification without unreasonable delay and no later than 60 calendar days after the breach is discovered.

Changes to This Notice

We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI we maintain. We will post a copy of the current Notice on our website. The effective date will be noted at the top of this Notice.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. All complaints must be submitted in writing.

We will not retaliate against you for filing a complaint.

Contact Information

If you have any questions about this Notice or wish to exercise any of your rights, please contact our Privacy Officer:

DoctorBilling.ai Privacy Officer

Email: [email protected]

Phone: (763) 230-2183

Mail: Privacy Officer, DoctorBilling.ai

Acknowledgment of Receipt

By using our services, you acknowledge that you have received and reviewed this Notice of Privacy Practices. This notice is also available on our website and will be provided to you upon request.

This Notice was last updated on January 1, 2026. We encourage you to review this Notice periodically for any changes.

Related Legal Documents:

Business Associate Agreement | Privacy Policy | Terms of Service