HomePrivacy Policy

Privacy Policy

Last Updated: April 1, 2026 HIPAA Compliant

1. Information We Collect

HeavenRCM ("we," "our," "us") collects information necessary to provide our revenue cycle management services. This includes:

  • Contact Information: Name, email address, phone number, and practice details when you contact us or request a consultation.
  • Protected Health Information (PHI): Patient demographic and insurance data, medical records, and billing information necessary for claims processing, as authorized by our Business Associate Agreements.
  • Usage Data: Information about how you interact with our website, including IP address, browser type, and pages visited.

2. How We Use Your Information

We use collected information to:

  • Provide and improve our revenue cycle management services
  • Process and submit insurance claims on behalf of our clients
  • Communicate with you regarding our services
  • Respond to inquiries and provide customer support
  • Comply with legal and regulatory requirements
  • Improve our website and user experience

3. HIPAA Compliance

HeavenRCM operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We maintain strict administrative, physical, and technical safeguards to protect all Protected Health Information (PHI) in accordance with HIPAA regulations. All employees receive annual HIPAA training and are bound by confidentiality agreements.

4. Data Security

We implement industry-leading security measures including:

  • 256-bit AES encryption for data at rest and in transit
  • SOC 2 Type II certification
  • Regular penetration testing and security audits
  • Role-based access controls with multi-factor authentication
  • 24/7 security monitoring and intrusion detection

5. Information Sharing

We do not sell, trade, or rent your personal information. We may share information only with:

  • Insurance payers for the purpose of claims processing
  • Clearinghouses for electronic claim submission
  • Law enforcement when required by law
  • Service providers bound by confidentiality agreements

6. Your Rights

You have the right to access, correct, or request deletion of your personal information. For PHI, patients retain all rights under HIPAA, including the right to access, amend, and request an accounting of disclosures. Contact us at privacy@heavenrcm.com for any privacy-related requests.

7. Contact Us

For questions about this Privacy Policy, contact our Privacy Officer at:

HeavenRCM Privacy Office
Email: privacy@heavenrcm.com