1. Introduction

ClaimRight ("we," "our," or "us") is committed to protecting your privacy and maintaining the security of your personal health information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered healthcare claims appeal platform.

As a healthcare technology provider, we are committed to full compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws.

2. HIPAA Compliance

ClaimRight is a HIPAA-compliant platform. We serve as a Business Associate to covered entities (healthcare providers) and have implemented appropriate administrative, physical, and technical safeguards to protect PHI.

• End-to-end encryption of all data in transit and at rest
• Access controls and user authentication
• Comprehensive audit logging
• Regular security assessments and penetration testing
• Employee training on HIPAA requirements

3. Information We Collect

3.1 Personal Health Information (PHI)

• Patient demographic information
• Medical record numbers and identifiers
• Diagnosis codes and medical procedures
• Insurance claim information
• Provider and facility information

3.2 Account Information

• Name, email address, and contact information
• Professional credentials and affiliations
• Billing and payment information
• Usage data and platform interactions

3.3 Technical Information

• IP addresses and device information
• Browser type and version
• Platform usage analytics
• Error logs and performance data

4. How We Use Your Information

• Appeal Generation: To create AI-powered appeal letters for denied claims
• Platform Operations: To provide, maintain, and improve our services
• Analytics: To analyze success rates and optimize appeal strategies (aggregated, de-identified data only)
• Security: To monitor for unauthorized access and ensure data integrity
• Legal Compliance: To comply with applicable healthcare and privacy laws
• Customer Support: To respond to inquiries and provide technical assistance

5. Information Sharing

We do not sell, trade, or rent your personal information. We may share information only in the following limited circumstances:

• With Your Consent: When you explicitly authorize information sharing
• Service Providers: With trusted third-party vendors who assist in platform operations (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Transfers: In connection with mergers, acquisitions, or asset sales (with continued privacy protection)
• Emergency Situations: To protect health, safety, or legal rights when immediate action is required

6. Data Security

We implement industry-leading security measures:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication for user accounts
• Regular security audits and vulnerability assessments
• 24/7 security monitoring and incident response
• Geographic data residency controls

7. Your Rights

Under HIPAA and applicable privacy laws, you have the right to:

• Access your personal information
• Request corrections to inaccurate data
• Request restrictions on information use
• Request alternative communication methods
• File complaints about privacy practices
• Receive an accounting of disclosures

8. Data Retention

We retain personal health information only as long as necessary for treatment, payment, healthcare operations, and legal compliance. PHI is typically retained for 6 years after the last service date, unless longer retention is required by law or authorized by the covered entity.

9. International Users

ClaimRight is designed for use within the United States. If you access our platform from outside the U.S., you acknowledge that your information may be processed in the United States, where privacy laws may differ from those in your jurisdiction.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through the platform or via email. Your continued use of ClaimRight after such modifications constitutes acceptance of the updated policy.

11. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact:

12. Breach Notification

In the unlikely event of a data breach involving PHI, we will notify affected covered entities and individuals as required by HIPAA breach notification rules, typically within 60 days of discovery.