BillDecoder LogoBillDecoder

HIPAA Notice of Privacy Practices

Effective Date: December 16, 2025

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Our Commitment to Your Privacy

BillDecoder is required by law to maintain the privacy and security of your protected health information (PHI). We are required to provide you with this notice about our privacy practices, our legal duties, and your rights concerning your PHI. We must follow the privacy practices described in this notice while it is in effect.

This notice takes effect on December 16, 2025, and will remain in effect until we replace it. We reserve the right to change our privacy practices and the terms of this notice at any time, provided such changes are permitted by applicable law. We reserve the right to make the changes in our privacy practices and the new terms of our notice effective for all PHI that we maintain, including PHI we created or received before we made the changes.

How We May Use and Disclose Your PHI

For Treatment, Payment, and Healthcare Operations

We may use and disclose your PHI for the following purposes:

  • Treatment: To analyze your medical bills and identify potential billing issues or errors
  • Payment: To process your subscription payments and billing
  • Healthcare Operations: To improve our services, train our AI models (using de-identified data only), and conduct quality assurance

With Your Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes other than treatment, payment, healthcare operations, or as otherwise permitted or required by law. You may revoke your authorization in writing at any time, except to the extent that we have already acted in reliance on your authorization.

To Business Associates

We may disclose your PHI to our business associates who perform services on our behalf (such as cloud hosting providers, payment processors, or customer support platforms). We require all business associates to sign agreements ensuring they will appropriately safeguard your PHI in compliance with HIPAA regulations.

As Required by Law

We may use or disclose your PHI when required by federal, state, or local law, including:

  • To public health authorities for disease prevention and control
  • To law enforcement officials as required by law or in response to valid legal process
  • To avert a serious threat to health or safety
  • For workers' compensation purposes
  • In response to lawsuits or legal proceedings

Your Rights Regarding Your PHI

Right to Inspect and Copy

You have the right to inspect and obtain a copy of your PHI that we maintain. To request access, contact us at [email protected]. We may charge a reasonable fee for copying and mailing costs.

Right to Amend

If you believe that your PHI is incorrect or incomplete, you may request that we amend it. We may deny your request in certain circumstances, but will provide you with a written explanation.

Right to an Accounting of Disclosures

You have the right to request an accounting of certain disclosures of your PHI that we have made. This accounting will not include disclosures made for treatment, payment, or healthcare operations.

Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI. We are not required to agree to your request, but if we do, we will comply with the agreed-upon restriction.

Right to Confidential Communications

You have the right to request that we communicate with you about your PHI by alternative means or at alternative locations. We will accommodate reasonable requests.

Right to Breach Notification

You have the right to be notified in the event of a breach of your unsecured PHI. We will notify you promptly if such a breach occurs.

Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this notice at any time, even if you have agreed to receive it electronically. Contact us at [email protected] to request a paper copy.

Our Security Safeguards

We maintain physical, technical, and administrative safeguards to protect your PHI:

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access to PHI is restricted to authorized personnel only through role-based access controls
  • We maintain comprehensive audit logs of all PHI access
  • Regular security assessments and penetration testing are conducted
  • All employees undergo HIPAA compliance training annually
  • Business Associate Agreements are in place with all third-party service providers

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.

To file a complaint with BillDecoder:

Email: [email protected]
Subject: HIPAA Privacy Complaint

To file a complaint with HHS:

Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

Contact Information

If you have questions about this notice or wish to exercise any of your rights, please contact our Privacy Officer:

BillDecoder Privacy Officer

Email: [email protected]

Address: 2810 N Church St #488173, Wilmington, Delaware 19802