Privacy Policy

Overview

ChargeInsight RCM ("Company," "we," "us," or "our") is committed to protecting your privacy and handling your information with transparency, integrity, and care. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website, use our services, or engage with us in connection with our Revenue Cycle Management (RCM) solutions.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services immediately.

ChargeInsight RCM operates in strict compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and all applicable federal and state privacy regulations.

If you have any questions about this Privacy Policy at any time, please contact our Privacy Officer at info@chargeinsightrcm.com.

Definitions

For clarity and consistency, the following terms carry the meanings defined below throughout this Privacy Policy:

Information We Collect

We collect information in several ways, depending on how you interact with us and our services. Below is a detailed breakdown of the categories of information we collect:

3.1 Information You Provide Directly

When you contact us, fill out a form, request a consultation, or engage our services, you may provide:

• Full name, job title, and professional credentials
• Business name and practice type or specialty
• Email address, phone number, and mailing address
• Insurance and payer account information
• National Provider Identifier (NPI) and Tax Identification Number (TIN)
• Practice management and EHR system details
• Messages, inquiries, and correspondence
• Payment and billing information for our service fees

3.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information through cookies and similar technologies, including:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Device type (desktop, mobile, tablet)
• Pages visited, time spent on pages, and navigation paths
• Referring website URLs and exit pages
• Date, time, and duration of your visit

3.3 Protected Health Information (PHI)

As a Business Associate under HIPAA, ChargeInsight RCM may receive, process, and transmit Protected Health Information on behalf of our Covered Entity clients. This PHI is handled exclusively under the terms of a signed Business Associate Agreement (BAA) and is never used for any purpose other than providing the contracted services. For questions regarding PHI handling, contact us at info@chargeinsightrcm.com.

3.4 Third-Party Sources

We may receive information about you from third-party sources, including payer databases, public professional registries, referral partners, and technology integration partners. We use this information solely to provide and improve our services.

How We Use Your Information

We use the information we collect for the following purposes:

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. If you have questions about specific uses of your data, please write to info@chargeinsightrcm.com.

Information Sharing & Disclosure

ChargeInsight RCM does not sell or share your personal information with third parties except in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party vendors who assist us in operating our platform and delivering services, including cloud hosting providers, payment processors, analytics tools, and EHR integration partners. These vendors are contractually obligated to use your information solely to provide services to us and are prohibited from using it for any other purpose.

5.2 Healthcare Partners

In delivering our RCM services, we transmit data to insurance payers, clearinghouses, Medicare/Medicaid programs, and other healthcare entities as necessary to process claims and obtain authorizations — strictly under signed BAAs and applicable regulatory guidelines.

5.3 Legal Compliance

We may disclose information when required by law, regulation, court order, subpoena, or government authority. We will notify you of any such disclosure to the extent permitted by law.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

5.5 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

HIPAA & Protected Health Information

ChargeInsight RCM functions as a Business Associate under HIPAA. We are fully bound by HIPAA's Privacy Rule, Security Rule, and Breach Notification Rule in all activities involving Protected Health Information.

6.1 Business Associate Agreement

All clients whose services involve the creation, receipt, maintenance, or transmission of PHI must execute a Business Associate Agreement (BAA) with ChargeInsight RCM prior to service commencement. Our BAA template is available upon request at info@chargeinsightrcm.com.

6.2 Permitted Uses of PHI

We use and disclose PHI only as permitted or required by HIPAA and the applicable BAA, including:

• Processing and submitting health insurance claims
• Obtaining prior authorizations from payers
• Verifying patient insurance eligibility and benefits
• Managing claim denials, appeals, and AR follow-up
• Credentialing providers with payers and government programs
• Providing medical coding and documentation services
• As required by law, including reporting to regulatory bodies

6.3 Minimum Necessary Standard

We apply the HIPAA minimum necessary standard to all uses and disclosures of PHI, ensuring that only the information necessary to accomplish the intended purpose is accessed or disclosed.

6.4 Breach Notification

In the event of a breach of unsecured PHI, ChargeInsight RCM will notify affected Covered Entities without unreasonable delay and no later than 60 calendar days from discovery of the breach, in accordance with HIPAA's Breach Notification Rule. Breach-related inquiries should be directed to info@chargeinsightrcm.com.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand how visitors interact with our content.

7.1 Types of Cookies We Use

7.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Please note that disabling cookies may affect the functionality of certain parts of our website.

For questions about our cookie practices, contact us at info@chargeinsightrcm.com.

Data Security

The security of your information is a top priority at ChargeInsight RCM. We implement a comprehensive set of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

8.1 Technical Safeguards

• 256-bit AES encryption for all data at rest
• TLS 1.2/1.3 encryption for all data in transit
• Multi-factor authentication (MFA) for all system access
• Role-based access controls with least-privilege principles
• Continuous intrusion detection and threat monitoring
• Regular penetration testing and vulnerability assessments
• Automated security patching and update management

8.2 Administrative Safeguards

• Annual HIPAA Privacy and Security training for all staff
• Formal workforce sanction policy for policy violations
• Documented information security policies and procedures
• Background checks for all employees with PHI access
• Annual third-party security audits (SOC 2 Type II)

8.3 Physical Safeguards

• Restricted access to server facilities and workstations
• Secure disposal of physical media containing PHI
• Workstation use policies and screen lock requirements

Despite our efforts, no method of electronic transmission or storage is 100% secure. If you believe your information has been compromised, please contact us immediately at info@chargeinsightrcm.com.

Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with our legal, regulatory, and contractual obligations.

Upon expiration of the applicable retention period, we securely delete or anonymize your information. To request early deletion of your data (where legally permissible), contact us at info@chargeinsightrcm.com.

Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information. To exercise any of these rights, submit a written request to info@chargeinsightrcm.com.

We will respond to all verified requests within 30 calendar days. In complex cases, we may extend this period by an additional 30 days with written notice. To submit a request, email info@chargeinsightrcm.com.

Third-Party Links & Services

Our website may contain links to third-party websites, portals, and services — including payer portals, EHR platforms, and industry resources. ChargeInsight RCM does not control and is not responsible for the privacy practices of these external sites.

We encourage you to review the privacy policies of any third-party websites you visit. The inclusion of a link on our website does not constitute our endorsement of that site's privacy practices.

If you have concerns about a third-party link found on our website, please notify us at info@chargeinsightrcm.com.

Children's Privacy

ChargeInsight RCM's website and services are intended exclusively for healthcare professionals, practice administrators, and business entities. We do not knowingly collect, solicit, or use personal information from children under the age of 13.

If we become aware that we have inadvertently collected personal information from a child under 13, we will delete such information promptly. If you believe we may have collected information from a minor, please contact us immediately at info@chargeinsightrcm.com.

While we may process medical billing records that include pediatric patient data on behalf of our Covered Entity clients, such processing is governed exclusively by applicable BAAs and HIPAA regulations.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, and the purposes for which it is used.
• Right to Delete: Request deletion of personal information we have collected, subject to legal exceptions.
• Right to Correct: Request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: ChargeInsight RCM does not sell or share personal information for cross-context behavioral advertising.
• Right to Limit Sensitive Information Use: Limit our use of sensitive personal information to permitted purposes only.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your California privacy rights.

California residents may exercise these rights by contacting us at info@chargeinsightrcm.com. We will verify your identity before processing your request and respond within 45 calendar days.

International Users

ChargeInsight RCM is based in the United States and our services are primarily intended for healthcare providers operating within the United States. If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located.

Data protection laws in the United States may differ from those in your country. By using our services from outside the United States, you consent to the transfer and processing of your information in the United States in accordance with this Privacy Policy.

If you are located in the European Economic Area (EEA) or the United Kingdom and have questions about international data transfers, please contact our Privacy Officer at info@chargeinsightrcm.com.

Changes to This Privacy Policy

ChargeInsight RCM reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, services, legal requirements, or for other operational reasons. We will notify you of material changes through one or more of the following methods:

• Posting the updated policy on this page with a revised "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our website or client portal

Your continued use of our website or services after the effective date of any modification constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

If you have questions about any changes to this policy, please contact us at info@chargeinsightrcm.com.

Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or the handling of your personal information, please do not hesitate to reach out. Our Privacy Officer and compliance team are available to assist you.

We are committed to resolving privacy inquiries promptly, transparently, and in accordance with applicable law. All privacy-related requests should be submitted in writing to ensure a proper audit trail.