Legal

Privacy Policy

  • Last Updated: May 1, 2026
  • Version 2.3

ProvidaRCM (“we,” “our,” or “us”) is committed to protecting the privacy and security of the information we collect from our clients, website visitors, and business partners. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have regarding your information.

By using our website at providarcm.com or engaging our medical billing and revenue cycle management services, you agree to the practices described in this Privacy Policy.

Table of Contents

Section 01

Information We Collect

We collect information in several ways depending on how you interact with us. The types of information we collect include:

Information You Provide Directly

  • Name, email address, phone number, and practice name when you fill out a contact or consultation request form
  • Medical specialty, number of providers, and billing volume when requesting a quote or proposal
  • Account login credentials if you access our billing portal or reporting dashboard
  • Payment and billing information when you subscribe to our services
  • Communications you send us via email, phone, or our website contact form

Information Collected Automatically

  • IP address, browser type, operating system, and device information
  • Pages visited, time spent on pages, and navigation patterns on our website
  • Referring website and search terms used to find our site
  • Cookies and similar tracking technologies (see our Cookie Policy below)

Protected Health Information (PHI)

As a medical billing services provider, we receive and process PHI on behalf of our healthcare provider clients. This includes patient names, dates of birth, insurance information, diagnosis codes, procedure codes, and billing records. This information is handled exclusively under the terms of our Business Associate Agreement and in compliance with HIPAA.

Section 02

How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and improve our medical billing and RCM services
  • To communicate with you about your account, services, and billing matters
  • To respond to inquiries, consultation requests, and support questions
  • To send service updates, compliance alerts, and billing industry news (you may opt out at any time)
  • To process payments and manage billing for our services
  • To analyze website usage and improve our online presence
  • To comply with legal obligations, including HIPAA requirements
  • To detect, prevent, and address fraud, security breaches, and technical issues
  • To fulfill our contractual obligations to healthcare provider clients

Section 03

HIPAA Compliance & Protected Health Information

ProvidaRCM operates as a Business Associate under HIPAA for all healthcare provider clients we serve. As such, we are legally required to maintain the privacy and security of all Protected Health Information (PHI) we receive, process, or transmit on behalf of our clients.

Our HIPAA commitments include:

  • Executing a Business Associate Agreement (BAA) with every healthcare provider client before accessing or processing any PHI
  • Using PHI only for the purposes outlined in the BAA and as permitted by HIPAA
  • Implementing administrative, physical, and technical safeguards to protect PHI
  • Reporting any breach of unsecured PHI to our clients in accordance with HIPAA Breach Notification Rules
  • Ensuring all subcontractors and vendors who handle PHI on our behalf also sign BAAs and comply with HIPAA
  • Not disclosing PHI to any third party except as required to perform billing services or as required by law

If you are a patient whose information has been processed by ProvidaRCM as part of medical billing for your healthcare provider, please contact your provider directly regarding your rights under HIPAA, including the right to access, amend, or restrict the use of your health information.

Section 04

How We Use Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

Service Providers

We share information with trusted third-party service providers who assist us in operating our business, including cloud hosting providers, payment processors, email communication platforms, and analytics services. All service providers are contractually required to protect your information and may only use it for the specific services they provide to us.

Healthcare Payers and Clearinghouses

As part of providing medical billing services, we transmit claim data to insurance payers, Medicare, Medicaid, and healthcare clearinghouses on behalf of our provider clients. This is done strictly in accordance with our BAA and HIPAA requirements.

Legal Requirements

We may disclose information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of ProvidaRCM, our clients, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our business, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website prior to your information becoming subject to a different privacy policy.

Section 05

Data Security

We take the security of your information seriously and implement industry-standard safeguards to protect it from unauthorized access, disclosure, alteration, and destruction.

Our security measures include:

  • 256-bit SSL/TLS encryption for all data transmitted to and from our website and systems
  • Encrypted storage for all sensitive data at rest
  • Role-based access controls limiting data access to authorized personnel only
  • Multi-factor authentication for all system access
  • Regular security audits, vulnerability assessments, and penetration testing
  • Employee training on data privacy, security, and HIPAA compliance
  • Secure, SOC 2-compliant data centers for all cloud infrastructure
  • Incident response and breach notification procedures

Section 06

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and analyze website performance. Cookies are small text files stored on your device when you visit our site.

Types of cookies we use:

  • Essential Cookies: Required for the website to function properly. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). This data is aggregated and anonymized.
  • Functional Cookies: Remember your preferences and settings to improve your experience.
  • Marketing Cookies: Used to track visitors across websites and display relevant advertisements. These are only activated if you provide explicit consent.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our website. For more information, visit allaboutcookies.org.

Section 07

Data Retention

We retain your information for as long as necessary to provide our services and comply with our legal obligations.

  • Client account information: Retained for the duration of the service relationship and for 7 years after termination, as required by healthcare billing regulations
  • Medical billing records (PHI): Retained in accordance with applicable state and federal laws, typically 7–10 years depending on the state
  • Website analytics data: Retained for 26 months in anonymized form
  • Email communications: Retained for 3 years for business records purposes
  • Financial transaction records: Retained for 7 years as required by tax and accounting regulations

When information is no longer needed, we securely destroy or anonymize it in accordance with our data retention policy and HIPAA requirements.

Section 08

Your Rights & Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  1. Right to Access: Request a copy of the personal information we hold about you
  2. Right to Correction: Request that we correct inaccurate or incomplete information
  3. Right to Deletion: Request that we delete your personal information, subject to legal retention requirements
  4. Right to Restrict Processing: Request that we limit how we use your information in certain circumstances
  5. Right to Data Portability: Request a machine-readable copy of your personal information
  6. Right to Object: Object to certain types of processing, including direct marketing
  7. Right to Withdraw Consent: Withdraw consent for processing based on consent at any time
  8. Right to Opt Out of Marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in our emails

To exercise any of these rights, please contact us at privacy@providarcm.com. We will respond to all legitimate requests within 30 days.

Section 09

Third-Party Links & Services

Our website may contain links to third-party websites, including scheduling tools (such as Calendly), payment processors, and healthcare software platforms. We are not responsible for the privacy practices of these third-party sites and encourage you to review their privacy policies before providing any personal information.

Third-party services we may integrate with include:

  • Google Analytics — for website usage analysis
  • Calendly — for consultation scheduling
  • Stripe or similar payment processors — for billing
  • Mailchimp or similar — for email communications
  • Healthcare clearinghouses — for claim submission

Section 10

Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@providarcm.com and we will promptly delete such information.

Section 11

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this page
  • Notify active clients via email at least 30 days before the changes take effect
  • Post a prominent notice on our website homepage

Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

Table of Contents

Privacy Questions?

Our Privacy Officer is available to answer any questions about how we handle your data.

Contact Our Team