Privacy Policy

1.1 Website Visitors

When you visit our website, we may collect:

• Contact information (name, email, phone number) when you submit forms
• Practice information (practice name, specialty, location) for audit requests
• Device and browser information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, referring websites)
• Cookies and similar tracking technologies

1.2 Clients (Healthcare Providers)

When providing RCM services to clients, we collect and process:

• Practice and provider information (NPI, tax ID, credentials, specialties)
• Patient demographic and insurance information
• Protected Health Information (PHI) including diagnosis codes, treatment information
• Billing and financial data (charges, payments, adjustments)
• Insurance claims and payer correspondence

2.1 Website Information

We use website visitor information to:

• Respond to your inquiries and audit requests
• Send marketing communications (with your consent)
• Improve our website functionality and user experience
• Analyze website traffic and usage patterns
• Prevent fraud and ensure security

2.2 Client PHI and Practice Data

We use client data solely for:

• Providing revenue cycle management services (billing, coding, collections)
• Submitting claims to insurance payers on your behalf
• Managing accounts receivable and patient billing
• Coordinating lien management and settlement activities
• Generating reports and analytics for your practice
• Ensuring compliance with healthcare regulations

We do NOT sell, rent, or share PHI or client data with third parties for marketing purposes.

TrakLien is a HIPAA-covered Business Associate. We:

• Execute Business Associate Agreements (BAA) with all healthcare clients
• Implement administrative, physical, and technical safeguards to protect PHI
• Train all employees on HIPAA privacy and security requirements
• Conduct regular security risk assessments and audits
• Maintain incident response and breach notification procedures
• Encrypt all PHI in transit and at rest
• Limit access to PHI on a need-to-know basis

We comply with all HIPAA Privacy Rule, Security Rule, and Breach Notification Rule requirements.

We implement industry-leading security measures including:

• 256-bit SSL/TLS encryption for data transmission
• AES-256 encryption for data at rest
• Multi-factor authentication (MFA) for system access
• Regular security patches and updates
• Firewall protection and intrusion detection systems
• Secure, SOC 2 compliant data centers
• Regular penetration testing and vulnerability assessments
• Strict access controls and audit logging

We may share information in the following circumstances:

• With Insurance Payers: To submit claims and obtain reimbursement
• With Subcontractors: Who assist in service delivery (under BAA and NDA)
• For Legal Compliance: When required by law, subpoena, or court order
• Business Transfers: In connection with merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize disclosure

All third parties with access to PHI are required to maintain HIPAA compliance.

We retain data according to the following schedule:

• PHI and Medical Records: Minimum 7 years (per HIPAA and state laws)
• Billing and Financial Records: 7 years from date of service
• Client Contracts and BAAs: 7 years after termination
• Website Contact Forms: 2 years or until request fulfilled
• Marketing Data: Until you opt-out or request deletion

After retention periods expire, data is securely destroyed using industry-standard methods.

7.1 Website Visitors

You have the right to:

• Opt-out of marketing emails (via unsubscribe link)
• Request deletion of your contact information
• Disable cookies through your browser settings
• Request a copy of data we have collected about you

7.2 Patients (Subject to HIPAA)

For PHI-related requests, please contact your healthcare provider directly. As a Business Associate, we assist providers in fulfilling patient rights including:

• Right to access medical records
• Right to request amendments
• Right to accounting of disclosures
• Right to request restrictions on use/disclosure

Our website uses cookies and similar technologies for:

• Essential Cookies: Required for website functionality
• Analytics Cookies: To understand how visitors use our site (Google Analytics)
• Preference Cookies: To remember your settings (e.g., dark mode)

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

We may use third-party services including:

• Email service providers (for transactional and marketing emails)
• Cloud hosting providers (AWS, Microsoft Azure, or similar)
• Analytics platforms (Google Analytics)
• Payment processors (for billing services)

All third-party vendors handling PHI are HIPAA-compliant and sign Business Associate Agreements.

Our website and services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

In the event of a data breach involving PHI, we will notify affected clients and individuals as required by HIPAA Breach Notification Rule (within 60 days of discovery). We maintain comprehensive incident response procedures to minimize breach risk and impact.

All data is stored and processed within the United States. We do not transfer PHI internationally. If you are accessing our website from outside the U.S., your information may be transferred to and processed in the United States.

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated to clients with at least 30 days notice. The "Last Updated" date at the top indicates when changes were made.

For privacy-related questions, requests, or concerns, please contact: