MedBNE
MedBNE
  • Home
  • Privacy_Policy
  • More
    • Home
    • Privacy_Policy
  • Home
  • Privacy_Policy

Privacy Policy

Effective Date: 01/15/2025


MedBNE Privacy Policy Overview

At MedBNE, we recognize the importance of safeguarding the privacy and confidentiality of our clients and their patients. This Privacy Policy outlines how we collect, use, store, and protect personal health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA), applicable state privacy laws in Massachusettsand other New England states, and other federal and state regulations.

By using MedBNE’s services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

  

1. Definitions

Protected Health Information (PHI): Refers to any individually identifiable health information, including demographic data, that relates to a person's health condition, provision of healthcare, or payment for healthcare services, and is protected under HIPAA.

Covered Entity: A healthcare provider, health plan, or healthcare clearinghouse that transmits PHI electronically.

Business Associate: MedBNE operates as a Business Associate under HIPAA regulations, providing medical billing and related services to healthcare providers and organizations.

Massachusetts Data Privacy Laws: MedBNE adheres to Massachusetts state law requirements, including the Massachusetts Data Privacy Law (M.G.L. c. 93H) and other state-specific health privacy regulations.

  

2. Information We Collect

MedBNE collects and processes the following types of information to provide our medical billing services:

Patient Information:

  • Names,      addresses, dates of birth, medical records, insurance details, diagnoses,      treatment records, and other personally identifiable health information      (PHI).

Provider Information:

  • Practice      details, National Provider Identifiers (NPIs), Tax Identification Numbers      (TINs), medical credentials, billing records, and operational details.

Business Operations Information:

  • Administrative      details relevant to the healthcare provider’s practice, including      contractual agreements, payment histories, and audit records.

  

3. How We Use Information

MedBNE uses collected information for the following purposes:

  • Billing      and Claims: To submit insurance claims, track and manage payments, and      handle billing inquiries.
  • Regulatory      Compliance: To ensure compliance with applicable federal and state      healthcare regulations, including HIPAA and Massachusetts state laws.
  • Data      Analytics and Reporting: To provide financial and operational reports,      audits, and other services necessary for the healthcare provider's billing      operations.

We will only use or disclose PHI as permitted or required by law or in accordance with our Business Associate Agreement (BAA) with covered entities.

  

4. Safeguarding PHI

MedBNE implements a comprehensive set of safeguards to protect PHI, ensuring compliance with HIPAA and state data privacy laws:

Administrative Safeguards:

  • Workforce      training on HIPAA compliance, data privacy, and security best practices.
  • Written      policies and procedures to manage PHI securely, ensuring all employees      understand their roles in protecting PHI.

Technical Safeguards:

  • Use of      industry-standard encryption (e.g., AES 256-bit encryption) for data      transmission and storage.
  • Role-based      access controls, ensuring only authorized personnel have access to      sensitive data.
  • Ongoing      system audits and monitoring to detect unauthorized access or breaches.

Physical Safeguards:

  • Secure      access-controlled facilities where PHI is stored and processed.
  • Secure      disposal of physical documents containing PHI through shredding and other      methods that prevent unauthorized access.

  

5. Disclosure of Information

MedBNE will disclose PHI only as permitted or required by law, including:

  • To      Healthcare Providers: As necessary for treatment and payment purposes.
  • To      Insurance Companies: For processing claims, verifying payment, and      coordinating healthcare benefits.
  • To      Comply with Legal Obligations: Such as in response to court orders,      subpoenas, or law enforcement requests.

We will not disclose PHI for marketing purposes or sell PHI to third parties.

Third-Party Disclosures: MedBNE may share PHI with trusted third-party vendors (e.g., software providers, outsourced billing services) who are bound by Business Associate Agreements to ensure the protection of PHI.

  

6. Business Associate Agreement (BAA)

MedBNE signs Business Associate Agreements (BAAs) with all covered entities to outline our responsibilities regarding PHI protection, including:

  • Secure      handling and transmission of PHI.
  • Compliance      with applicable HIPAA regulations.
  • Notification      procedures in case of a data breach.

We ensure that any third-party vendors who have access to PHI also sign BAAs and comply with HIPAA and applicable state laws.

  

7. Your Rights

Patients and healthcare providers have certain rights under HIPAA and applicable state laws regarding their PHI, including:

  • Access      to Records: Individuals may request access to their medical records by      contacting the healthcare provider directly.
  • Correction      of Errors: Providers or patients may request corrections to inaccurate      or incomplete information.
  • Restriction      of Use: Providers and patients may request restrictions on how their      information is used or disclosed, in accordance with applicable laws.
  • Data      Portability: Patients have the right to request an electronic copy of      their health information in a common format, where applicable.

  

8. Data Retention

MedBNE retains PHI for the duration of the business relationship with the healthcare provider and for as long as necessary to fulfill our contractual and legal obligations.

  • For      healthcare providers, we retain records for a minimum of 7 years     following the last treatment or service provided, or as required by      applicable state laws.
  • Once      no longer necessary, we securely destroy or anonymize PHI, following best      practices for data destruction.

  

9. Breach Notification

In the event of a data breach involving PHI, MedBNE will comply with applicable federal and state laws, including HIPAA and Massachusetts state breach notification requirements.

  • Notification      Process: MedBNE will notify affected covered entities without      unreasonable delay, and within 60 days of discovering a breach, as      required by HIPAA.
  • Breach      Details: Notifications will include details about the breach,      including the type of information affected, the number of individuals      affected, and steps taken to mitigate any harm.

  

10. Changes to This Privacy Policy

MedBNE reserves the right to modify or update this Privacy Policy periodically. When changes are made, the updated policy will be communicated to our clients.

  • Notification      of Changes: We will notify our clients via email or other direct      communications when there are significant updates to this policy.
  • Effective      Date: Changes to this Privacy Policy will be effective as of the      updated date indicated at the top of this document.

  

11. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your rights under HIPAA and applicable state laws, please contact us at:

MedBNE
175 Dwight Road, Longmeadow, Massachusetts 01106, USA

Phone: +1-(413) 200-2477

Email: enquiry@medbne.com

  

By using MedBNE's services, you acknowledge that you have read, understood, and agreed to the terms outlined in this Privacy Policy.

Copyright © 2025 MedBNE - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept