info@upbillings.com
Facebook Instagram Linkedin
Consult Our Experts

Privacy Policy & HIPAA Compliance Statement

At Upbillings.com, we understand that in medical billing, data integrity is not just a service—it
is a legal and ethical mandate. This policy outlines how we handle Protected Health Information
(PHI) and provider data in strict accordance with the Health Insurance Portability and
Accountability Act (HIPAA).

1. Our Role: Business Associate Statement

Upbillings.com operates as a Business Associate to healthcare providers (“Covered Entities”).
We process, transmit, and store PHI solely for the purpose of performing healthcare billing,
claims management, and related financial operations. We do not provide services without a
signed Business Associate Agreement (BAA).

2. Information We Collect

We collect only the minimum necessary data required to execute billing services:

  • Provider Data: Practice names, NPI numbers, Tax IDs, and contact information.
  • Patient PHI: Names, dates of birth, Social Security Numbers (when required), insurance
    policy details, and ICD-10/CPT medical codes.
  • Technical Data: IP addresses and cookies used solely for website functionality and
    security logging.

3. Permitted Uses of Data

We use the information provided strictly for Treatment, Payment, and Healthcare Operations.
(TPO):

  • Processing and submitting insurance claims.
  • Managing patient statements and collections.
  • Conducting financial reporting and audits for the client practice.
  • Zero Tolerance Policy: We never sell, rent, or trade patient or provider data to third parties
    parties for marketing purposes.
  • 4. Technical & Physical Safeguards
  • We implement industry-leading security protocols to ensure data remains confidential and
    available:
  • Encryption: All data is encrypted using AES-256 standards at rest and TLS 1.2 or
    higher during transmission.
  • Access Control: We utilize Role-Based Access Control (RBAC). Only authorized billing
    Personnel have access to specific client data.
  • Multi-Factor Authentication (MFA): Mandatory for all staff accessing our billing
    platforms.
  • Audit Logging: Every instance of data access or modification is logged for compliance
    auditing.
  • 5. Patient Rights under HIPAA
  • As a Business Associate, we support the Covered Entity in fulfilling patient requests regarding:
  • Right to Access: Obtaining a copy of their billing records.
  • Right to Amendment: Correcting inaccuracies in billing information.
  • Accounting of Disclosures: Tracking who has accessed or received their PHI.

6. Data Retention & Destruction

We retain records in compliance with state and federal statutes (typically 6–10 years). Upon the
expiration of the retention period or termination of a contract, data is either returned to the
provider or destroyed via secure electronic shredding to ensure it cannot be recovered.

7. Breach Notification

In the event of a suspected or confirmed data breach, Upbillings.com will notify the affected
Covered Entity within 24 to 72 hours of discovery, enabling the provider to meet their
regulatory obligations to patients and the Department of Health and Human Services (HHS).
Contact Our Compliance Officer
For questions regarding this policy or to request a copy of our standard Business Associate Agreement
Agreement (BAA), please contact:
Email: info@upbillings.com
Address: 1500 N GRANT ST STE R DENVER, CO 80203