BellMedex Medical Billing Services Privacy Policy

March 2nd, 2023

SCOPE AND PURPOSE:

This privacy policy (“Policy”) outlines how BellMedex Medical Billing and its affiliated companies, subsidiaries, and parent companies (referred to as “BellMedex,” “we,” “us,” “our,” and/or “BMDX”) collect, use, and disclose information obtained from you through various websites and applications, including www.bellmedex.com, that link to this Policy (collectively referred to as the “Sites”). This Policy also governs the collection of information that occurs offline, such as when you visit our physical offices, attend BellMedex events, or interact with our representatives at other events, or in any other circumstances where this Policy is made available to you.

The terms of this Policy are not applicable to BellMedex product offerings that have separate privacy policies or to third-party websites that we may link to. We have no control over and cannot be held responsible for the privacy practices of third-party websites. Therefore, we advise you to review any relevant privacy policies of these third-party websites independently.

BellMedex processes data on behalf of healthcare providers in accordance with the agreements we have with our customers. These agreements may require Business Associate Agreements as per the Health Insurance Portability and Accountability Act (“HIPAA”). Your healthcare provider may have its own policies and practices regarding the collection and use of your data. We are not responsible for how your healthcare provider handles your information, and it is advisable that you review their privacy policies.

WHAT ARE THE SERVICES OR FUNCTIONS PROVIDED BY BELLMEDEX?

BellMedex, headquartered in the United States, is a company that provides network-enabled services to healthcare, hospital, and ambulatory customers across the country. Our healthcare cloud-based solutions provide healthcare providers with various options such as electronic health records, patient engagement tools, and revenue cycle management. For further details regarding BellMedex, kindly refer to the “About” section on www.bellmedex.com.

WHAT KIND OF PERSONAL DATA DO WE GATHER?

Personal information is data that can be utilized to identify an individual. The specific types of personal information we gather depend on the nature of your interactions with us. In the last 12 months, we have obtained personal information that falls under the following broad categories:

Identifiers, which includes details like your name, email address, or IP address.

Information from our customer records, like your postal address or phone number.

Commercial information, such as information regarding products or services that you have purchased.

Electronic network activity information, such as your engagement with our website.

Professional or employment-related information, such as your job title or employer.

Geolocation data, which may include general location information (such as city/state) derived from your IP address or precise location information obtained via GPS-based functionality. In cases where we require precise geolocation information, we will seek your permission to collect or use it, in accordance with relevant legal requirements, particularly if it is classified as “sensitive” information under applicable law.

THROUGH WHAT MEANS DO WE COLLECT YOUR PERSONAL DATA?

We may obtain your personal information in various ways, which include the following:

Information that you directly provide to us, such as when you voluntarily fill out fields on the Sites, request specific services or information, participate in surveys, or contact our customer service. Depending on how you interact with us, we may ask for details like your name, organization/practice name, email address, phone number, and user type (e.g., patient, provider, partner). If you have an account with us, we may also collect login information like your username or Practice ID. If you attend our physical events or visit our offices, we may ask for information such as health and travel details to ensure the safety of our personnel, clients, guests, and the public.

Automatic data collection technologies, like those mentioned in the “Cookies and Automated Data Collection Technologies” section below, may be used to collect information about your device and your visit to our Sites. This data may include your IP address, geolocation, browser type, device type, mobile device identifiers, and activity reflecting your browsing history on our Sites (such as mouse movements, clicks, touches, scrolls, and keystrokes).

Information from other sources, such as lead generation companies, social networks, or business partners offering co-branded services or assisting with the sale or distribution of our products, may also be collected. We may also obtain information from other users of our services or publicly available sources.

IN WHAT WAYS DO WE UTILIZE YOUR PERSONAL DATA?

We utilize your personal information in the following ways:

In ways that are expected based on the reason for collecting it. For instance, if you contact us with a request for information, we will use your information to respond to your request. To provide, enhance, and improve our services, including optimizing our Sites’ functionality and identifying areas of interest for our visitors and users. Feedback from surveys, screeners, and other feedback mechanisms may be used to develop new products and services. To identify and authenticate you as an existing user or a prospective client. To enable cross-device/cross-context tracking for your account(s). To communicate with you through emails, newsletters, announcements, and other types of communication. To maintain the safety, security, and integrity of our Sites and services, and for legal compliance purposes. To ensure the safety of our personnel, clients, guests, and the public. For purposes explained at the time of collection or other business purposes consistent with the context of the collection.

We may use non-identifiable information (such as aggregated, anonymized, or de-identified data) for any purpose that is not prohibited by applicable law.

IN WHAT WAYS DO WE DISCLOSE OR EXCHANGE YOUR PERSONAL DATA?

The personal information we reveal for commercial purposes falls into these categories: identifiers, commercial data, internet activity, and geolocation data.

We may share your personal information outside of BellMedex in the following circumstances:

  • We may share your personal information with external service providers and vendors who offer us services, such as analytics, content management, advertisement administration, marketing-related insights, market research, and marketing efforts analysis.
  • We may collaborate with third-party providers who offer audience matching services. For example, we utilize the Facebook pixel on our non-patient-facing Sites and may share your email address with a social media service to aid in our social media marketing services. This enables us to locate additional potential customers with interests similar to yours. Some technology services may provide their own data to us, which we then upload into another technology service to identify common factors among those data sets.
  • We may share your personal information with our affiliates and related entities for business purposes, such as customer support, marketing, technical operations, and other business operations. We may also reveal your information to affiliates for commercial purposes.
  • If you make your information accessible or public to other users of the Sites, such as through posting reviews related to partners or other content, you should exercise caution as you are responsible for the content you post and how others may use it. Once you have posted information, you may not be able to modify or remove it.
  • We may disclose your personal information with our customers when you participate in our surveys as an authorized user, during the onboarding process, when providing feedback on our services, surveys conducted post-interaction with our support or training teams, and other surveys, such as focus groups and usability design activities like click tests, card sorts, and other tests and surveys in which you participate. If you complete a survey, we usually inform you beforehand that we will share your information with our customers.

We may also reveal your information to other entities in the following situations: When you provide us with your consent to share or utilize information about you; When we believe it is necessary to share information about you to fulfill a service you have requested from us or others; When we are legally obligated or compelled to disclose information, such as in response to a lawful request by public authorities or to meet national security or law enforcement requirements; When we deem it necessary to prevent legal violations or liability; To safeguard the rights, property, life, health, security, or safety of ourselves, the Sites, or anyone else; In the event of an actual or potential purchase, merger, or acquisition of all or a part of our business by an actual or potential buyer (and their agents and advisers); At your request or direction, such as when you elect to share information about your activities on the Sites with a social network; or With any other party with your consent and advance notice of the disclosure.

However, we may still disclose information that does not identify you and could not reasonably be used to identify you (including aggregated, anonymized, or de-identified data) as allowed by relevant laws. Concerning de-identified patient information, we only share such data with third parties if it is authorized under our agreements with our clients and is in accordance with the requirements of HIPAA or other applicable laws. We use either the safe harbor method or the expert determination method as set out in HIPAA. The third parties who receive the de-identified data include third-party vendors and service providers with whom we have partnerships or relationships, as well as academic researchers and institutions that contribute to the healthcare industry.

HOW DO WE SAFEGUARD AND RETAIN DATA

We safeguard your information using various security measures, including encryption for sensitive information. However, we can’t guarantee that your information is completely secure. We keep information for different periods depending on why we collected it, and we won’t keep it longer than needed unless required by law. Sometimes we may be unable to delete or de-identify your information for technical or operational reasons, but we’ll take steps to prevent further processing.

DATA COLLECTIONS METHODS AND TECHNOLOGIES INCLUDING COOKIES

Our websites use various automated data collection technologies including cookies, pixels, ad tags, SDKs, clear GIFs, session replay scripts, and Javascript to enhance user experience, gather statistical information on website usage, and maintain website security. Cookies, which are small text files stored on your device, are among these technologies and help the website to function effectively.

We use cookies and other similar technologies on our Sites to help us gather statistical information about how visitors use the Sites, maintain security, and improve your experience. Additionally, cookies enable us to deliver advertisements, some of which may be personalized based on your behavior on the Sites. To help us deliver these ads, we work with third-party partners who may collect information about you across our Sites and third-party sites over time to gain insights into the goods and services that may interest you. This information can also be used to associate different devices that you use.

To manage your cookie preferences, you can access the “cookie preferences” link located at the bottom of any of our websites.

TECHNOLOGY INTEGRATIONS AND SOCIAL MEDIA

Our services and websites may contain integrations with social media and technology platforms that are operated by separate entities. Additionally, we may collect information from third-party social media and marketing companies to improve our data sets. Our sites contain hyperlinks to websites, platforms, and other services that are not operated or controlled by us. We may use a pixel or SDK on our Sites that enables you to “like”, “share” or log in to your account through social media. If you decide to interact with this integration, we may receive information from the social network you have authorized to share with us. Please be aware that the social network may also collect information about you independently. We may provide our content on social media platforms, and any information you give us while interacting with our social media content will be handled in accordance with this Policy. If you publicly mention our Sites on social media, we may use your mention on or in relation to our Sites. Our Sites may allow you to link your account with a partner or another service to retrieve certain data about your account. If you link your account, we may obtain information such as your username and email address. To learn more about how these platforms handle your information, please refer to their respective privacy policies and terms of use.

When you engage with third-party entities, such as when you leave our Sites, they may collect information from you and store it according to their own policies and practices. This includes what information they share with us, your rights and choices, and where they store information. To understand how these entities handle your information, we recommend reviewing their privacy policies and terms of use.

RIGHTS FOR RESIDENTS OF APPLICABLE STATES

Residents of states with applicable consumer privacy laws may have the following rights: the right to know whether we process their personal information; the right to access their personal information; the right to correct inaccuracies in their personal information; the right to have their personal information deleted; the right to receive a portable and readily usable copy of their personal information; the right to opt out of the sale or sharing of their personal information; the right to opt out of the processing of their personal information for targeted advertising or automated decision-making purposes.

If you reside in a state that mandates prior consent for processing sensitive personal information for specific purposes, we will obtain such consent, and you may withdraw it at any time.

Residents of states with applicable privacy laws may exercise the aforementioned rights by:

BellMedex Medical Billing
Attn: Chief Compliance Officer
PO Box 88942
Seattle, WA  98138

We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain information may be exempt from such requests. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process.

Before responding to your request, we may ask you to provide information to verify your identity. We will respond to your request within the time period required by law and consider all requests. However, some information may be exempt from requests. If we deny your request, you may have the right to appeal the decision and we will provide information about the appeals process.

We aim to respond to your request as a consumer within 45 days of receiving it. If we need more time (up to 90 days), we will notify you in writing or by email and explain the reason for the extension.

Privacy Notice for Residents of California

Here are the categories of information we may have collected about you in the past year, along with the reasons for collection and the third parties with whom your personal information may have been shared, disclosed, or sold.

Categories: identifiers, information contained in our customer records, commercial information, internet or other electronic network activity information, professional or employment information, geolocation data, inferences drawn from other personal information.

Purposes for the collection or sharing: to provide, improve, and/or personalize the Sites, for marketing and advertising, for business operations, to identify where you have provided consent, as required by law, to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.

Third parties whom this data was disclosed, shared, or sold: service providers, third party partners, our related entities, other users through the Sites because you made your information public or otherwise accessible, with our customers, where you have given us your consent.

 If you are a California resident, you may have the following rights with respect to the personal information we process about you:

  • To request information about the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the purposes for collecting or sharing the personal information, the categories of third parties with whom we have shared or sold your personal information, and the specific pieces of personal information we have collected about you.
  • To request that we delete personal information that we have collected from you.
  • To request that we correct inaccurate personal information that we maintain about you.
  • To opt out of the sale or sharing of your personal information.

California residents may exercise the above rights by:

BellMedex Medical Billing
Attn: Chief Compliance Officer
PO Box 88942
Seattle, WA  98138

You, or a legally authorized representative, may submit a verifiable consumer request regarding your personal information. If you are making a request on behalf of a minor child, you may do so as well. To verify your identity, we may request information from you. We may require you to use your email address to verify your identity. Once we receive a request, we will respond within the time period required by law. Some information may be exempt from requests. If we deny your request, you have the right to appeal the decision. You may make a consumer request for access or data portability twice within a 12-month period. We will not discriminate against you for exercising your rights.

We strive to respond to consumer requests within 45 days of receiving them. However, if we need more time (up to 90 days), we will let you know the reason for the delay and the extended timeline through email or written communication. It’s important to note that any disclosures we provide will only pertain to the 12-month period leading up to the consumer request. Additionally, if we cannot fulfill a request, we will provide an explanation as to why we are unable to do so.

Shine the Light law (CA)

If you are a California resident, you may request information under California’s “Shine the Light” law (Civil Code Section § 1798.83) regarding our disclosure of personal information to third parties for their direct marketing purposes. Specifically, you may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To make such a request, please write to our Chief Compliance Officer at BellMedex Medical Billing, PO Box 88942, Seattle, WA, 98138. Please note that we may require additional information from you to verify your identity, and we are only required to respond to one request per calendar year.

SITE IS INTENDED FOR ADULTS 18 OR OVER, NOT MINORS

The Sites are not intended for individuals under the age of eighteen. BellMedex does not want to obtain any information from or about minors through the Sites. We do not knowingly collect personal information about children under the age of 13, as defined by the U.S. Children’s Privacy Protection Act (COPPA). If you are a parent or guardian and believe that we have collected information from your child in violation of the law, please contact us using the information provided in the “Contact” section below, and we will remove the data in compliance with applicable laws. We do not “sell” the personal information of California residents under the age of 16, as defined under the CCPA.

A INFORMATION WE COLLECT IS GOVERNED BY U.S. LAW REGARDLESS OF WHERE YOU ARE ACCESSING IT FROM

If you access our Sites from outside the U.S., please note that we are governed by U.S. law, and the information we collect may be processed, stored, and used in the U.S. and other locations. The data protection laws in the U.S. and other jurisdictions may differ from those in your country. By using our Sites or providing us with your information, you agree to the transfer, processing, usage, sharing, and storage of your information in the U.S. and other jurisdictions as described in this Policy.

PRIVACY POLICY UPDATES AND REVISIONS

We may update and modify this Policy at our discretion and at any time. Any changes will be posted on www.BellMedex.com, along with the effective date, and will be considered effective as of that date. Your continued use of the Sites after the posting of changes indicates your acceptance of the revised Policy.

HOW TO CONTACT US

If you have inquiries, remarks, or wish to exercise your rights under an applicable state law concerning this Policy, the ways in which BellMedex collects and uses your information as described here, or your choices and rights regarding such use, please contact us via:

BellMedex Medical Billing
Attn: Chief Compliance Officer
PO Box 88942
Seattle, WA  98138

If you have a disability and would like to access this Policy in an alternative format, please contact us at 888-987-6250.