MedLink Analytics - Professional Medical Billing Services

Privacy Policy

Last Updated: December 12, 2025

Introduction

MedLink Analytics ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information and Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website medlinkanalytics.com, engage our medical billing and revenue cycle management services, or otherwise interact with our company.

As a healthcare business associate providing medical billing services, we are subject to the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. This Privacy Policy is designed to comply with HIPAA requirements, along with other applicable federal and state privacy laws.

Important Notice

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our website or services. This policy may change periodically, and your continued use after we make changes constitutes acceptance of those changes.

1. Information We Collect

1.1 Protected Health Information (PHI)

In the course of providing medical billing and revenue cycle management services, we collect, create, receive, maintain, and transmit PHI on behalf of our healthcare provider clients. This may include:

Patient names, addresses, dates of birth, and contact information
Social Security numbers and government-issued identification numbers
Health insurance information and subscriber details
Medical record numbers and account identifiers
Diagnosis codes, procedure codes, and clinical documentation
Treatment dates, provider information, and service locations
Payment and billing information
Other individually identifiable health information as defined by HIPAA

1.2 Personal Information from Website Visitors

When you visit our website or contact us for information, we may collect:

Contact Information: Name, email address, phone number, practice name, and mailing address
Professional Information: Practice specialty, number of providers, current billing system, and service inquiries
Communication Records: Content of messages sent through contact forms, emails, or phone calls
Technical Information: IP address, browser type, device information, operating system, and referring URLs

1.3 Automatically Collected Information

Our website uses cookies and similar tracking technologies to collect:

Pages visited, time spent on pages, and navigation patterns
Links clicked and content interactions
Search queries entered on our website
Geographic location data (based on IP address)
Session information and user preferences

1.4 Business Information

From our healthcare provider clients, we collect:

Practice management and operational data
Provider credentials, licenses, and National Provider Identifier (NPI) numbers
Tax identification numbers and banking information for payment processing
Payer contracts, fee schedules, and reimbursement agreements
Staff contact information and role assignments

2. How We Use Information

2.1 Use of Protected Health Information

We use and disclose PHI only as permitted by HIPAA regulations and as authorized by our healthcare provider clients through Business Associate Agreements. Permitted uses include:

Payment Activities: Processing insurance claims, posting payments, managing accounts receivable, and conducting collections
Healthcare Operations: Denial management, appeals, credentialing, quality improvement, and performance analytics
Administrative Functions: Legal compliance, auditing, business planning, and customer service
As Required by Law: Responding to court orders, government investigations, or other legal requirements

2.2 Use of Personal Information (Non-PHI)

We use personal information collected through our website and business operations to:

Respond to inquiries and provide information about our services
Process service agreements and onboard new clients
Communicate important updates, service changes, or regulatory information
Improve our website functionality, content, and user experience
Conduct market research and analyze service performance
Send marketing communications about our services (with opt-out options)
Prevent fraud, ensure security, and protect our legal rights
Comply with legal obligations and respond to law enforcement requests

2.3 De-identified and Aggregated Data

We may create de-identified data by removing all individually identifiable information in accordance with HIPAA standards. De-identified and aggregated data may be used for:

Industry benchmarking and comparative analytics
Service improvement and product development
Research and trend analysis
Marketing and business development purposes

Once properly de-identified, this data is no longer subject to HIPAA restrictions.

3. How We Share Information

3.1 Disclosure of Protected Health Information

We disclose PHI only as necessary to perform our services and as permitted under HIPAA:

Recipient	Purpose
Insurance Payers	Submitting claims, appeals, and payment inquiries
Healthcare Providers	Coordinating care, billing, and payment information
Clearinghouses	Electronic claims transmission and processing
Patients	Billing statements, payment arrangements, collections
Business Associates	Service providers who assist with our operations (under BAA)
Legal Authorities	Court orders, subpoenas, law enforcement requests

All disclosures follow the HIPAA minimum necessary standard, meaning we only share the minimum amount of information required to accomplish the intended purpose.

3.2 Third-Party Service Providers

We engage trusted third-party vendors who assist with business operations. These may include:

Cloud hosting and data storage providers
Software vendors and technology partners
Payment processors and banking institutions
Professional service providers (legal, accounting, consulting)
Marketing and analytics platforms

All service providers who may access PHI execute Business Associate Agreements and are contractually required to protect information confidentiality and security.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, information may be transferred to the successor entity. We will notify affected parties of any such transfer and ensure continued protection of information.

3.4 We Do Not Sell Information

MedLink Analytics does not sell, rent, or trade PHI or personal information to third parties for marketing purposes. We do not engage in data brokering or any activities that would compromise the confidentiality of client or patient information.

4. Data Security Measures

We implement comprehensive administrative, physical, and technical safeguards to protect information from unauthorized access, use, or disclosure:

4.1 Technical Safeguards

Encryption: Bank-level 256-bit AES encryption for data at rest and TLS 1.2+ encryption for data in transit
Access Controls: Multi-factor authentication, role-based access, unique user credentials, and automatic session timeouts
Network Security: Firewalls, intrusion detection systems, vulnerability scanning, and penetration testing
Secure Backup: Automated encrypted backups with geographically distributed storage
Audit Logging: Comprehensive activity logs with regular review and monitoring

4.2 Administrative Safeguards

HIPAA Compliance Program: Designated Privacy and Security Officers, written policies and procedures, regular risk assessments
Employee Training: Mandatory HIPAA and security awareness training for all staff, with annual refreshers
Workforce Agreements: Confidentiality agreements, acceptable use policies, and background checks
Incident Response: Documented breach notification procedures and response protocols
Vendor Management: Due diligence reviews and ongoing monitoring of third-party service providers

4.3 Physical Safeguards

Secure office facilities with controlled access and visitor logs
Workstation security policies and device encryption
Secure disposal procedures for documents and electronic media
Equipment inventory and asset management controls

Security Certifications

MedLink Analytics maintains industry-standard security certifications and undergoes regular third-party security audits. We continuously monitor emerging threats and update our security measures accordingly to protect against evolving cyber risks.

5. Data Retention

We retain information for as long as necessary to fulfill business purposes and comply with legal obligations:

5.1 PHI Retention

PHI is retained according to federal and state recordkeeping requirements, typically a minimum of seven (7) years from the date of service
Some states require longer retention periods, which we follow as applicable
Upon termination of services, PHI is returned to the covered entity or securely destroyed as directed by the Business Associate Agreement

5.2 Business Records

Client contracts and agreements: Duration of relationship plus seven (7) years
Financial records: Seven (7) years from fiscal year end
Audit logs and security records: Minimum of seven (7) years
Marketing and website data: Three (3) years or until opt-out request

5.3 Secure Destruction

When information reaches the end of its retention period, we ensure secure destruction through:

Secure data wiping using DoD-compliant methods for electronic media
Shredding or pulverizing physical documents and storage devices
Certificate of destruction documentation
Verification that subcontractors follow equivalent disposal procedures

6. Your Privacy Rights

6.1 Rights Regarding PHI (For Patients)

As a business associate, we do not directly manage patient rights requests. Patients should contact their healthcare provider (the covered entity) to exercise HIPAA rights, including:

Right to Access: Request copies of PHI we maintain on behalf of your provider
Right to Amendment: Request corrections to inaccurate or incomplete PHI
Right to an Accounting: Receive a list of certain disclosures of your PHI
Right to Restrictions: Request limitations on uses and disclosures of PHI
Right to Confidential Communications: Request alternative methods of communication

We will cooperate with covered entities to facilitate these rights within the timeframes required by HIPAA.

6.2 Rights Regarding Personal Information (Non-PHI)

For personal information collected through our website or business operations, you have the right to:

Access: Request a copy of personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information, subject to legal retention requirements
Opt-Out: Unsubscribe from marketing communications at any time
Data Portability: Request transfer of your data in a commonly used format
Object: Object to certain processing activities

6.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Privacy Officer
MedLink Analytics
1500 N Grant St STE 28340
Denver, Colorado CO 80203
Email: privacy@medlinkanalytics.com

We will respond to your request within thirty (30) days and will not discriminate against you for exercising your privacy rights.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

Essential Cookies: Necessary for website functionality, security, and navigation
Performance Cookies: Collect anonymous data about website usage and performance
Functionality Cookies: Remember your preferences and personalize your experience
Marketing Cookies: Track visits across websites to deliver relevant advertisements

7.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

View and delete cookies
Block third-party cookies
Block all cookies from specific websites
Block all cookies entirely
Delete all cookies when closing your browser

Note that blocking cookies may impact website functionality and your user experience.

7.3 Do Not Track Signals

Our website does not currently respond to Do Not Track (DNT) browser signals, as there is no consistent industry standard for DNT compliance.

8. Third-Party Links

Our website may contain links to third-party websites, including payer portals, professional associations, and industry resources. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

9. Children's Privacy

Our website and services are not directed to children under the age of 18. We do not knowingly collect personal information from minors through our website. If you believe we have inadvertently collected information from a minor, please contact us immediately so we can delete the information.

Note: We do process PHI for pediatric patients as part of our medical billing services on behalf of healthcare providers, but this is governed by HIPAA regulations and parental/guardian consent obtained by the provider.

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

10.1 Right to Know

You have the right to request disclosure of the categories and specific pieces of personal information we have collected, the sources of that information, the purposes for collection, and the categories of third parties with whom we share information.

10.2 Right to Delete

You have the right to request deletion of personal information, subject to certain exceptions for legal compliance, fraud prevention, and contractual obligations.

10.3 Right to Opt-Out of Sale

We do not sell personal information as defined by the CCPA. If our practices change, we will update this policy and provide opt-out mechanisms.

10.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights by denying services, charging different prices, or providing a different level of service.

10.5 Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

11. International Data Transfers

MedLink Analytics operates exclusively within the United States, and our services are provided to US-based healthcare providers. All data is stored on servers located within the United States. We do not intentionally transfer data internationally.

If you are accessing our website from outside the United States, please be aware that information you provide may be transferred to and processed in the United States, where privacy laws may differ from those in your country.

12. Data Breach Notification

In the unlikely event of a data breach involving PHI, we will:

Conduct an immediate investigation to determine the scope and impact
Notify affected covered entities within the timeframes required by the HIPAA Breach Notification Rule (typically within 60 days of discovery)
Cooperate fully with covered entities in notifying affected individuals, the Secretary of Health and Human Services, and, if applicable, the media
Take corrective actions to prevent future breaches
Document the incident and response in accordance with HIPAA requirements

For breaches involving personal information (non-PHI), we will notify affected individuals in accordance with applicable state breach notification laws.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. We will update the "Last Updated" date at the top of this policy when changes are made.

13.1 Notification of Material Changes

For material changes that significantly impact how we collect, use, or disclose information, we will:

Post a prominent notice on our website
Send email notifications to clients with active service agreements
Provide at least thirty (30) days notice before the changes take effect

13.2 Acceptance of Changes

Your continued use of our website or services after we post changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of our services and contact us to discuss your options.

14. Contact Information

Privacy Questions or Concerns?

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact:

Privacy Officer
MedLink Analytics
1500 N Grant St STE 28340
Denver, Colorado CO 80203
United States

Email: privacy@medlinkanalytics.com
General Inquiries: contact@medlinkanalytics.com
Website: www.medlinkanalytics.com

Response Time: We will respond to all privacy inquiries within thirty (30) days of receipt.

Filing a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with:

MedLink Analytics Privacy Officer at the contact information above
U.S. Department of Health and Human Services
Office for Civil Rights
Online: www.hhs.gov/ocr/complaints
Phone: 1-800-368-1019

We will not retaliate against you for filing a complaint.

15. Acknowledgment

By using our website or services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. You also acknowledge that we may collect, use, and disclose your information as described in this policy.

Thank you for trusting MedLink Analytics with your medical billing needs. We are committed to maintaining the highest standards of privacy and security to protect your information.