Privacy Policy & HIPAA Notice

Prismatica Health ("we," "our," or "us") is deeply committed to protecting the privacy, security, and confidentiality of our website visitors, clients, and their respective patients. This combined Privacy Policy and Notice of Privacy Practices outlines how we collect, utilize, share, and protect personal and Protective Health Information (PHI) in strict compliance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state and federal data protection laws.

1. HIPAA Compliance & Business Associate Agreements (BAA)

As a provider of third-party Revenue Cycle Management (RCM) and medical billing services, Prismatica Health acts as a Business Associate to our healthcare provider clients ("Covered Entities"). We are legally bound by HIPAA and the HITECH Act to safeguard all Protected Health Information (PHI) entrusted to us.

Before any PHI is transmitted, accessed, or processed, we execute a comprehensive Business Associate Agreement (BAA) with the Covered Entity. We utilize AES-256 military-grade encryption for data at rest and TLS 1.2+ for data in transit. Our staff undergoes mandatory, rigorous HIPAA compliance training annually.

2. Information We Collect

We may collect information in several ways depending on your interaction with Prismatica Health:

• Website Visitors (Public Data): When you visit our site, we may automatically collect standard web log data, including IP addresses, browser types, device information, and analytics utilizing cookies (e.g., Google Analytics). We do not collect PHI through our passive marketing site.
• Prospective Clients: When you fill out our "Free Practice Audit" form or contact us, we collect standard B2B information: Name, Email, Phone Number, Practice Name, and NPI (if provided voluntarily).
• Client Patient Data (PHI): Exclusively through secure clearinghouse FTP portals, encrypted EHR integrations, or our secure internal client platform. This includes patient demographics, medical records, diagnosis/CPT codes, insurance policies, and financial ledgers strictly necessary to perform medical billing functions.

3. How We Use Informaiton

We use the data collected strictly for the following operational purposes:

• To execute medical billing, claims submission, payment posting, and denial management on behalf of our clients.
• To interact with commercial insurance carriers, Medicare, and Medicaid to determine eligibility and secure prior authorizations.
• To provide customer support and communicate directly with our client partners.
• To monitor website analytics to improve user experience and marketing relevance (non-PHI data only).

We do NOT sell, rent, or lease Personal Information or PHI to third parties for any marketing or advertising purposes whatsoever.

4. Data Sharing & Third-Party Service Providers

We may share information with trusted third-party vendors purely to facilitate our business operations (e.g., secure cloud hosting providers, medical clearinghouses, EHR vendors). Any vendor that may come into contact with PHI must sign a downstream Business Associate Agreement and be fully HIPAA-compliant.

We will disclose information if required to do so by law, court order, or governmental regulation, including audits by the Department of Health and Human Services (HHS).

5. Cookies and Web Beacons

Our website utilizes cookies to track user sessions, maintain state, and analyze traffic patterns. You have the ability to accept or decline cookies through your browser settings. However, declining cookies may prevent you from fully utilizing all features of the Prismatica Health website.

6. Your Rights Regarding Your Data

Depending on your jurisdiction (such as CCPA regulations for California residents), you may have the right to request access to the personal data we hold about you, request corrections, or request deletion of your B2B marketing data. Please note that these rights do not apply to patient PHI, which is legally governed by the retention policies dictated by HIPAA and the Covered Entity (your doctor/hospital).

If you are a patient of a medical practice we service and wish to restrict your medical records or obtain a copy of your chart, you must contact your medical provider directly. Prismatica Health cannot legally alter or release patient data to individuals.

7. Security Safeguards

We implement a defense-in-depth security posture, including multi-factor authentication (MFA) for all system access, segregated networks, continuous intrusion detection monitoring (IDS/IPS), and strict role-based access controls (RBAC). Physical access to our processing centers is restricted by biometric security.

8. Changes to this Policy

Prismatica Health reserves the right to amend this Privacy Policy at any time to reflect changes in legal or regulatory obligations. Updates will be posted on this page with an updated "Last Updated" timestamp.