Privacy Policy

Welcome to ParaMed Billing Solutions ("ParaMed," "we," "our," or "us"). We are a U.S.-based medical billing and revenue cycle management company headquartered at Northgate Drive, Sherwood, AR 72120, USA.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, contact us via phone, email, or web form, or engage us for our billing and revenue cycle management services.

This policy applies to all information collected through our website, phone communications, email correspondence, and any related services, sales, marketing, or events.

We collect information you voluntarily provide when you contact us, request a quote, or engage our services, as well as information collected automatically when you visit our website.

Information you provide directly:

• Contact information: Full name, email address, phone number, practice name, and website URL (submitted through our contact and quote request forms)
• Service details: Service type requested (Medical Billing, Credentialing, Coding, Denial Management, etc.), healthcare type, preferred contact method, and preferred contact time
• Communications: Messages you send us via contact forms, email, phone calls, WhatsApp, or fax
• Professional information: Practice type, specialty, number of providers, EHR systems used, and current billing challenges you describe
• Billing and account data: Information necessary to provide revenue cycle management services, including payer information, provider credentials, and claim data

Information collected automatically:

• IP address and approximate geographic location
• Browser type, device type, and operating system
• Pages visited, time spent on pages, and referring URLs
• Cookies and similar tracking technologies (see Section 6)

We use the information we collect for the following purposes:

• Service delivery: To provide medical billing, credentialing, coding, denial management, revenue cycle management, and all related services you engage us for
• Communication: To respond to your inquiries, quote requests, and free audit requests via phone, email, WhatsApp, or fax — based on your preferred contact method
• Scheduling: To contact you during your preferred time window as specified in your inquiry form
• Account management: To set up, maintain, and manage your billing account and service relationship with ParaMed
• Billing operations: To submit claims, manage denials, post payments, and perform all revenue cycle management functions on your behalf
• Legal compliance: To comply with applicable laws including HIPAA, state billing regulations, and federal healthcare compliance requirements
• Quality improvement: To analyze and improve the quality and effectiveness of our services
• Marketing communications: To send you service updates, industry insights, and relevant billing information — only where you have provided consent or where permitted by law
• Security: To detect, prevent, and address technical issues and protect against fraud and unauthorized access

As a medical billing company, ParaMed handles Protected Health Information (PHI) as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). This section describes our specific obligations regarding PHI.

How we handle PHI:

• PHI is used exclusively to perform billing, coding, credentialing, and revenue cycle management services on behalf of the covered entity (your practice)
• We implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule
• All data is transmitted using AES-256 encryption
• Access to PHI is strictly limited to authorized personnel with a need-to-know
• We conduct annual HIPAA training for all staff who handle PHI
• In the event of a breach, we will notify the covered entity within 72 hours as required by the HIPAA Breach Notification Rule
• We undergo regular internal compliance audits and adhere to OIG billing guidelines

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• Service providers: With trusted third-party vendors (clearinghouses, EHR integration partners, payment processors) who assist us in providing our services, under confidentiality agreements
• Payers and insurance companies: When submitting claims on your behalf as part of our billing services
• Legal requirements: When required by law, court order, subpoena, or government authority
• Fraud prevention: To protect the rights, property, or safety of ParaMed, our clients, or others
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections
• With your consent: For any other purpose with your explicit prior consent

All third parties with whom we share personal or health information are required to maintain appropriate privacy and security standards consistent with this policy and applicable law.

Our website uses cookies and similar tracking technologies to improve your browsing experience and analyze site usage.

Managing cookies: You can control or disable cookies through your browser settings. Note that disabling certain cookies may affect website functionality. Most browsers allow you to refuse or delete cookies through their settings menus.

We do not respond to "Do Not Track" browser signals at this time, but we respect your right to control tracking through browser settings and applicable privacy tools.

Protecting your information is a core responsibility we take seriously. We implement multiple layers of security to safeguard your personal and health information:

• Encryption: AES-256 encryption for all data in transit and at rest
• Access controls: Role-based access controls ensuring only authorized personnel access sensitive data
• SOC 2 Type II: Our systems undergo independent SOC 2 Type II audits to verify our security, availability, and confidentiality controls
• Network security: Firewalls, intrusion detection systems, and regular vulnerability assessments
• Staff training: Annual HIPAA and data security training for all personnel
• Physical security: Controlled physical access to systems and facilities containing sensitive data
• Incident response: A documented incident response plan with 72-hour breach notification protocols

We retain your information only as long as necessary to fulfill the purposes outlined in this policy and to comply with our legal, regulatory, and contractual obligations.

When data is no longer needed, we securely destroy it in accordance with HIPAA media disposal requirements and applicable industry standards.

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request your data in a structured, machine-readable format
• Opt-out of marketing: Unsubscribe from marketing communications at any time by contacting us or using the unsubscribe link in emails
• Restrict processing: Request that we limit how we use your information in certain circumstances
• Object: Object to processing of your personal information in certain situations

Please note that certain rights may be limited where we have legitimate legal grounds for processing or where the information is required for compliance with applicable law.

Our website may contain links to third-party websites, including insurance company portals, EHR systems, and professional organizations. These external sites operate under their own privacy policies, and we have no control over their practices.

We encourage you to review the privacy policy of any third-party site you visit. ParaMed is not responsible for the privacy practices, content, or security of external websites.

Our website and services are directed to healthcare providers and medical practices — not to individuals under the age of 18. We do not knowingly collect personal information from children under 18 through our website or contact forms.

If you believe we have inadvertently collected information from a minor, please contact us immediately at info@paramedbilling.com and we will promptly delete such information.

Note: We may process health billing records for minor patients as part of our medical billing services. Such processing is covered under our HIPAA Business Associate Agreement with the covered entity.

We may update this Privacy Policy periodically to reflect changes in our practices, services, technology, or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify active clients via email to the address on file
• Post a prominent notice on our website for significant changes

Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us through any of the following channels. Our team responds within 24–48 business hours.