Privacy Policy

iMarkRCM provides revenue cycle management (RCM), digital medical billing, and related administrative support services to healthcare providers, practices, and organizations. Protecting your privacy is a responsibility we take seriously. Throughout this Privacy Policy, “iMarkRCM,” “we,” “us,” or “our company” refers to the legal entity operating the iMarkRCM website, platforms, and services.

This Privacy Policy describes how we collect, use, disclose, secure, and protect personal information-bincluding, where applicable, Protected Health Information (PHI). It also explains the rights and choices available to users, clients, patients, and other individuals who interact with us. We encourage you to read this policy thoroughly and contact us if you have any questions.

Scope of This Privacy Policy & Identity of the Controller

This Privacy Policy applies to:

• Individuals who visit our website, web portals, or digital platforms.
• Healthcare providers, practices, and organizations that engage us for billing or RCM services.
• Patients whose information is processed by us as part of our billing operations on behalf of our clients.
• Job applicants, contractors, vendors, and business partners who interact with our company.
• Any other individuals who communicate with our company by email, phone, or through any other channel.

For the personal information we collect directly for our own business purposes (e.g., website visitors, marketing, hiring), iMarkRCM acts as a data controller.

For PHI or patient-related information provided to us by healthcare providers for billing services, iMarkRCM acts as a business associate or processor, processing data solely according to written agreements and applicable laws.

If you have privacy-related questions, requests, or concerns, you may contact:

Email: [email protected]

Key Definitions

To promote clarity, the following terms are used consistently throughout this Privacy Policy:

• “Personal Information” / “Personal Data” refers to information that identifies or could reasonably identify an individual.
• “PHI” (Protected Health Information) refers to individually identifiable health information protected under HIPAA when our company processes data on behalf of covered entities.
• “Processing” refers to any action taken with personal information, such as collecting, recording, storing, sharing, or deleting it.
• “Controller” refers to the entity that determines the purpose and means of processing personal data.
• “Processor” / “Business Associate” refers to an entity (like our company) that processes data on behalf of a controller or covered entity based on written agreements.
• “Service Provider” / “Sub-processor” refers to trusted third parties that assist us in operating our services under contractual confidentiality and security obligations.

These definitions reflect common privacy regulatory terms, including GDPR and HIPAA.

Categories of Information We Collect

We take care to collect only the information that is reasonably necessary to provide our services or fulfill legal obligations. Depending on your relationship with us, we may collect the following categories of information:

A. Identifiers

Such as your name, email address, telephone number, mailing address, practice or organization details, and user credentials when creating an account.

B. Account, Service & Billing Details

Information related to onboarding, contracts, claims, financial operations, tax identification numbers, and payment information (processed securely through authorized platforms).

C. Patient Information & PHI (When Applicable)

When performing RCM and billing services for healthcare providers, we may receive PHI including:

• Patient name, address, birthdate, and insurance information
• Diagnosis and procedure codes
• Treatment-related details
• Claim history and documentation

This information is handled under strict HIPAA-compliant safeguards.

D. Technical & Usage Information

Automatically collected data such as:

• IP address and device identifiers
• Browser and operating system details
• Session activity, logs, and timestamps
• Cookies and similar technologies that help us improve functionality and security

E. Communications & Interaction Records

Including emails, phone calls, support messages, inquiries, and any notes generated through customer service interactions. Call recordings, when used, are subject to applicable notification laws.

F. Employment & Professional Information

For applicants, we may collect résumés, qualifications, references, work history, certifications, and interview-related notes.

G. Aggregated or De-identified Data

We may compile de-identified datasets for statistical analysis or improving our services. Such information does not identify you.

How We Collect Information

We collect information through multiple channels, including:

A. Directly From You

When you:

• Submit forms on our website
• Create an account
• Engage our company for billing services
• Contact our support team
• Apply for employment
• Communicate with us by any means

B. From Healthcare Providers and Practices

Our billing and RCM services require receiving patient and practice data from our clients. We handle this information strictly according to contracts, BAAs, and privacy regulations.

C. Automatically Through Technology

We use cookies, tracking pixels, and log files to:

Secure our website

Improve performance

Understand visitor activity

Support troubleshooting and analytics

D. From Third Parties

We may receive limited personal information from:

• Verification services
• Insurance partners
• Public records
• Online lead-generation platforms
• Professional referral sources

All such data is managed responsibly and in compliance with applicable law.

5. How We Use Personal Information

Our company uses personal information for purposes including, but not limited to:

A. Providing Our Services

Processing claims, managing billing workflows, verifying insurance details, performing reconciliations, and executing other RCM functions.

B. Account Administration

Maintaining your account, authenticating your access, sending notices or updates, and handling billing or invoicing.

C. Customer Support

Responding to inquiries, troubleshooting issues, and improving service quality.

D. Security & Fraud Prevention

Detecting unauthorized access, monitoring for abuse, and implementing cybersecurity measures.

E. Compliance & Reporting

Maintaining records for legal, regulatory, audit, and reporting requirements.

F. Product Improvement & Analytics

Evaluating system performance, developing new features, enhancing user experience, and conducting internal research.

G. Marketing Communications

With your consent or where permitted by law, we may send newsletters, service updates, or promotional information. You may opt out at any time.

PHI & HIPAA Compliance

When performing services that involve PHI, our company acts as a HIPAA Business Associate and adheres to the following principles:

• Use and disclosure only as permitted under the Business Associate Agreement (BAA) with each covered entity.
• Security measures including encryption, access controls, audits, and staff training.
• Minimum necessary principle ensuring we use only the minimum data required for billing tasks.
• Incident response procedures for reporting and managing any potential breaches involving PHI.
• Record retention and disposal consistent with HIPAA and contractual requirements.

Our company remains committed to maintaining the highest standard of PHI protection.

Sharing and Disclosure of Information

We do not disclose personal information except as reasonably necessary for legitimate business operations or as required by law. Disclosures may include:

• Service Providers and Sub-processors assisting with hosting, analytics, communications, payment processing, or IT support
• Healthcare Providers and Clients requesting access to billing data or patient records
• Professional Advisors such as accountants, auditors, or legal counsel
• Regulators and Law Enforcement when compliance is legally mandated
• Corporate Transactions if we merge, acquire, or undergo reorganization, provided that privacy commitments persist

We do not sell personal information, nor do we share PHI for marketing or unrelated purposes.

International Data Transfers

If we transfer personal information across borders, for example, to servers or service providers located outside your country, we will implement reasonable safeguards such as:

• Standard Contractual Clauses
• Encryption and secure transmission protocols
• Additional measures required by applicable regulations

We will continue to ensure that your personal information receives appropriate protection regardless of where it is processed.

Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Enable essential website functionality
• Remember user preferences
• Improve site navigation and performance
• Conduct analytics and measure usage
• Support secure login sessions

Users may control cookies through browser settings or opt-out tools. Some essential cookies are required for system operation and cannot be disabled without impacting functionality.

Data Security

Our company uses administrative, technical, and physical safeguards designed to protect personal information and PHI. Measures may include:

• Encryption of data in transit
• Access controls and role-based permissions
• Firewalls and secure server configurations
• Regular audits, assessments, and monitoring
• Employee confidentiality agreements and training programs

While no system can guarantee complete security, we strive to maintain robust protections and continuously improve our security posture.

Data Retention

Our company retains personal information only for as long as it is reasonably necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law, regulation, or contractual obligation. The length of time we retain information varies based on the type of data and the reasons for which it was collected.

Examples include:

• Billing and claims-related information: Often retained for several years to comply with healthcare regulations, payer requirements, and audit obligations.
• Customer account and service records: Retained for the duration of the business relationship and for a reasonable period afterward to handle disputes, support inquiries, or comply with legal obligations.
• Technical logs and security-related data: Retained for operational, diagnostic, and security purposes for a limited period.
• Job applicant information: Retained for a reasonable time under employment laws or for future hiring considerations.

Once information is no longer required, we will securely delete, de-identify, or anonymize it in accordance with internal policies and applicable regulations.

Breach Notification

In the unlikely event of a data breach or security incident involving personal information or PHI, our company follows a structured incident response process. This includes:

• Promptly investigating the incident
• Assessing the nature and scope of the breach
• Taking necessary steps to mitigate harm
• Restoring the integrity of affected systems
• Implementing measures to prevent future occurrences

Where required by applicable law or contractual agreements, we will notify affected individuals, regulators, and customers within legally mandated timeframes. For PHI-related incidents, we comply with HIPAA breach notification rules and any relevant state laws.

Your Rights & Choices

Depending on your jurisdiction, you may have the right to request access, modification, deletion, restriction, or transfer of your personal information. We respect these rights and provide several methods for individuals to exercise them.

A. Rights That May Be Available to You

• Access: Request details about the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of information, subject to legal or contractual constraints.
• Restriction: Ask us to limit processing in certain circumstances.
• Data Portability: Request a copy of your information in a usable format.
• Objection: Object to certain types of processing, such as direct marketing.
• Withdraw Consent: When processing is based on consent, you may withdraw it at any time.

B. Submitting a Request

To exercise your rights, you may contact our company at:

Email: [email protected]

We may request additional information to verify your identity and prevent unauthorized access to personal information. We strive to respond to all legitimate requests within the timeframe required by applicable laws.

Communications & Marketing Preferences

We communicate with individuals for both operational and promotional purposes.

A. Operational Communications

These include appointment reminders, billing updates, service notices, and account information. Because they are necessary for service delivery, you may not opt out of these essential communications.

B. Marketing Communications

With your consent or where legally permitted, we may send newsletters, product updates, or promotional materials.

You can change your preferences anytime by:

• Clicking the "unsubscribe" link in marketing emails
• Contacting us at [email protected]

We honor opt-out requests as soon as reasonably possible.

Third-Party Links, Tools & Integrations

Our websites and platforms may contain links to third-party websites, embedded tools, or integrated services such as portals, payment processors, or analytics providers. Please note:

• We do not control third-party privacy practices
• We encourage you to review the privacy policies of any external websites you visit
• Any data you provide directly to third parties is governed by their policies

We are not responsible for information collected, used, or disclosed through third-party websites or services that are not operated by iMarkRCM.

Handling Legal Requests

Our company may be required to disclose personal information to government authorities, courts, or law enforcement agencies when legally obligated to do so. In such cases:

• We review the request to ensure it is valid and lawful
• We disclose only the minimum necessary information
• When permitted and appropriate, we may notify affected individuals or clients

We balance legal compliance with our commitment to safeguard privacy.

Cross-Border Data Considerations for International Users

If you access our website or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate.

We take steps to ensure that such transfers comply with applicable data protection laws, including implementing contractual and technical safeguards. By using our services, you acknowledge that your information may be transferred to these locations for the purpose of providing services to you.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in laws, technology, or our operational practices. When updates are made:

• We will revise the "Last Updated" date at the top of the policy
• In the event of material changes, we may provide additional notice such as emails, banners, or alerts
• Continued use of our website or services after changes take effect constitutes acceptance of the revised policy

We encourage you to review this Privacy Policy regularly to stay informed about how our company protects your information.

Contact Information & Complaint Resolution

If you have questions, concerns, or requests related to this Privacy Policy or our privacy practices, you may contact us at:

iMarkRCM Privacy Office

Email: [email protected]

If we are unable to resolve your concern, you may have the right to file a complaint with a relevant data protection authority depending on your jurisdiction.

We are committed to responding to all privacy inquiries respectfully, promptly, and in accordance with applicable regulations.