Privacy Policy – Restorative Medical Billing LLC
Privacy & Compliance

Privacy Policy

Restorative Medical Billing LLC is committed to safeguarding the privacy, confidentiality, and security of your personal and health information.

Effective Date: May 3, 2026
Last Updated: May 3, 2026
Jurisdiction: Delaware, USA
01

Introduction

Restorative Medical Billing LLC ("Company," "we," "us," or "our") is committed to safeguarding the privacy, confidentiality, and security of personal and health information. We provide medical billing and coding services including revenue recovery, insurance credentialing, revenue cycle management, and insurance verification.

This Privacy Policy reflects compliance with:

HIPAA (Health Insurance Portability and Accountability Act of 1996) Delaware Personal Data Privacy Act (DPDPA)

We function as a Business Associate to healthcare providers and other covered entities.

02

Scope of This Policy

This policy applies to:

  • Protected Health Information (PHI) received, created, maintained, or transmitted on behalf of covered entities
  • Personal data processed in the course of business operations
  • All workforce members, contractors, and systems used by the Company
03

Business Associate Agreement (BAA) Alignment

Restorative Medical Billing LLC operates strictly under executed Business Associate Agreements (BAAs) with all covered entity clients, as required under HIPAA.

A. Permitted Uses and Disclosures

We use and disclose PHI only as permitted or required by:

  • The applicable BAA
  • HIPAA Privacy Rule (45 CFR §164.502, §164.504)
  • Instructions from the covered entity

We do not use PHI for independent purposes outside the scope of services defined in the BAA.

B. Safeguards Requirement

In accordance with BAAs and HIPAA Security Rule, we:

  • Implement administrative safeguards (policies, workforce training, risk assessments)
  • Implement physical safeguards (facility access controls, workstation security)
  • Implement technical safeguards (encryption, secure access, audit controls)

C. Minimum Necessary Standard

We limit use, disclosure, and access to PHI to the minimum necessary to accomplish the intended purpose, consistent with:

  • 45 CFR §164.502(b)
  • BAA contractual obligations

D. Subcontractor Compliance

All subcontractors or vendors that create, receive, maintain, or transmit PHI on our behalf:

  • Are bound by written agreements requiring HIPAA compliance
  • Must agree to the same restrictions and conditions that apply to us under the BAA
  • Are monitored for compliance where applicable

E. Breach Notification Obligations

In the event of a breach of unsecured PHI, we will:

  • Notify the covered entity without unreasonable delay, and no later than 60 days from discovery (or stricter BAA terms if applicable)
  • Provide required details, including: nature of the breach, types of information involved, individuals affected, and mitigation actions taken

We fully comply with the HIPAA Breach Notification Rule (45 CFR §§164.400–414).

F. Reporting of Improper Use or Disclosure

We report to the covered entity any:

  • Unauthorized use or disclosure of PHI
  • Security incidents involving PHI
  • Violations of BAA terms

G. Access, Amendment, and Accounting Support

We support covered entities in fulfilling their obligations by:

  • Providing access to PHI as directed
  • Assisting with amendments/corrections
  • Maintaining records for accounting of disclosures

H. Return or Destruction of PHI

Upon termination of a contract or BAA:

  • PHI will be returned or securely destroyed, where feasible
  • If destruction is not feasible, protections will continue indefinitely
3A

SMS Messaging Disclosure & Consent

Restorative Medical Billing LLC may send SMS/text messages related to appointment reminders, billing notifications, credentialing updates, customer service communications, and other business-related notifications. By providing your mobile phone number, you consent to receive SMS messages from Restorative Medical Billing LLC.

  • SMS consent and mobile phone numbers are not shared with third parties or affiliates for marketing purposes.
  • Message frequency may vary depending on the nature of services and communication needs.
  • You may reply STOP at any time to opt out of future text messages.
  • You may reply HELP for additional information or support.
  • Message and data rates may apply based on your mobile carrier plan.
04

Information We Collect

A. Protected Health Information (PHI)

Includes but is not limited to:

  • Patient identifiers
  • Clinical and billing data
  • Insurance and claims information

B. Personal Data (Non-PHI)

Includes:

  • Contact information
  • Credentialing documentation
  • Financial and operational data
  • Website usage data
05

Legal Basis for Processing (DPDPA)

We process personal data based on:

  • Contractual necessity
  • Legal obligations
  • Legitimate business interests
  • Consent where required
06

Use of Information

We use information strictly to:

  • Perform billing and coding services
  • Manage claims and reimbursement
  • Conduct insurance verification
  • Support provider credentialing
  • Maintain compliance with legal requirements
07

Disclosure of Information

We disclose information only as necessary to:

  • Covered entities and authorized providers
  • Insurance companies and clearinghouses
  • Approved vendors under contractual safeguards
  • Legal authorities when required

We do not sell personal data.

08

Data Security

We maintain:

  • Encryption protocols
  • Secure authentication systems
  • Role-based access controls
  • Continuous monitoring and audit logs
  • Workforce HIPAA training
09

Data Retention

We retain data:

  • Minimum 6 years per HIPAA
  • Longer if required by contract or law

Data is securely destroyed or de-identified after retention periods.

10

Consumer Rights (DPDPA)

Delaware residents may exercise the following rights:

  • Access their data
  • Correct inaccuracies
  • Request deletion (subject to legal limits)
  • Obtain a portable copy
  • Opt out of certain processing

Requests can be submitted via:

11

HIPAA Individual Rights

Individuals may exercise rights through their healthcare provider, including:

  • Access to PHI
  • Amendments
  • Restrictions
  • Accounting of disclosures

We assist covered entities in fulfilling these obligations.

12

Cookies and Tracking

We may use cookies and analytics tools. Users can manage preferences via browser settings.

13

Data Breach Notification

We comply with:

  • HIPAA breach notification requirements
  • Delaware state breach laws
14

Children's Privacy

We do not knowingly collect data from children under 13 outside of healthcare operations managed by covered entities.

15

Third-Party Links

We are not responsible for external website privacy practices.

16

Changes to This Policy

We may update this policy periodically.

17

Contact Information

Restorative Medical Billing LLC
8 The Green
Dover DE 19901
18

Compliance Statement

Restorative Medical Billing LLC affirms full compliance with:

  • HIPAA Privacy, Security, and Breach Notification Rules
  • Business Associate Agreement obligations
  • Delaware Personal Data Privacy Act (DPDPA)