Privacy & Compliance
Privacy Policy
Restorative Medical Billing LLC is committed to safeguarding the privacy, confidentiality, and security of your personal and health information.
Restorative Medical Billing LLC ("Company," "we," "us," or "our") is committed to safeguarding the privacy, confidentiality, and security of personal and health information. We provide medical billing and coding services including revenue recovery, insurance credentialing, revenue cycle management, and insurance verification.
This Privacy Policy reflects compliance with:
HIPAA (Health Insurance Portability and Accountability Act of 1996)
Delaware Personal Data Privacy Act (DPDPA)
We function as a Business Associate to healthcare providers and other covered entities.
This policy applies to:
- Protected Health Information (PHI) received, created, maintained, or transmitted on behalf of covered entities
- Personal data processed in the course of business operations
- All workforce members, contractors, and systems used by the Company
Restorative Medical Billing LLC operates strictly under executed Business Associate Agreements (BAAs) with all covered entity clients, as required under HIPAA.
A. Permitted Uses and Disclosures
We use and disclose PHI only as permitted or required by:
- The applicable BAA
- HIPAA Privacy Rule (45 CFR §164.502, §164.504)
- Instructions from the covered entity
We do not use PHI for independent purposes outside the scope of services defined in the BAA.
B. Safeguards Requirement
In accordance with BAAs and HIPAA Security Rule, we:
- Implement administrative safeguards (policies, workforce training, risk assessments)
- Implement physical safeguards (facility access controls, workstation security)
- Implement technical safeguards (encryption, secure access, audit controls)
C. Minimum Necessary Standard
We limit use, disclosure, and access to PHI to the minimum necessary to accomplish the intended purpose, consistent with:
- 45 CFR §164.502(b)
- BAA contractual obligations
D. Subcontractor Compliance
All subcontractors or vendors that create, receive, maintain, or transmit PHI on our behalf:
- Are bound by written agreements requiring HIPAA compliance
- Must agree to the same restrictions and conditions that apply to us under the BAA
- Are monitored for compliance where applicable
E. Breach Notification Obligations
In the event of a breach of unsecured PHI, we will:
- Notify the covered entity without unreasonable delay, and no later than 60 days from discovery (or stricter BAA terms if applicable)
- Provide required details, including: nature of the breach, types of information involved, individuals affected, and mitigation actions taken
We fully comply with the HIPAA Breach Notification Rule (45 CFR §§164.400–414).
F. Reporting of Improper Use or Disclosure
We report to the covered entity any:
- Unauthorized use or disclosure of PHI
- Security incidents involving PHI
- Violations of BAA terms
G. Access, Amendment, and Accounting Support
We support covered entities in fulfilling their obligations by:
- Providing access to PHI as directed
- Assisting with amendments/corrections
- Maintaining records for accounting of disclosures
H. Return or Destruction of PHI
Upon termination of a contract or BAA:
- PHI will be returned or securely destroyed, where feasible
- If destruction is not feasible, protections will continue indefinitely
Restorative Medical Billing LLC may send SMS/text messages related to appointment reminders, billing notifications, credentialing updates, customer service communications, and other business-related notifications. By providing your mobile phone number, you consent to receive SMS messages from Restorative Medical Billing LLC.
- SMS consent and mobile phone numbers are not shared with third parties or affiliates for marketing purposes.
- Message frequency may vary depending on the nature of services and communication needs.
- You may reply STOP at any time to opt out of future text messages.
- You may reply HELP for additional information or support.
- Message and data rates may apply based on your mobile carrier plan.
A. Protected Health Information (PHI)
Includes but is not limited to:
- Patient identifiers
- Clinical and billing data
- Insurance and claims information
B. Personal Data (Non-PHI)
Includes:
- Contact information
- Credentialing documentation
- Financial and operational data
- Website usage data
We process personal data based on:
- Contractual necessity
- Legal obligations
- Legitimate business interests
- Consent where required
We use information strictly to:
- Perform billing and coding services
- Manage claims and reimbursement
- Conduct insurance verification
- Support provider credentialing
- Maintain compliance with legal requirements
We disclose information only as necessary to:
- Covered entities and authorized providers
- Insurance companies and clearinghouses
- Approved vendors under contractual safeguards
- Legal authorities when required
We do not sell personal data.
We maintain:
- Encryption protocols
- Secure authentication systems
- Role-based access controls
- Continuous monitoring and audit logs
- Workforce HIPAA training
We retain data:
- Minimum 6 years per HIPAA
- Longer if required by contract or law
Data is securely destroyed or de-identified after retention periods.
Delaware residents may exercise the following rights:
- Access their data
- Correct inaccuracies
- Request deletion (subject to legal limits)
- Obtain a portable copy
- Opt out of certain processing
Requests can be submitted via:
Individuals may exercise rights through their healthcare provider, including:
- Access to PHI
- Amendments
- Restrictions
- Accounting of disclosures
We assist covered entities in fulfilling these obligations.
We may use cookies and analytics tools. Users can manage preferences via browser settings.
We comply with:
- HIPAA breach notification requirements
- Delaware state breach laws
We do not knowingly collect data from children under 13 outside of healthcare operations managed by covered entities.
We are not responsible for external website privacy practices.
We may update this policy periodically.
Restorative Medical Billing LLC
8 The Green
Dover DE 19901
Restorative Medical Billing LLC affirms full compliance with:
- HIPAA Privacy, Security, and Breach Notification Rules
- Business Associate Agreement obligations
- Delaware Personal Data Privacy Act (DPDPA)