Data Privacy & Security

Privacy Policy

Codes-For-MD is committed to safeguarding your organization's data and ensuring absolute adherence to federal healthcare privacy standards.

HIPAA & SOC 2 Ready Last Updated: May 1, 2026

1. Information We Collect

Codes-For-MD collects information necessary to deliver enterprise healthcare IT software, medical billing outsourcing, and clinical dictionary tools. This includes:

  • Account & Administrative Data: Names, work email addresses, telephone numbers, and secure login credentials.
  • Organization & Practice Details: Hospital/Clinic names, physical addresses, National Provider Identifiers (NPI), Tax IDs (TIN), and billing volume estimates.
  • System & Analytics Data: IP addresses, browser types, API request metadata, and audit log timestamps.

2. Protected Health Information (PHI) & HIPAA

As a prominent Revenue Cycle Management partner and healthcare software provider, Codes-For-MD routinely acts as a Business Associate under HIPAA regulations. All Protected Health Information (PHI) ingested through our billing pipelines, claim scrubbers, or clinical document repositories is strictly governed by our formal Business Associate Agreements (BAAs). PHI is isolated, encrypted, and accessible solely by authorized personnel performing explicit billing or technical validation tasks.

3. How We Use Collected Information

We utilize collected information to maintain seamless platform operations and ensure maximum financial reimbursement for our clients:

  • Executing electronic medical billing, claim submissions, and AR recovery workflows
  • Authenticating users, maintaining secure portal access, and logging audit trails
  • Providing technical assistance, software updates, and regulatory compliance notices
  • Enhancing NLP dictionary algorithms and clinical code search precision

4. Information Sharing & Third-Party Disclosure

Codes-For-MD enforces a strict policy against the sale, rental, or commercial exploitation of personal data or patient PHI. We only disclose information under the following limited circumstances:

  • Clearinghouses & Payers: Transmitting necessary clinical and financial claim data to insurance clearinghouses, CMS, and commercial payers for reimbursement.
  • Certified Subcontractors: Partnering with verified, HIPAA-compliant infrastructure providers (e.g., secure cloud hosting) who execute mandatory BAAs with Codes-For-MD.
  • Legal Mandates: Responding to lawful subpoenas, court orders, or mandatory federal audits conducted by HHS/OCR.

5. Enterprise Data Security & Encryption

Codes-For-MD deploys a defense-in-depth security architecture aligned with ISO 27001 and SOC 2 standards:

  • Encryption at Rest & in Transit: All databases, document repositories, and backups are encrypted using AES-256. Data in transit is secured via TLS 1.3.
  • Access Controls: Role-Based Access Control (RBAC), mandatory Multi-Factor Authentication (MFA), and strict principle of least privilege.
  • Vulnerability Management: Continuous network monitoring, automated intrusion detection, and routine independent penetration testing.

6. Data Retention & Archival Policies

Codes-For-MD retains administrative account data and financial billing records for the duration of your active SLA and in accordance with federal/state healthcare data retention mandates (typically 6 to 7 years for medical billing records). Upon formal contract termination, clients may request complete data extraction and certified destruction of PHI archives in accordance with BAA provisions.

7. User Rights & Privacy Controls

Authorized organization administrators have the right to review, update, or export their administrative profile data at any time via the SuperAdmin or Hospital portals. You may also opt out of non-essential marketing communications or newsletter subscriptions by utilizing the unsubscribe mechanisms provided.

8. Cookie Policy & Tracking Technologies

The Codes-For-MD public portal and administrative dashboards utilize session cookies and secure authentication tokens to verify user identity, prevent Cross-Site Request Forgery (CSRF), and maintain seamless portal navigation. You may adjust browser cookie settings; however, disabling mandatory session cookies will prevent access to secure administrative modules.

9. Contact Our Privacy Officer

If you have questions, require a formal BAA, or wish to report a potential privacy concern, please contact our dedicated HIPAA Privacy Officer at privacy@codes-for-md.com.