HIPAA COMPLIANT

Privacy Policy

How BillingClaw safeguards medical records, administrative credentials, and patient privacy.

Effective Date: May 24, 2026

At BillingClaw, LLC ("BillingClaw", "we", "us", "our"), we are committed to protecting the privacy, confidentiality, and security of healthcare providers ("Providers") and their patients. This Privacy Policy describes how we collect, use, store, and protect administrative and medical data when you use the BillingClaw claim audit, correction, and resubmission platform (the "Services").

1. Data Collection

To provide our automated medical claim audit services, BillingClaw collects data in two main categories:

  • Administrative & Account Information: Work email, billing administrator names, office phone numbers, provider specialties, states of operation, EHR connection details, and payment processing metadata.
  • Medical Claim Files & EHR Ingestion: Standard EDI 837 claim files, 835 Electronic Remittance Advice (ERA) files, Explanation of Benefits (EOB), procedural codes (CPT/HCPCS), diagnostic codes (ICD-10-CM), modifiers, provider NPIs, and relevant medical encounter document attachments.

2. How We Use Information

We use collected information strictly to execute HIPAA-compliant claim audits and resubmissions:

  • Analyzing medical billing denials to suggest appropriate modifiers or correction steps.
  • Programmatically queueing and transmitting corrected EDI claim payloads to clearinghouse partners.
  • Generating consolidated provider performance reports and weekly operational email notifications.
  • Maintaining secure audit logs and session access records to meet strict compliance mandates.

3. HIPAA & PHI Data Safeguards

BillingClaw is a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We enforce rigorous administrative, physical, and technical safeguards to secure Protected Health Information (PHI):

  • Absolute Schema Isolation: Every provider partner has their medical tables isolated inside a dedicated, isolated PostgreSQL tenant schema. Cross-tenant contamination is programmatically impossible.
  • PHI Firewall: Patient names, Social Security Numbers, subscriber IDs, and other high-risk direct identifiers are stripped or replaced by a strict, hard-exception-raising firewall before claim suggestion processing by deep learning layers.

4. Third Party Subprocessors

We collaborate only with highly vetted subprocessors that execute standard Business Associate Agreements (BAAs) and maintain industry-leading compliance postures:

  • Amazon Web Services (AWS): Inbound hosting, encrypted database storage, and secure email dispatches (via mock-validated SES).
  • Stripe: Payment processing and provider commission payouts under PCI-DSS Level 1 specifications.
  • Anthropic: Private, zero-retention API models utilized to formulate claim fix suggestions. No customer data or medical content is ever used for model training.

5. Data Retention & Deletion

We retain account and claim information as long as necessary to provide the Services, satisfy legal/contractual requirements, and uphold auditing standards. Upon termination of your Services, all tenant schemas and isolated databases are securely purged using cryptographic erasure within 30 days, unless longer retention is required by law.

6. Contact & Compliance Inquiries

If you have questions about this Privacy Policy, our HIPAA compliance safeguards, or wish to request data deletions, please contact our Compliance Officer at:

BillingClaw Compliance Office
Email: hello@billingclaw.io