Privacy Policy

At Satiscal Billing Solutions (“Satiscal,” “we,” “us,” or “our”), we are committed to protecting your privacy and maintaining the highest standards of data security. As a HIPAA-compliant medical billing service provider, we understand the critical importance of safeguarding Protected Health Information (PHI) and personal data.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. Please read this policy carefully.

1. HIPAA Compliance

Satiscal is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations, including the Privacy Rule, Security Rule, and Breach Notification Rule.

• We execute Business Associate Agreements (BAAs) with all covered entities we serve
• All employees undergo comprehensive HIPAA training and certification
• We implement administrative, physical, and technical safeguards to protect PHI
• Regular security risk assessments and audits are conducted
• We maintain detailed audit logs of all PHI access and modifications

2. Information We Collect

2.1 Protected Health Information (PHI)

In the course of providing billing services, we process PHI including:

• Patient names, addresses, dates of birth, and contact information
• Medical record numbers and health insurance information
• Diagnosis codes, procedure codes, and treatment information
• Insurance claims and payment information
• Provider notes necessary for billing and coding

2.2 Practice Information

From healthcare providers and practices, we collect:

• Practice name, address, and contact details
• Provider credentials (NPI, DEA, state licenses)
• EHR/Practice Management system access credentials
• Payer enrollment and contract information
• Banking information for payment processing

2.3 Website Visitor Information

When you visit our website, we may collect:

• Name, email address, phone number (when you contact us)
• IP address, browser type, and device information
• Pages visited and time spent on our website
• Referral source and clickstream data

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Billing Services

• Processing insurance claims and patient statements
• Medical coding and charge entry
• Payment posting and reconciliation
• Denial management and appeals
• Accounts receivable management

3.2 Credentialing and Enrollment

• Provider credentialing with insurance networks
• CAQH profile management
• Payer enrollment and re-enrollment
• License and certification verification

3.3 Reporting and Analytics

• Generating practice performance reports
• Analyzing denial patterns and trends
• Monitoring key performance indicators
• Providing financial insights and recommendations

3.4 Communication

• Responding to inquiries and service requests
• Providing customer support
• Sending service updates and notifications
• Marketing communications (with consent)

4. Data Storage and Security

4.1 Data Location

As a US-registered company operating from the UK, we store all PHI and sensitive data on HIPAA-compliant, encrypted servers located in the United States. All data transmission and storage comply with US healthcare regulations and HIPAA requirements.

4.2 Security Measures

We implement industry-leading security measures including:

• Encryption: End-to-end encryption (AES-256) for data at rest and in transit (TLS 1.3)
• Access Controls: Role-based access controls and multi-factor authentication
• Network Security: Firewalls, intrusion detection systems, and regular penetration testing
• Backups: Daily automated backups with secure offsite storage
• Monitoring: 24/7 security monitoring and incident response team
• Physical Security: SOC 2 Type II certified data centers with restricted access

4.3 Employee Training

All Satiscal employees complete mandatory HIPAA training upon hire and annually thereafter. Employees sign confidentiality agreements and are granted access only to information necessary for their job functions.

5. Information Sharing and Disclosure

We share information only as necessary to provide our services:

5.1 With Your Authorization

• Insurance companies and payers for claims processing
• Clearinghouses for electronic claims submission
• Patients for billing and payment collection

5.2 Business Associates

• Technology vendors (with signed BAAs) for system maintenance
• Payment processors for secure payment handling
• All business associates are HIPAA-compliant and contractually bound

5.3 Legal Requirements

We may disclose information when required by law, such as in response to court orders, subpoenas, or to comply with regulatory requirements. We will notify affected parties when legally permitted.

6. Your Privacy Rights

Under HIPAA and applicable privacy laws, you have the right to:

• Access: Request copies of your PHI in our possession
• Amendment: Request corrections to inaccurate or incomplete information
• Accounting: Receive an accounting of disclosures of your PHI
• Restriction: Request restrictions on certain uses and disclosures
• Confidential Communication: Request communications through alternative means
• Breach Notification: Be notified of any breaches affecting your information

To exercise these rights, please contact us at compliance@satiscal.com

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website traffic:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand how visitors use our site (Google Analytics)
• Performance Cookies: Improve website speed and performance

You can control cookies through your browser settings. Note that disabling cookies may limit website functionality.

8. Data Retention

We retain information in accordance with legal and regulatory requirements:

• PHI: Retained for 7 years after the last service date (per HIPAA requirements)
• Financial Records: Retained for 7 years (per IRS requirements)
• Credentialing Records: Retained while actively providing services plus 7 years
• Website Data: Retained for 26 months (Google Analytics standard)

After the retention period, data is securely destroyed using industry-standard methods including secure deletion, degaussing, or physical destruction.

9. Children’s Privacy

Our website and services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

10. International Data Transfers

While Satiscal operates from the UK, all client data and PHI is processed and stored exclusively in HIPAA-compliant facilities within the United States. We do not transfer PHI outside the US. Our international operations comply with both US healthcare regulations and applicable UK data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify clients of material changes via email and post the updated policy on our website with a new “Last Updated” date. Your continued use of our services after such modifications constitutes acceptance of the updated policy.

12. Breach Notification

In the unlikely event of a data breach affecting PHI, we will:

• Notify affected individuals without unreasonable delay (within 60 days)
• Notify the Department of Health and Human Services (if required)
• Notify prominent media outlets (for breaches affecting 500+ individuals)
• Provide information about the breach, its impact, and steps being taken

We maintain comprehensive cyber liability insurance and incident response procedures to minimize the risk and impact of any potential breach.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: