Talk to an Expert

Book an Appointment

In this call we will talk about issues relating to your insurance billing, coding, credentialing, and collections!
We allow practices to realize outstanding insurance balances that are owed to you and your business.


Book Appointment

Book an Appointment

In this call we will talk about issues relating to your insurance billing, coding, credentialing, and collections!
We allow practices to realize outstanding insurance balances that are owed to you and your business.


HIPAA Privacy Policy

Effective Date: September 1st, 2024
Last Updated: September 1st, 2024

This HIPAA Privacy Policy (“Policy”) outlines how Prime RCM (“Company,” “we,” “our,” or “us”) collects, uses, discloses, and protects health information in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other applicable federal and state regulations governing the confidentiality, security, and privacy of Protected Health Information (PHI).

Prime RCM is committed to safeguarding the privacy and security of our clients’ health information, including compliance with all relevant U.S. federal laws, regulations, and guidelines, as well as applicable state laws in Florida.

  1. Protected Health Information (PHI)

Under HIPAA, Protected Health Information (PHI) includes any individually identifiable health information related to the past, present, or future physical or mental health or condition of an individual. This information may be collected, used, or disclosed only as permitted by law.

PHI includes, but is not limited to:

  • Patient names
  • Medical records and history
  • Diagnoses, treatments, or prognoses
  • Health insurance information
  • Billing and payment information related to health services
  • Social Security numbers, if relevant to medical services
  1. Collection of PHI

Prime RCM collects PHI in the performance of its revenue cycle management (RCM) and medical billing services. PHI may be collected through various means, including but not limited to:

  • Medical and healthcare service providers
  • Electronic health records (EHRs)
  • Patients or their representatives
  • Insurance companies
  1. Use and Disclosure of PHI

Prime RCM will use and disclose PHI only as permitted or required by HIPAA and other applicable federal and state laws. We may use and disclose PHI for the following purposes:

  • Treatment: We may disclose PHI to healthcare providers involved in the care of the patient.
  • Payment: We may use and disclose PHI to obtain reimbursement for services provided, including billing and collections activities.
  • Healthcare Operations: We may use and disclose PHI for administrative, legal, or quality improvement activities that are necessary for the operation of our business.
  • Business Associates: We may share PHI with third-party service providers (“Business Associates”) who perform services on our behalf. All Business Associates are required to enter into Business Associate Agreements (BAAs) with us and are legally bound to protect the confidentiality of PHI.
  • Compliance with Legal Requirements: We may disclose PHI when required by law, such as in response to court orders, subpoenas, or other legal processes, or to comply with reporting requirements from regulatory authorities.

We do not sell, trade, or rent PHI to third parties for any commercial purposes.

  1. Authorization for Use and Disclosure

Except as outlined in this Policy, we will not use or disclose PHI for any other purpose without obtaining the patient’s explicit, written authorization. Patients have the right to revoke such authorizations at any time, except to the extent that we have already acted on the authorization.

  1. Patient Rights

Under HIPAA and applicable laws, individuals have certain rights concerning their PHI, including but not limited to:

  • Right of Access: Patients have the right to inspect and obtain copies of their PHI, subject to certain exceptions permitted by law.
  • Right to Amend: Patients have the right to request amendments to their PHI if they believe that the information is incorrect or incomplete.
  • Right to an Accounting of Disclosures: Patients may request an accounting of certain disclosures of their PHI that have been made without their authorization, as required by law.
  • Right to Request Restrictions: Patients have the right to request restrictions on how their PHI is used or disclosed, though we are not legally obligated to agree to such requests.
  • Right to Confidential Communications: Patients can request that we communicate with them through alternate means or at alternative locations to ensure the privacy of their PHI.
  • Right to File a Complaint: If a patient believes their privacy rights have been violated, they have the right to file a complaint with us or with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS).
  1. Data Security and Safeguards

Prime RCM employs administrative, physical, and technical safeguards to protect PHI from unauthorized access, use, disclosure, and destruction. These safeguards comply with HIPAA’s Security Rule and other relevant regulations, including but not limited to:

  • Encryption: All electronic PHI (ePHI) is encrypted both at rest and in transit, using industry-standard encryption protocols.
  • Access Control: Access to PHI is limited to authorized personnel who require access to perform their job functions. Each user is assigned a unique identifier for access control and audit purposes.
  • Data Integrity: Measures are in place to ensure the integrity of PHI and to protect it from unauthorized modification or deletion.
  • Audit Controls: We maintain logs and tracking mechanisms to monitor and record access to PHI and ensure compliance with privacy and security policies.
  • Regular Training: All employees are regularly trained on HIPAA compliance, PHI protection, and the latest privacy and security measures.
  1. Breach Notification

In the event of a breach of unsecured PHI, Prime RCM will comply with HIPAA’s Breach Notification Rule and applicable state laws, including those in Florida. We will notify affected individuals, the Department of Health and Human Services (HHS), and, where required, the media.

Our breach notification will include the nature of the breach, the types of information involved, the steps we are taking to mitigate harm, and the measures individuals can take to protect themselves.

  1. Business Associates

As required by HIPAA, Prime RCM enters into Business Associate Agreements (BAAs) with all third parties that perform services involving PHI on our behalf. These Business Associates are required to protect PHI in accordance with HIPAA and other applicable laws. In the event that a Business Associate is responsible for a data breach, they must comply with all notification and remediation requirements.

  1. Retention of PHI

We will retain PHI only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Our retention practices comply with the HIPAA Privacy and Security Rules, as well as federal and state laws regarding medical records retention, including Florida-specific regulations.

  1. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect or maintain PHI from individuals under the age of 18 without parental or guardian consent, except as permitted by law. If we become aware that we have inadvertently collected PHI from a minor, we will take immediate steps to delete such information.

  1. Changes to this HIPAA Privacy Policy

Prime RCM reserves the right to modify this HIPAA Privacy Policy at any time. We will notify clients and Business Associates of any material changes in our privacy practices, and updated policies will be posted on our Website at https://www.myprimercm.com/. Continued use of our services after the effective date of any changes will be deemed acceptance of the updated Policy.

  1. Contact Information

If you have any questions or concerns regarding this HIPAA Privacy Policy or how we handle PHI, please contact us at:

  • Prime RCM
  • Address: 15442 Ventura Blvd., STE 201-470, Sherman Oaks, CA, 91403
  • Phone: (786) 887-2027
  • Email: info@myprimercm.com
  1. Governing Laws

This HIPAA Privacy Policy complies with all applicable federal laws and regulations, including but not limited to HIPAA, HITECH Act (Health Information Technology for Economic and Clinical Health), the Omnibus Rule, and relevant provisions of the Code of Federal Regulations (CFR) governing privacy and security of PHI. It also complies with all relevant state laws, particularly those of Florida, governing the protection and confidentiality of health information.

This Policy is legally sound, covers all aspects of HIPAA and related regulations, and reflects our commitment to the highest standards of privacy and security for health information.

Schedule a Free Consultation Online

Request an appointment with us.

Schedule a Call

Get Started Today

Choose the best package for your practice.

See Our Pricing Plan

Prime RCM is a full service medical billing company that handles every aspect of your billing process, from coding and claims to payment and follow-up. We have the expertise and methods to tackle any billing challenge, no matter the scope or specialty of your practice. With Prime RCM has 10 years of experience in medical billing services and is trusted by healthcare providers nationwide.

Join Our Mailing List

Quick Links

We are:
hipaa-logo-whitesmall

Our Services

Prime RCM INC

177-11 Union Tpke, Fresh Meadows, New York 11366
15442 Ventura Blvd., STE 201-470, Sherman Oaks, CA, 91403

Follow Us on Social
Instagram Linkedin Facebook

Copyright –

Prime RCM

©2025 – All Rights Reserved