HIPAA Privacy Policy

HIPAA Privacy Policy

Effective Date: 01/01/2026

Last Updated: 01/01/2026

ProficientNow Health Care (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and security of Protected Health Information (“PHI”) in compliance with HIPAA, the HITECH Act, and all applicable federal and state healthcare privacy laws. This policy explains how PHI is accessed, used, disclosed, protected, and safeguarded in the course of providing medical coding and related healthcare support services.

1. Our Role and Responsibilities Under HIPAA

ProficientNow Health Care functions as a Business Associate to healthcare providers, hospitals, clinics, physician groups, billing companies, and other Covered Entities as defined under HIPAA. We do not act as a Covered Entity and do not provide direct patient care.

We access PHI only to perform services on behalf of our clients and only after a valid Business Associate Agreement (BAA) is in place.

  • Access occurs only when authorized by a Covered Entity.
  • A signed BAA is required before PHI is created, received, maintained, or transmitted.
  • PHI is accessed solely for purposes permitted under HIPAA and applicable law.

2. Types of Information We Handle

In the course of delivering services, ProficientNow Health Care may handle the following categories of information:

  • Protected Health Information (PHI) and patient demographics
  • Clinical and encounter documentation
  • Diagnosis, procedure, treatment, and medical history details
  • Coding and billing-related data
  • Provider, facility, and operational data
  • We do not intentionally collect PHI directly from patients through this website.

3. Permitted Uses and Disclosures of PHI

  • Performing medical coding services and related quality assurance and audit functions
  • Reviewing documentation for accuracy and compliance
  • Supporting administrative and operational functions requested by the Covered Entity
  • Complying with legal, regulatory, or governmental requirements
  • Responding to lawful requests from Covered Entities
  • PHI is never sold, rented, or used for marketing purposes.

4. Minimum Necessary Standard

We apply the Minimum Necessary Standard to every PHI interaction. Access is limited to what is required for assigned duties.

  • Role-based access permissions define who can view specific PHI.
  • PHI is not accessed, used, or disclosed beyond the defined scope of services.

5. Administrative Safeguards

  • Documented HIPAA Privacy and Security policies and procedures
  • Designated compliance oversight and governance
  • Workforce training on HIPAA, privacy, and data security
  • Confidentiality and non-disclosure agreements
  • Incident response and breach management processes
  • Ongoing compliance reviews and internal audits

6. Technical Safeguards

  • Secure authentication mechanisms with unique user identification
  • Role-based access controls and least-privilege permissions
  • Encryption of data in transit and at rest
  • Secure system configurations and access restrictions
  • Logging, monitoring, and audit trails for system activity
  • Regular system updates and security maintenance

7. Physical Safeguards

  • Restricted access to office premises and controlled workstations
  • Secure work environments with clean desk practices
  • Protection against unauthorized access to systems and records
  • Secure handling, storage, and disposal of physical documents

8. Workforce Privacy and Confidentiality

  • Mandatory HIPAA and privacy training for employees, contractors, and authorized personnel
  • Signed confidentiality and non-disclosure agreements
  • PHI access granted strictly based on job role
  • Disciplinary action for privacy or security violations

9. Business Associate Agreement (BAA)

A HIPAA-compliant BAA is executed with each client before PHI is accessed or processed. The BAA defines permitted uses, safeguards, breach notification responsibilities, subcontractor requirements, and PHI return or destruction upon termination.

10. Subcontractors and Third Parties

  • Vendors are evaluated for appropriate security practices.
  • Access to PHI is limited and controlled based on necessity.
  • Contractual safeguards are applied where required.
  • Compliance obligations are enforced in accordance with HIPAA.

11. Data Retention and Secure Disposal

  • PHI is retained only as long as necessary to fulfill contractual, legal, or regulatory obligations.
  • Upon termination or completion of services, PHI is returned to the Covered Entity or securely destroyed.
  • Secure deletion and disposal methods align with the BAA and applicable laws.

12. Breach Detection and Notification

  • Suspected or confirmed breaches of unsecured PHI are investigated immediately.
  • Containment and mitigation measures are applied without delay.
  • Covered Entities are notified without unreasonable delay.
  • We support breach assessment, reporting, and compliance with HIPAA breach notification requirements.

13. Website Privacy and Online Interactions

Our website may collect limited non-PHI information such as IP addresses, browser and device details, pages visited, and contact form submissions. Visitors should not submit PHI through website forms, email, or other unsecured channels.

14. Changes to This HIPAA Privacy Policy

We may update this HIPAA Privacy Policy to reflect changes in laws, regulations, or internal practices. Revised versions will be posted on this page with an updated effective date.

15. Contact Information

For questions about this HIPAA Privacy Policy or our privacy practices, contact:

ProficientNow Health Care

Email: privacy@proficientnow.com

Phone: +1 (408) 461-0096

Address: 1449 S Michigan Ave STE 13294, Chicago, IL 60605