Effective Date: January 1, 2026
Our Role Under HIPAA
Bill Bridge RCMSs LLC ("Bill Bridge") operates as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. In this capacity, we handle Protected Health Information (PHI) on behalf of our provider clients (Covered Entities) solely to perform contracted billing, credentialing, and practice operations services.
We do not function as a Covered Entity and do not directly treat patients. PHI we receive is limited to what is necessary to submit insurance claims, follow up on denials, and manage the revenue cycle for our provider clients.
What is Protected Health Information?
Protected Health Information (PHI) is individually identifiable health information that relates to a patient's past, present, or future physical or mental health condition, the provision of healthcare, or the payment for healthcare services. In the context of our services, this typically includes patient names, dates of service, diagnosis codes (ICD-10), procedure codes (CPT), and insurance identifiers included in insurance claims.
How We Use and Disclose PHI
As a Business Associate, we use and disclose PHI only as permitted by our Business Associate Agreements with our provider clients and as required by applicable law. Permitted uses include:
- Treatment Payment Operations: Submitting insurance claims, processing payments, following up on denials, and posting remittances on behalf of the provider.
- Healthcare Operations: Preparing and transmitting claims data, conducting internal audits of billing accuracy, and training our billing staff.
- Required by Law: Disclosing PHI as required by federal or state law, court order, or lawful government request.
- Subcontractors: Sharing PHI with subcontractors (clearinghouses, practice management software) who are themselves bound by HIPAA Business Associate Agreements.
We do not sell, market, or use PHI for any purpose beyond what is necessary to perform contracted healthcare operations services.
Safeguards We Maintain
Bill Bridge maintains comprehensive administrative, physical, and technical safeguards to protect PHI, including:
- End-to-end encryption for all PHI in transit and at rest
- Role-based access controls limiting PHI access to authorized personnel only
- Annual workforce training on HIPAA compliance and privacy practices
- Business Associate Agreements with all subcontractors who access PHI
- Documented breach notification procedures in compliance with the HITECH Act
- Regular security risk assessments and vulnerability management
Breach Notification
In the event of a breach of unsecured PHI, Bill Bridge will notify affected Covered Entities without unreasonable delay and within 60 days of discovery, in accordance with the HITECH Act breach notification requirements. We maintain documented incident response procedures to ensure timely and appropriate response to any security incident.
Patient Rights
As a Business Associate, Bill Bridge does not directly fulfill patient rights requests. Patients seeking to exercise their HIPAA rights — including access to their records, requests for amendment, or restrictions on use — should contact their healthcare provider (our provider client) directly.
Business Associate Agreements
All provider clients who engage Bill Bridge RCMS for services that involve access to PHI must execute a HIPAA Business Associate Agreement (BAA) with Bill Bridge RCMS prior to the commencement of services. Our standard BAA is available upon request and incorporates all required provisions under 45 CFR §164.504(e).
Contact Our Privacy Officer
For questions regarding this HIPAA Notice, to report a potential privacy concern, or to request a copy of our Business Associate Agreement, please contact our Privacy Officer at:
Bill Bridge RCMSs LLC — Privacy Officer
32 N Gould St, Ste 49165, Sheridan, WY 82801
Phone: +1 (307) 216-8184
Email: Info@billbridgercms.com
Changes to This Notice
Bill Bridge RCMS reserves the right to update this HIPAA Notice at any time. Updated versions will be posted on this page with a revised effective date. Material changes will be communicated to active provider clients via email.