Medical Accounts Group, LLC
Effective Date: January 1, 2025 | Last Updated: January 1, 2025
At Medical Accounts Group ("MAG," "we," "us," or "our"), we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.
As a medical billing and accounts management company, we handle Protected Health Information (PHI) and are committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and other applicable privacy laws.
In the course of providing medical billing and revenue cycle management services to healthcare providers, we may collect, process, and store PHI on behalf of our clients, including:
When you contact us or request information about our services, we may collect business contact information such as your name, email address, phone number, practice name, job title, and any other information you choose to provide.
When you visit our website, we automatically collect certain information about your device and browsing activity, including IP address, browser type, operating system, pages viewed, time spent on pages, and referring website addresses.
If you apply for a position with MAG, we collect information you provide in your application, resume, cover letter, and during the interview process.
We use PHI solely for the purposes authorized by our healthcare provider clients and as permitted by HIPAA, including:
We use business contact information to communicate with prospects and clients, respond to inquiries, provide customer service, send service updates, and improve our operations.
We use website usage information to analyze trends, administer the site, improve user experience, and enhance our services.
Medical Accounts Group operates as a Business Associate under HIPAA. We enter into Business Associate Agreements (BAAs) with all healthcare provider clients, establishing our obligations to safeguard PHI and comply with HIPAA Privacy and Security Rules.
Policies, procedures, and workforce training
Secure facilities and workstation security
Encryption, access controls, and audit logs
Immediate reporting protocols in place
We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:
We share PHI with the healthcare provider client who engaged our services and as directed by that client.
We transmit claims and PHI to insurance companies, Medicare, Medicaid, and other payers for payment processing and claim adjudication.
We may engage trusted third-party service providers (subcontractors) who assist in our operations, such as technology vendors, data storage providers, and payment processors. All subcontractors are bound by BAAs and confidentiality agreements.
We may disclose information when required by law, court order, subpoena, or to comply with legal processes, investigate fraud, or protect the rights and safety of MAG, our clients, or others.
We implement comprehensive security measures to protect the confidentiality, integrity, and availability of all information in our possession:
256-bit SSL/TLS encryption for data in transit and AES-256 encryption for data at rest
Role-based access, multi-factor authentication, and minimum necessary access principles
HIPAA-compliant cloud hosting with redundant backups and disaster recovery plans
Annual security risk assessments and third-party penetration testing
Mandatory HIPAA and security awareness training for all employees
Comprehensive audit logs and real-time security monitoring systems
Important: While we implement industry-leading security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using reasonable and appropriate safeguards.
If you are a patient of one of our healthcare provider clients, your privacy rights regarding PHI are governed by your healthcare provider's Notice of Privacy Practices. For questions about your PHI, please contact your healthcare provider directly.
Under HIPAA, you generally have the right to access, amend, and request an accounting of disclosures of your PHI. These requests should be directed to your healthcare provider.
If you receive marketing emails from us, you may opt out at any time by clicking the "unsubscribe" link in the email or by contacting us at [email protected].
We retain PHI and other information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce agreements. PHI retention periods are determined by our BAAs with healthcare providers and applicable federal and state laws (typically 6-7 years).
Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 through our website. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page and update the "Last Updated" date at the top.
For material changes that significantly affect how we handle PHI, we will notify our healthcare provider clients in accordance with our BAAs. We encourage you to review this policy periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
For HIPAA-related inquiries, breach notifications, or to report security concerns: