Introduction

Ascent Medical Billing (“AMB,” “we,” “us,” or “our”) is committed to protecting the privacy and security of all personal and health-related information entrusted to us by healthcare providers, their staff, and patients.

This Privacy Policy governs how we collect, use, store, and protect your information across our website (ascentmedicalbilling.com) and all associated services. By using our services, you agree to the terms described in this policy.

1. Information We Collect

Ascent Medical Billing collects several categories of information necessary to deliver accurate and compliant medical billing services.

Personal Identification Information

Full name, job title, and professional credentials

Business name, National Provider Identifier (NPI), and Tax ID

Mailing address, email address, and phone number

Login credentials for our billing platform or client portal

Protected Health Information (PHI)

Patient demographics such as name, date of birth, address, and insurance details

Diagnosis codes (ICD-10), procedure codes (CPT/HCPCS), and encounter data

Insurance Explanation of Benefits (EOBs) and remittance advice (ERA)

Claim records, payment history, and denial information

Website & Technical Data

IP address, browser type, operating system, and device identifiers

Pages visited, referral sources, and session duration through analytics tools

Form submissions, contact inquiries, and newsletter sign-ups

Cookies and other tracking technologies

HIPAA Notice:

All PHI transmitted to Ascent Medical Billing is handled under a signed Business Associate Agreement (BAA) and protected in accordance with HIPAA and the HITECH Act.

2. How We Use Your Information

Information collected is used strictly to operate and improve the medical billing and revenue cycle services we provide.

Primary Uses

Medical billing and coding for insurance claims

Accounts receivable management and denial reduction

Eligibility verification for patient insurance coverage

Charge entry and payment posting

Financial reporting and practice analytics

Compliance monitoring with HIPAA and payer regulations

Customer support and technical assistance

Improving service performance using aggregated data

We do not sell or use personal data for third-party advertising.

3. HIPAA & Protected Health Information

Ascent Medical Billing operates as a Business Associate under HIPAA and must legally protect all PHI accessed on behalf of healthcare providers.

Our HIPAA Commitments

Use PHI only for treatment, payment, and healthcare operations

Implement required administrative, physical, and technical safeguards

Report any PHI breach according to HITECH timelines

Provide HIPAA training for all workforce members

Apply the minimum necessary access standard

Maintain continuous risk analysis and compliance monitoring

4. Data Sharing & Disclosure

Ascent Medical Billing does not sell or rent personal information. Data may only be shared under limited circumstances.

Permitted Disclosures

Insurance payers for claim processing

Clearinghouses used for claim transmission

Healthcare providers and authorized practice staff

HIPAA-compliant subcontractors with signed BAAs

Legal requirements such as court orders or regulatory requests

Business transfers such as mergers or acquisitions

All sharing follows HIPAA’s minimum necessary rule.

5. Data Security & Encryption

Ascent Medical Billing implements strict security practices to protect sensitive information.

Technical Safeguards

AES-256 encryption for stored data

TLS 1.2 / TLS 1.3 encryption for data transmission

Role-based access controls (RBAC)

Multi-factor authentication (MFA)

Audit logging of PHI access

Security audits and vulnerability testing

Secure data centers with 24/7 monitoring

Intrusion detection and prevention systems

Administrative Safeguards

Annual HIPAA privacy and security training

Incident response and breach notification procedures

Confidentiality agreements for all personnel

Ongoing risk analysis and security improvements

6. Cookies & Website Tracking

Our website uses cookies to improve functionality and analyze visitor behavior.

Types of Cookies

Strictly Necessary Cookies – required for site functionality

Performance & Analytics Cookies – anonymous visitor insights

Functional Cookies – remember preferences and settings

Marketing Cookies – measure marketing effectiveness (with consent)

PHI is never stored in cookies.

7. Data Retention

We retain information only as long as required by law or business necessity.

Typical retention periods include:

Medical billing records: 7 years minimum

Pediatric patient records: 10 years

Business Associate Agreement records: 6 years

Website analytics data: up to 24 months

Customer support records: 3 years

Security audit logs: minimum 6 years

After expiration, data is securely destroyed using approved methods.

8. Your Rights & Choices

Depending on applicable law, you may have certain rights regarding your personal information.

Available Rights

Request access to your personal data

Request correction of inaccurate information

Request deletion where legally permitted

Request restrictions on data processing

Receive a copy of your data in a portable format

Withdraw marketing consent

File a complaint with a data protection authority

Patients should contact their healthcare provider regarding medical record rights.

9. Third-Party Services

Our website may include links or integrations with third-party platforms.

We are not responsible for third-party privacy practices

Users should review external privacy policies

Vendors handling PHI must sign HIPAA Business Associate Agreements

Security assessments are performed before vendor onboarding

10. Children’s Privacy

Our website is not directed to individuals under the age of 13.

We do not knowingly collect personal data from children. When pediatric billing data is processed, it is done strictly under the direction of the healthcare provider and in compliance with HIPAA and applicable laws.

11. Policy Updates

This Privacy Policy may be updated periodically to reflect legal or operational changes.

Updates may be communicated through:

A revised date on this page

Email notifications to registered clients

Notices displayed on our website or portal

Continued use of our services indicates acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or your personal information, please contact our Privacy Officer.

Company: Ascent Medical Billing
Email: info@ascentmb.com
Support: 24-hour support available
Response Time: Within 30 business days