LEGAL DOCUMENT

Privacy Policy

Your privacy and data security are our highest priorities

Last Updated: October 16, 2025

Introduction

At Duosbill, we understand that your privacy and the security of your health information are of paramount importance. This Privacy Policy outlines how we collect, use, protect, and disclose information when you visit our website at www.duosbill.com and utilize our medical billing services.

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our practices, please do not use our services.

Scope and Compliance

Duosbill is committed to complying with all applicable privacy laws and regulations, including:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • State-specific privacy regulations
  • General Data Protection Regulation (GDPR) where applicable
Our Commitment As a medical billing service provider, we serve as a Business Associate under HIPAA and maintain strict standards for protecting Protected Health Information (PHI).

Key Definitions

Protected Health Information (PHI)

Information about health status, healthcare provision, or payment for healthcare that can be linked to an individual patient.

Personal Data

Any information relating to an identified or identifiable person, including names, contact details, and online identifiers.

Business Associate

An entity that performs functions on behalf of a covered entity involving access to PHI.

Information We Collect

Information You Provide Directly

When you register for our services, request information, or communicate with us, we may collect:

  • Contact information (name, email address, phone number, mailing address)
  • Professional information (practice name, specialty, NPI number, tax ID)
  • Account credentials and security information
  • Payment and billing information
  • Communications and correspondence with our team

PHI Processed on Behalf of Healthcare Providers

In our role as a medical billing service provider, we process PHI that includes:

  • Patient demographic information
  • Insurance and coverage details
  • Medical diagnosis and procedure codes
  • Treatment and service dates
  • Claims and billing records

Automatically Collected Information

When you visit our website, we automatically collect:

  • Device and browser information
  • IP address and geographic location
  • Pages visited and time spent on our site
  • Referring website addresses
  • Operating system and browser type

How We Use Your Information

Service Delivery

  • Processing medical claims and billing operations
  • Managing your account and providing customer support
  • Verifying insurance coverage and eligibility
  • Communicating about your services and account status
  • Resolving billing disputes and payment issues

Business Operations

  • Improving our services and website functionality
  • Conducting data analysis and quality assurance
  • Training staff and ensuring service quality
  • Detecting and preventing fraud or security breaches
  • Complying with legal and regulatory requirements

Communication

  • Sending service updates and important notifications
  • Responding to your inquiries and support requests
  • Providing educational resources and industry updates (with your consent)
  • Conducting surveys to improve our services
Important Note We will never use or disclose PHI for marketing purposes without explicit authorization. All use of PHI is strictly limited to treatment, payment, and healthcare operations as permitted under HIPAA.

Information Sharing and Disclosure

Duosbill respects your privacy and limits information sharing to the following circumstances:

With Your Consent

We will share your information when you have given us explicit permission to do so.

Service Providers and Business Associates

We may share information with trusted third-party service providers who assist us in operating our business, including:

  • Cloud hosting and data storage providers
  • Payment processors
  • IT support and security services
  • Professional consultants and auditors

All such providers are bound by confidentiality agreements and HIPAA Business Associate Agreements where applicable.

Healthcare Entities

We share information with insurance companies, clearinghouses, and other entities as necessary to process claims and facilitate payment for healthcare services.

Legal Requirements

We may disclose information when required by law, including:

  • Responding to court orders, subpoenas, or legal processes
  • Complying with regulatory investigations
  • Protecting our legal rights and property
  • Preventing fraud or illegal activities
  • Ensuring public health and safety

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and ensure continued protection of your data.

Cookies and Tracking Technologies

Duosbill uses cookies and similar technologies to enhance your experience on our website.

Essential Cookies

Required for basic website functionality and security

Performance Cookies

Help us understand how visitors interact with our website

Functional Cookies

Remember your preferences and settings

Analytics Cookies

Provide insights into website usage and performance

Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our website. Most browsers allow you to refuse cookies or delete existing cookies.

Third-Party Analytics

We use analytics services to understand website traffic and user behavior. These services collect information in an aggregated, non-identifiable format. We do not combine this data with PHI.

Data Security Measures

Protecting your information is our top priority. Duosbill implements comprehensive security measures including:

Technical Safeguards

  • 256-bit SSL/TLS encryption for data transmission
  • Advanced encryption standards for data at rest
  • Multi-factor authentication for system access
  • Regular security audits and vulnerability assessments
  • Intrusion detection and prevention systems
  • Secure backup and disaster recovery procedures

Administrative Safeguards

  • Comprehensive privacy and security policies
  • Regular employee training on HIPAA and data protection
  • Designated privacy and security officers
  • Incident response and breach notification procedures
  • Vendor management and oversight programs

Physical Safeguards

  • Restricted access to facilities and equipment
  • Secure data centers with 24/7 monitoring
  • Environmental controls and redundancy systems
  • Secure disposal procedures for hardware and media
Security Commitment While we implement robust security measures, no method of transmission or storage is completely secure. We continuously update our security practices to address emerging threats.

Your Privacy Rights

Under HIPAA and other privacy laws, you have the following rights regarding your information:

Access and Portability

Request access to your personal information and PHI that we maintain in electronic format.

Correction and Amendment

Request corrections to inaccurate or incomplete information in our records.

Restriction of Use

Request restrictions on how we use or disclose your information.

Confidential Communication

Request alternative means or locations for communication.

Accounting of Disclosures

Receive an accounting of disclosures of your PHI that we have made.

Data Deletion

Request deletion of your personal information, subject to legal requirements.

To exercise any of these rights, please contact our Privacy Officer using the contact information provided below.

Data Retention

Duosbill retains information in accordance with legal and regulatory requirements:

  • PHI: Maintained for a minimum of six years from the date of creation or last use, as required by HIPAA
  • Billing Records: Retained for seven years to comply with IRS and healthcare regulations
  • Account Information: Kept for the duration of your business relationship plus applicable retention periods
  • Website Analytics: Typically retained for 26 months

After the retention period expires, we securely destroy or anonymize the information in accordance with our data disposal procedures.

Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately so we can take appropriate action.

International Data Transfers

Duosbill operates primarily within the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and central database are located. By using our services, you consent to this transfer.

International Data Transfers

Duosbill operates primarily within the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and central database are located. By using our services, you consent to this transfer.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this page indicates when the most recent changes were made.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If we make material changes to this policy, we will notify you through appropriate channels, such as email or prominent notice on our website.

Continued Use Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the revised terms.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer:

Privacy Officer

Email: privacy@duosbill.com
Phone: (555) 123-4567
Hours: Mon-Fri, 9AM-5PM EST

Security Team

Email: security@duosbill.com
For security-related concerns and incident reporting

Mailing Address

Duosbill Inc.
Attn: Privacy Officer
123 Healthcare Plaza, Suite 500
Boston, MA 02108

Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

  • Our Privacy Officer at the contact information above
  • The Secretary of the U.S. Department of Health and Human Services
  • Your state's medical board or privacy regulatory authority

We will not retaliate against you for filing a complaint.

Have Privacy Questions?

Our privacy team is here to help you understand our practices and your rights

Privacy Inquiries privacy@duosbill.com
Security Concerns security@duosbill.com
General Support support@duosbill.com