Privacy Notice

Last updated: March 14, 2024

1. Introduction

Medical Copilot is committed to protecting privacy and ensuring the security of healthcare data during the claims review process. We comply with both HIPAA and GDPR requirements, implementing strict security measures to protect all data processed through our platform.

2. No Personal Health Information Collection

Our commitment to privacy includes:

• No collection or storage of patient names, addresses, or contact information
• No storage of patient identification numbers or medical record numbers
• No retention of dates of birth, social security numbers, or other personal identifiers
• No storage of any information that could potentially identify individual patients

3. Information We Process

We only process:

• De-identified medical documentation for review
• Anonymous claim information for validation
• Medical coding information for accuracy verification
• System user account information (for healthcare providers and review teams)
• Aggregate audit statistics
• Payment information (processed by Lemonsqueezy.com as our Merchant of Record)

4. HIPAA Compliance

As a service provider working with healthcare data, we:

• Maintain strict HIPAA compliance
• Implement required security measures
• Execute Business Associate Agreements as needed
• Regularly audit our security practices
• Process only de-identified information

5. Data Security

We protect all processed information through:

• End-to-end encryption
• Strict access controls and authentication
• Regular security assessments
• Employee training on data protection
• Immediate data anonymization upon receipt

6. How We Use Information

We use processed information to:

• Review and validate claims documentation
• Verify coding accuracy
• Generate audit reports and analytics
• Improve our AI review algorithms using de-identified data
• Ensure compliance with documentation standards

7. Data Retention

We retain only de-identified data in accordance with HIPAA requirements and contractual obligations. All processed data is automatically anonymized, and no personal identifiers are ever stored in our system.

8. Your Rights Under GDPR

Under GDPR, you have the right to:

• Access your personal data
• Request corrections to your data
• Request deletion of your data
• Object to processing
• Data portability
• File complaints about data handling

9. Contact Information

For privacy-related inquiries, contact our Data Protection Officer at: privacy@medcopilot.com