PRIVACY POLICY

VMC Medone Solutions

Effective Date: June 15, 2026
Last Updated: June 15, 2026

1. Introduction

VMC Medone Solutions (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of all information we collect and process. This Privacy Policy explains how we collect, use, store, and protect information in connection with our medical billing and revenue cycle management services.

As a Business Associate under HIPAA, VMC Medone Solutions adheres to the highest standards of data privacy and security in all our operations.

2. Information We Collect

In the course of providing our services, VMC Medone Solutions may collect and process the following types of information:

Patient Health Information (PHI):

• Patient name, date of birth, and contact information
• Insurance information and policy details
• Medical records, diagnosis codes, and procedure codes
• Claims data and billing information
• Payment and financial information related to healthcare services

Client Practice Information:

• Practice name, address, and contact details
• Provider names, NPI numbers, and credentials
• Tax identification numbers and payer enrollment information
• Login credentials for practice management systems
• Financial and banking information for billing purposes

Website Visitor Information:

• IP address and browser information
• Pages visited and time spent on our website
• Contact form submissions
• Email addresses and phone numbers submitted through our website

3. How We Use Information

VMC Medone Solutions uses collected information solely for the following purposes:

• Providing contracted medical billing and RCM services
• Processing insurance claims and managing the revenue cycle
• Communicating with payers, clearinghouses, and other authorized parties on behalf of clients
• Improving our services and operational processes
• Complying with applicable legal and regulatory requirements
• Responding to inquiries submitted through our website
• Sending service-related communications to clients

We do not sell, rent, or trade any client or patient information to third parties for marketing or commercial purposes.

4. HIPAA Compliance

VMC Medone Solutions operates as a Business Associate as defined by the Health Insurance Portability and Accountability Act (HIPAA).

• We execute a Business Associate Agreement (BAA) with all healthcare provider clients
• All Protected Health Information (PHI) is handled in strict compliance with the HIPAA Privacy Rule and Security Rule
• We implement comprehensive administrative, physical, and technical safeguards to protect all PHI
• Access to PHI is strictly limited to authorized personnel who require it to perform their job functions
• All staff members receive mandatory HIPAA training and are required to sign confidentiality agreements
• PHI is never used for any purpose beyond the performance of contracted services
• In the event of a PHI breach, we will notify affected clients in accordance with the HIPAA Breach Notification Rule

5. Data Security

VMC Medone Solutions implements comprehensive security measures to protect all information:

Technical Safeguards:

• Encrypted data transmission using SSL/TLS protocols
• Encrypted data storage for all sensitive information
• Secure, password-protected access to all systems
• Multi-factor authentication for system access
• Regular security audits and vulnerability assessments
• Secure, HIPAA-compliant clearinghouse connections for claims transmission

Administrative Safeguards:

• Strict access controls limiting PHI access to authorized personnel only
• Mandatory HIPAA training for all staff members
• Background checks for all employees handling PHI
• Written information security policies and procedures
• Regular staff training on data security best practices

Physical Safeguards:

• Secure, access-controlled work environments
• Locked workstations and screen privacy filters
• Secure document destruction for all physical records
• Restricted physical access to servers and data storage systems

6. Data Sharing & Disclosure

VMC Medone Solutions will only share client or patient information in the following circumstances:

• With payers and clearinghouses — for the purpose of claims submission and reimbursement
• With authorized third-party vendors — only those who have signed appropriate confidentiality and BAA agreements
• As required by law — in response to valid legal process, court orders, or regulatory requirements
• With client consent — when the client has provided explicit written authorization

VMC Medone Solutions will never:

• Sell client or patient data to any third party
• Share PHI for marketing or advertising purposes
• Disclose client information to competitors or unauthorized parties
• Use patient data for any purpose beyond contracted services

7. Data Retention

• Client and patient data is retained for the duration of the Service Agreement plus a minimum of seven years as required by applicable law
• Upon termination of services, all client data is returned to the client in a mutually agreed format
• After the retention period expires, all data is securely destroyed using industry-standard methods
• Clients may request deletion of their data subject to applicable legal retention requirements

8. Website Privacy

When you visit vmcmedonesolutions.com:

• We may collect basic website analytics data including pages visited, time on site, and browser information
• This data is used solely to improve our website and user experience
• We do not collect sensitive personal information through our website without your explicit consent
• Contact form submissions are used only to respond to your inquiry
• We do not use tracking cookies for advertising or remarketing purposes

9. Your Rights

As a client or website visitor, you have the following rights regarding your information:

• Right to Access — You may request a copy of the information we hold about you or your practice
• Right to Correction — You may request correction of any inaccurate information we hold
• Right to Deletion — You may request deletion of your information subject to legal retention requirements
• Right to Restriction — You may request that we restrict processing of your information in certain circumstances
• Right to Portability — You may request your data in a portable format upon termination of services
• Right to Complain — You have the right to lodge a complaint with the appropriate regulatory authority

To exercise any of these rights, please contact us at info@vmcmedonesolutions.com

10. Third-Party Links

Our website may contain links to third-party websites. VMC Medone Solutions is not responsible for the privacy practices of any third-party websites. We encourage you to review the privacy policies of any websites you visit through links on our site.

11. Children’s Privacy

VMC Medone Solutions does not knowingly collect personal information from individuals under the age of 18 through our website. Our services are intended for healthcare providers and business professionals only.

12. Changes to This Privacy Policy

• VMC Medone Solutions reserves the right to update this Privacy Policy at any time
• Material changes will be communicated to clients via email at least 30 days before taking effect
• The updated policy will be posted on our website with the revised effective date
• Continued use of our services after the effective date constitutes acceptance of the updated policy

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

VMC Medone Solutions
📧 info@vmcmedonesolutions.com
🌐 vmcmedonesolutions.com

For HIPAA-related concerns or to report a potential breach, please contact us immediately at the above email address.