Privacy Policy

RMBServ ("we," "our," or "us") is a US-based, HIPAA-certified medical billing company located at 5187 Dalai Lama Ave, Richmond, CA 94804. We provide comprehensive medical billing and coding, accounts receivable management, credentialing and contracting, out-of-network negotiation, eligibility and benefits verification, and complete Revenue Cycle Management (RCM) services to healthcare providers throughout the United States.

This Privacy Policy explains how we collect, use, disclose, protect, and manage your personal information when you visit our website at rmbserv.com or engage with our services. We are fully committed to protecting your privacy, maintaining transparency, and complying with all applicable laws including the Health Insurance Portability and Accountability Act (HIPAA).

This policy was last updated on March 11, 2026. We encourage you to review it periodically.

We collect different types of information depending on how you interact with RMBServ:

2.1 Information You Provide Directly

• Full name, job title, and professional contact information
• Practice name, organization name, and business address
• Phone number and email address
• Information submitted through our contact forms or consultation requests
• Email correspondence and communication records
• Billing preferences, service requirements, and account information

2.2 Information Collected Automatically

• IP address and approximate geographic location
• Browser type, device type, and operating system
• Pages visited, time spent on site, and navigation patterns
• Referring website or search terms that brought you to our site
• Cookies and similar tracking technologies (see Section 12)

2.3 Protected Health Information (PHI)

We use the information we collect for the following lawful purposes:

3.1 To Provide Our Services

• Processing medical billing and coding on behalf of healthcare providers
• Submitting and following up on insurance claims with payers
• Managing accounts receivable and handling denial appeals
• Credentialing and payer enrollment services
• Providing eligibility and benefits verification
• Delivering complete Revenue Cycle Management (RCM)

3.2 To Communicate With You

• Responding to inquiries, consultation requests, and support questions
• Sending service updates, billing reports, and account information
• Notifying you of changes to our services, policies, or terms
• Sending marketing communications only with your prior consent

3.3 To Improve and Operate Our Business

• Analyzing website usage to improve user experience
• Monitoring service performance and identifying technical issues
• Conducting internal research and quality improvement initiatives
• Complying with legal, regulatory, and contractual obligations
• Preventing fraud, abuse, and unauthorized access

RMBServ takes HIPAA compliance with the utmost seriousness. As a Business Associate under HIPAA, we adhere to all requirements set forth in the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule (45 CFR Parts 160 and 164).

4.1 Business Associate Agreements (BAA)

We enter into a signed Business Associate Agreement (BAA) with every healthcare provider client before accessing any Protected Health Information. This agreement clearly defines our obligations and responsibilities for safeguarding PHI in compliance with 45 CFR § 164.504(e).

4.2 PHI Safeguards We Implement

• Administrative Safeguards: Comprehensive staff training, defined access controls, and documented security policies and procedures
• Physical Safeguards: Secure facility access, workstation controls, and media handling procedures
• Technical Safeguards: Encrypted data transmission (TLS/SSL), role-based access controls, audit logs, and automatic logoff
• Minimum Necessary Standard: We only access, use, or disclose the minimum PHI necessary to perform our contracted services

4.3 Breach Notification

In the event of a data breach involving PHI, we will notify all affected clients in full accordance with the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D). Notification will be provided within 60 calendar days of discovery of the breach, or sooner as required by law.

We do not sell, rent, lease, or trade your personal information to any third party ever. We may share your information only in the following limited and specific circumstances:

We implement industry leading security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. Our security framework includes:

While we apply every reasonable safeguard, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest standards of data protection and immediately addressing any security incidents.

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions permitted by law.
• Right to Opt-Out of Sale: We do not sell personal information. However, you have the right to direct us not to sell your personal information at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• Right to Correct: You may request correction of inaccurate personal information we maintain about you.

To exercise your CCPA rights, please contact us at Business@rmbserv.com or call 650-240-0061. We will respond to verified requests within 45 days.

Regardless of your location, you have the following rights regarding your personal information held by RMBServ:

To exercise any of these rights, please contact us at Business@rmbserv.com. We will respond within 30 days of receiving your verified request.

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law:

• Client service & billing records: Minimum 7 years (as required by medical billing and CMS regulations)
• HIPAA-related PHI records: 6 years from the date of creation or the date it was last in effect
• Website analytics data: Up to 26 months
• Marketing contact information: Until you opt out or request deletion
• Legal and compliance records: As required by applicable federal and state law
• Financial records: 7 years in accordance with IRS requirements

When data is no longer required, we securely delete or anonymize it using industry-standard data destruction methods.

Our website and services are intended exclusively for healthcare professionals and business clients. They are not directed to individuals under the age of 18. We do not knowingly collect, solicit, or process personal information from minors. If we become aware that we have inadvertently collected information from a person under 18 years of age, we will promptly delete that information from our records. If you believe we have collected information from a minor, please contact us immediately at Business@rmbserv.com.

Our website may contain links to third party websites for your convenience and reference. These links do not indicate our endorsement of, or responsibility for, those websites or their content. RMBServ has no control over the privacy practices or content of third party sites. We strongly encourage you to review the privacy policy of any third party website you visit before providing any personal information. We are not responsible for the privacy practices of external websites.

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and improve our services.

12.1 Types of Cookies We Use

12.2 How to Manage Cookies

You can control or disable cookies through your browser settings at any time. Please note that disabling certain cookies may limit the functionality of our website. You may also opt out of Google Analytics tracking by visiting: https://tools.google.com/dlpage/gaoptout

For more information about how we use cookies, please see our Cookie Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out. We are committed to addressing all privacy inquiries promptly and transparently.

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, services, or applicable law. When material changes are made, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our website homepage
• Notify existing clients via email for any significant changes that affect their rights

Your continued use of our website or services following the posting of changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically to stay informed of any updates.