← Return Home

Privacy Policy

Remedy Insights, LLC HIPAA Privacy Policy

Effective Date: 01/18/2026

Last Updated: 01/18/2026

1. Introduction

Remedy Insights, LLC ("Company," "we," "us," or "our") is a Business Associate to Covered Entities (e.g., physical therapy clinics) under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"), and their implementing regulations (collectively, "HIPAA Rules"). We are committed to protecting the privacy and security of Protected Health Information ("PHI") that we create, receive, maintain, or transmit on behalf of our Covered Entities.

This Privacy Policy outlines our commitment to complying with the HIPAA Privacy Rule and describes how we handle PHI.

2. Our Role as a Business Associate

As a Business Associate, we provide payment reconciliation software to Covered Entities. In performing these services, we may create, receive, maintain, or transmit PHI. We are directly obligated to comply with certain provisions of the HIPAA Privacy Rule and are contractually bound by Business Associate Agreements (BAAs) with our Covered Entities.

3. Types of Protected Health Information (PHI) We Handle

We handle PHI related to the payment for healthcare services. This typically includes, but is not limited to, the following data elements received from our Covered Entities:

  • Payer Information: Name of the insurance company or other entity responsible for payment.
  • Payment Amounts: The financial value of payments for healthcare services.
  • Dates of Service/Payment: Dates associated with the provision of healthcare services or the receipt of payments.
  • Remittance Identifiers: Unique identifiers linking payments to specific claims or electronic remittance advices (e.g., EFT Trace Numbers).
  • User Identity Data: Information about authorized users (e.g., clinic staff) accessing our application, which becomes PHI in the context of their access to payment-related PHI.

We do not collect or store Social Security numbers, clinical diagnoses, or other sensitive health information beyond what is necessary for the payment reconciliation services we provide.

4. Permitted Uses and Disclosures of PHI

We will only use and disclose PHI as permitted or required by our Business Associate Agreements with Covered Entities and as permitted or required by the HIPAA Rules. Our primary uses and disclosures of PHI are for:

a. Performing Services: Using and disclosing PHI as necessary to provide our payment reconciliation services to Covered Entities, as specified in our BAAs.

b. Data Aggregation: Using PHI to provide data aggregation services to Covered Entities, as permitted by HIPAA.

c. Management and Administration: Using PHI for the proper management and administration of our Company or to carry out our legal responsibilities, provided that any disclosures are Required By Law or we obtain reasonable assurances from the recipient that the information will be held confidentially.

d. De-identification: We may de-identify PHI in accordance with HIPAA regulations (45 CFR § 164.514(b)) and use or disclose such de-identified information for any purpose.

e. Required By Law: Disclosing PHI when required by federal, state, or local law.

5. Safeguards for Protecting PHI

We implement appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of the PHI we handle. These safeguards are designed to prevent unauthorized access, use, or disclosure of PHI and include:

  • Administrative Safeguards: Implementing policies and procedures for managing security, assigning security responsibilities, workforce security, information access management, and security awareness training.
  • Physical Safeguards: Protecting physical access to our information systems and facilities where PHI is processed or stored.
  • Technical Safeguards: Utilizing technology to protect PHI, including access controls, audit controls, data encryption (at rest and in transit), integrity controls, and transmission security.

6. Business Associate Agreements (BAAs)

We enter into a Business Associate Agreement (BAA) with each Covered Entity before we create, receive, maintain, or transmit any PHI on their behalf. These agreements legally obligate us to comply with HIPAA Rules and protect the PHI we handle.

7. Breach Notification

In the event of a Breach of Unsecured PHI, we will notify the affected Covered Entity without unreasonable delay and in no case later than 60 calendar days after discovery of the Breach, in accordance with the HIPAA Breach Notification Rule.

8. Individual Rights

While we are a Business Associate, we support the rights of individuals concerning their PHI. We will cooperate with Covered Entities to enable them to fulfill their obligations regarding:

  • Access to PHI: Providing individuals with access to their PHI.
  • Amendment of PHI: Allowing individuals to request amendments to their PHI.
  • Accounting of Disclosures: Providing individuals with an accounting of disclosures of their PHI.

9. Our Responsibilities to the Secretary of HHS

We will make our internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of the U.S. Department of Health and Human Services (HHS) for purposes of determining compliance with the HIPAA Rules.

10. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time. Any changes will be effective immediately upon posting the revised policy on our website. We encourage you to review this policy periodically.

11. Contact Information

If you have any questions about this Privacy Policy or our HIPAA compliance practices, please contact our Privacy Officer at:

Carl Nelson - CEO

carljacobnelson@outlook.com

(701) 550-0490

902 4th St, Maddock, ND 58348