Privacy Policy

Last Updated: May 21, 2026

1. Introduction

RCM Automation (“we,” “us,” or “our”) operates the website located at rcmautomation.ai and provides AI-powered Revenue Cycle Management (RCM) automation services to healthcare practices. We are committed to protecting the privacy and security of all information we collect, including Protected Health Information (PHI) and personally identifiable information (PII).

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or use our AI-powered medical billing services, including our AI agents: ELIXA, PRIA, CODIN, CLAIR, DEXA, ARIS, and REMITA.

2. Information We Collect

a. Information You Provide Directly

When you fill out our contact or sign-up form, we collect:

First and last name
Email address
Phone number
Practice name

b. Patient & Clinical Data (via Service Clients)

As part of our AI billing automation services, we may process the following on behalf of healthcare providers:

Patient demographics and insurance information
Insurance eligibility and coverage data
CPT codes, ICD-10 codes, and clinical documentation
Prior authorization requests and status
Claims data, remittance advice (ERAs/EOBs), and payment records
Denial and appeals data

c. Automatically Collected Information

When you visit our website, we may automatically collect:

IP address and browser type
Pages visited and time spent
Referring URL
Device and operating system information

3. HIPAA Compliance

RCM Automation operates in full compliance with the Health Insurance Portability and Accountability Act (HIPAA). All AI agents — including ELIXA (eligibility verification), CODIN (coding), CLAIR (claim scrubbing), DEXA (denial management), ARIS (A/R follow-up), and REMITA (payment reconciliation) — are built with end-to-end encryption and HIPAA-grade data protection standards.

We act as a Business Associate under HIPAA when processing PHI on behalf of covered healthcare entities.
We enter into Business Associate Agreements (BAAs) with all healthcare clients prior to processing any PHI.
PHI is never used for any purpose beyond the services explicitly agreed upon with the covered entity.

4. How We Use Your Information

We use the information collected to:

Provide, operate, and improve our AI RCM agents and billing automation services
Verify patient eligibility and insurance benefits via ELIXA
Process prior authorizations through PRIA
Automate medical coding and compliance via CODIN
Scrub, create, and submit claims through CLAIR
Analyze and resolve denials through DEXA
Manage accounts receivable follow-ups via ARIS
Reconcile payments and post remittances via REMITA
Respond to inquiries and consultation requests
Send service-related communications (with your consent)
Comply with legal and regulatory obligations

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

Healthcare Payers & EHR Systems: Our agents connect to payer portals and EHR systems via EDI and API integrations as required to deliver billing services.
Service Providers: Trusted third-party vendors who assist in operating our platform, under strict confidentiality and data protection agreements.
Legal Compliance: When required by law, court order, or regulatory authority.
Business Transfers: In the event of a merger, acquisition, or sale of assets, with continued privacy protections.

6. Data Security

We implement industry-standard and HIPAA-required technical, administrative, and physical safeguards, including:

End-to-end encryption of all data in transit and at rest
Role-based access controls
Regular security audits and vulnerability assessments
Secure EDI and API integrations with payer and EHR systems
Employee training on data privacy and HIPAA requirements

Despite these measures, no system is completely immune to security risks. We encourage clients to contact us immediately at info@rcmautomation.ai if they suspect any security incident.

7. Data Retention

We retain personal and operational data for as long as necessary to provide our services and comply with applicable legal obligations, including HIPAA’s minimum 6-year record retention requirement for Business Associates. Upon termination of a client relationship, PHI is securely returned or destroyed per the terms of the applicable BAA.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your information (subject to legal retention requirements)
Opt out of marketing communications at any time
Request a copy of your data in a portable format

To exercise any of these rights, contact us at info@rcmautomation.ai.

9. Cookies & Tracking

Our website may use cookies and similar tracking technologies to improve user experience and analyze site traffic. You may control cookie preferences through your browser settings. We do not use cookies to process PHI.

10. Third-Party Links

Our website may contain links to third-party websites (e.g., LinkedIn, Google Maps). We are not responsible for the privacy practices of those sites and encourage you to review their respective privacy policies.

11. Children’s Privacy

Our services are intended for healthcare professionals and business entities only. We do not knowingly collect personal information from individuals under the age of 18.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised “Last Updated” date. Continued use of our services after such changes constitutes your acceptance of the updated policy.

This policy covers everything relevant to your site the lead capture form, HIPAA-compliant AI agents, EHR/payer integrations, and your physical/contact details. You can paste this directly into a new WordPress page. Let me know if you’d like it as a Word or PDF file, or want any section adjusted.