HIPAA-Conscious by Design
ResolveRCM is built with privacy as a core architectural principle. Protected Health Information (PHI) that you enter—such as patient names, dates of birth, and claim numbers—is stored exclusively in your browser's local storage and is never transmitted to our servers or AI models.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Full name
- Organization/facility name
- Password (encrypted)
De-Identified Clinical Information
To generate documentation, we process de-identified clinical information that you enter, including:
- Denial type and reason codes
- Clinical summaries (without patient identifiers)
- CPT and ICD codes
- Payer and specialty information
This information does not include Protected Health Information (PHI).
Information We Do NOT Collect
The following Protected Health Information (PHI) is stored only in your browser and never transmitted to our servers:
- Patient names or initials
- Dates of birth
- Social Security numbers
- Claim or member ID numbers
- Dates of service
- Any other patient-identifiable information
2. How We Use Your Information
We use the information we collect to:
- Provide and maintain the ResolveRCM service
- Generate appeal letters, MDM summaries, and other documentation
- Process payments and manage your subscription
- Send service-related communications
- Improve our services
3. How PHI is Handled
ResolveRCM uses a unique "Privacy by Design" architecture:
- De-identified data only: Only de-identified clinical information is sent to our servers and AI models
- Placeholder tokens: Generated content uses placeholder tokens (e.g., {{PATIENT_INITIALS}}) instead of actual PHI
- Local storage: PHI is stored exclusively in your browser's local storage
- Client-side merge: PHI is merged with generated content entirely on your device before export
4. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (TLS/SSL)
- Encryption at rest for stored data
- Role-based access controls
- Regular security assessments
- Activity logging for audit purposes
5. Third-Party Services
We use the following third-party services:
- OpenAI: For AI-powered documentation generation (receives only de-identified data)
- Supabase: For authentication and account management
- Payment processors: For subscription billing
6. Data Retention
We retain your account information for as long as your account is active. De-identified clinical data used for documentation generation is not permanently stored after processing. You can request deletion of your account and associated data at any time.
7. Your Rights
You have the right to:
- Access your account information
- Correct inaccurate information
- Delete your account
- Export your data
- Opt out of marketing communications
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.
9. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
Email: bhattanilbhargav@gmail.com
Note: This privacy policy is a draft and should be reviewed by legal counsel before being finalized. ResolveRCM is currently not a registered legal entity.