Privacy Policy
MedStates is a HIPAA-compliant medical billing company. We never share or sell your information. Your data is used solely for secure claims processing and reimbursement.
“At MedStates, protecting your data isn’t just a policy — it’s a core part of how we operate.”
Effective Date: 27th December, 2023
Last Updated: 06th October, 2025
MedStates is a HIPAA-compliant medical billing company dedicated to maintaining the highest standards of security, confidentiality, and integrity for all healthcare information we handle. We strictly adhere to the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act, and all applicable federal and state privacy regulations.
All Protected Health Information (PHI) shared with us — whether from healthcare providers, billing software systems, or insurance payers — is used solely for claim submission, reimbursement, and authorized healthcare operations.
- No data is ever sold, shared, or disclosed to unauthorized third parties.
- No information is ever shared with marketing or advertising firms.
- Every data exchange is encrypted, access-controlled, and monitored for security compliance.
Our team undergoes regular HIPAA training and audits to ensure continuous compliance with the latest HIPAA Privacy, Security, and Breach Notification Rules.
By working with MedStates, healthcare providers can trust that their patients’ information and business data are secure, confidential, and fully compliant with all U.S. healthcare privacy standards.
PRIVACY STATEMENT
1. Introduction
Welcome to MedStates. We value your trust and are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect the information we receive from healthcare providers, practices, and other entities involved in the billing and reimbursement process.
MedStates operates as a HIPAA-compliant medical billing company, strictly adhering to all applicable federal and state privacy laws to ensure the confidentiality, integrity, and security of all Protected Health Information (PHI).
2. HIPAA Compliance
MedStates fully complies with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.
All information we receive, including PHI and personally identifiable information (PII), is handled in accordance with HIPAA Privacy, Security, and Breach Notification Rules.
We maintain administrative, technical, and physical safeguards to protect PHI from unauthorized access, disclosure, alteration, or destruction.
3. Information We Collect
We collect information solely for legitimate business and operational purposes related to medical billing and reimbursement. This may include:
- Patient demographic and insurance information
- Provider and credentialing data
- Billing, coding, and claims submission records
- Payment and remittance information
- Communication records with payers and providers
No personal information is collected from website visitors beyond what is voluntarily submitted through our contact forms.
4. How We Use Information
All information collected is used exclusively for claims processing, reimbursement, and healthcare administrative functions.
We may use this data to:
- Submit insurance claims and manage denials or appeals
- Verify insurance eligibility and benefits
- Coordinate with healthcare providers and payers
- Maintain accurate records for compliance and reporting
5. Information Sharing and Disclosure
MedStates does not share, sell, or rent any information to third-party organizations, marketing agencies, or data brokers.
Information is only shared with:
- Authorized healthcare entities involved in billing or reimbursement
- Insurance companies for claim submission and follow-up
- Government or regulatory agencies, but only when legally required
Every data exchange follows HIPAA’s Minimum Necessary Standard to ensure only essential information is disclosed.
6. Data Security
We implement strong encryption protocols, firewall protection, secure data storage, and multi-factor authentication to prevent unauthorized access.
All electronic PHI (ePHI) is transmitted via secure, HIPAA-compliant channels and stored in encrypted databases with restricted access.
Regular audits, staff training, and risk assessments are conducted to maintain the highest levels of security compliance.
7. Business Associate Agreements (BAA)
As a HIPAA Business Associate, MedStates signs a Business Associate Agreement (BAA) with all Covered Entities (providers, practices, and facilities) to formalize responsibilities regarding the handling of PHI.
8. Data Retention
We retain billing and healthcare-related records only for the period required by law or contractual obligation. After that, all data is securely deleted or destroyed in accordance with HIPAA data disposal standards.
9. Your Rights
Under HIPAA and applicable U.S. privacy laws, you have the right to:
- Request access to or a copy of your information
- Request correction of inaccurate or incomplete data
- Request restriction or deletion (when legally permissible)
- Be informed of any data breach affecting your information
Requests can be submitted via our Contact Us page or emailed to support@medstates.com.
10. Cookies and Website Data
Our website may use cookies or analytics tools to improve user experience and website functionality.
No PHI or sensitive data is collected through cookies. You can disable cookies in your browser settings if you prefer not to share browsing data.
11. Third-Party Links
Our website may contain links to external websites. MedStates is not responsible for the privacy practices or content of those external sites. We encourage you to review their respective privacy policies before sharing any personal information.
12. Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in regulations, technology, or our business operations. The updated version will be posted on this page with a revised “Effective Date.”
13. Contact Us
If you have any questions or concerns regarding our privacy practices or HIPAA compliance, please contact:
Email: support@medstates.com
Website: www.medstates.com
Address: 30 N Gould St Ste N, Sheridan, WY, 82801
1178 Broadway, NY 10001
