Privacy Policy

1. Introduction and Scope

Imperial Healthcare Systems ("Imperial," "the Company," "we," "us," or "our") is a provider of Revenue Cycle Management (RCM) and technology-enabled healthcare services. This Privacy Policy outlines the framework governing the collection, use, disclosure, and protection of Personal Information and Protected Health Information ("PHI") in accordance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH"), and other applicable federal and state privacy regulations.

This Policy applies to information processed through our websites, platforms, systems, and service delivery operations.

2. Our Role as a Business Associate

When providing services to healthcare providers ("Clients" or "Covered Entities"), Imperial Healthcare Systems operates as a Business Associate as defined under HIPAA.

In this capacity:

• PHI is accessed, used, and disclosed strictly in accordance with the applicable Business Associate Agreement (BAA) executed with each Client.
• Administrative, physical, and technical safeguards are implemented to preserve the confidentiality, integrity, and availability of electronic PHI ("ePHI").
• All data handling activities adhere to the Minimum Necessary Standard, limiting access solely to information required to fulfill contractual and operational obligations.

3. Information We Collect

Imperial Healthcare Systems collects and processes information across the following categories:

a. Professional and Client Information

Includes names, job titles, organization or practice names, National Provider Identifiers (NPI), business email addresses, and business telephone numbers provided during inquiries, onboarding, or account administration.

b. Protected Health Information (PHI)

Processed exclusively on behalf of Clients for RCM operations, including patient demographics, insurance data, diagnosis and procedure codes, billing records, and payment information.

c. Technical and Usage Data

Includes IP addresses, browser types, device identifiers, and usage analytics collected via cookies or similar technologies to enhance platform performance, security, and reliability.

4. Use of Information

Collected information is used for the following institutional purposes:

• Execution of end-to-end Revenue Cycle Management functions, including claims submission, denial resolution, and payment reconciliation.
• Delivery of analytics, reporting, and yield-optimization insights to Clients.
• Compliance with contractual, legal, regulatory, and audit obligations.
• Continuous improvement of internal systems, automation, and AI-enabled workflows using de-identified data in compliance with HIPAA Safe Harbor standards.

5. Data Security and Institutional Safeguards

Imperial Healthcare Systems operates under an enterprise-grade security framework designed to meet or exceed industry benchmarks, including:

• Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit.
• Access Controls: Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) enforced across all systems.
• Audit & Monitoring: Comprehensive audit logging and access monitoring for all PHI interactions.
• Workforce Governance: Mandatory annual HIPAA, data privacy, and cybersecurity training for all personnel and authorized contractors.

6. Data Sharing and Disclosure

Imperial Healthcare Systems does not sell, rent, or commercialize personal or health information.

Information may be disclosed solely under the following circumstances:

• Authorized Payers and Clearinghouses: For claims processing and reimbursement activities.
• Approved Sub-Processors: Limited to vendors that have executed a BAA and satisfy Imperial's security and compliance standards.
• Legal and Regulatory Obligations: When required by law, court order, subpoena, or government authority.

7. Individual Rights

Under HIPAA and applicable state privacy laws (including, where relevant, the California Consumer Privacy Act), individuals may have rights to access, amend, or request an accounting of disclosures of their information.

As Imperial Healthcare Systems functions as a Business Associate, such requests should generally be directed to the applicable healthcare provider (the Covered Entity), who maintains primary responsibility for responding to patient rights requests.

8. Contact Information – Privacy & Compliance

For questions, concerns, or compliance-related inquiries regarding this Privacy Policy or our data protection practices, please contact: