Privacy Policy

1. Introduction and Scope

Imperial Healthcare Systems ("Imperial," "Company," "we," "us," or "our") values the privacy of its visitors, clients, and users. This Privacy Policy explains how we collect, use, disclose, and protect information when you access or use our websites, platforms, systems, and services, including www.imperialhealthsystems.com and related domains.

This Privacy Policy applies only to online activities and information collected through our websites and services. It does not apply to information collected offline or through channels other than this website.

This Policy is designed to comply with applicable privacy and data protection laws, including the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH"), and other applicable federal and state regulations.

2. Our Role as a Business Associate

When providing services to healthcare providers, hospitals, clinics, and medical practices ("Clients" or "Covered Entities"), Imperial Healthcare Systems operates as a Business Associate as defined under HIPAA.

In this role:

• Protected Health Information ("PHI") is accessed, used, and disclosed strictly in accordance with executed Business Associate Agreements (BAAs).
• Administrative, physical, and technical safeguards are implemented to protect the confidentiality, integrity, and availability of electronic PHI ("ePHI").
• Access to information is limited to the minimum necessary to perform contractual and operational obligations.

3. Information We Collect

We may collect and process the following categories of information:

a. Professional and Client Information

Names, job titles, organization or practice names, National Provider Identifiers (NPI), business email addresses, and business phone numbers submitted during inquiries, onboarding, account administration, or support interactions.

b. Protected Health Information (PHI)

PHI is processed solely on behalf of our Clients for Revenue Cycle Management (RCM) and related healthcare operations. This may include patient demographics, insurance information, diagnosis and procedure codes, billing data, and payment records.

c. Technical and Usage Data

Information such as IP addresses, browser type, device identifiers, cookies, and usage analytics collected to maintain security, improve performance, and enhance user experience.

4. Use of Information

Information collected by Imperial Healthcare Systems is used for legitimate business and operational purposes, including:

• Performing Revenue Cycle Management services such as claims submission, denial management, and payment reconciliation.
• Providing analytics, reporting, and operational insights to Clients.
• Maintaining compliance with contractual, legal, regulatory, and audit requirements.
• Improving systems, automation, and AI-enabled workflows using de-identified data in compliance with HIPAA Safe Harbor standards.

5. Communications, Messaging, and Opt-Out

Types of Messages

By providing your contact information, you may receive communications related to healthcare operations, including appointment scheduling, confirmations, patient follow-ups, and service-related notifications. Communications are not sent for marketing or promotional purposes.

Message Frequency

Message frequency may vary depending on the nature of services or interactions. Communications may be sent daily, weekly, or as required for specific notifications.

Opt-Out Instructions

You may opt out of receiving communications at any time by following the instructions included in each message, such as replying with the word "STOP" or using the unsubscribe option where available.

Message and Data Rates

Standard message and data rates may apply. Please consult your mobile service provider for details.

6. Data Security and Safeguards

Imperial Healthcare Systems maintains an enterprise-grade security framework, including:

• Encryption: AES-256 encryption for data at rest and TLS 1.3 encryption for data in transit.
• Access Controls: Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).
• Audit & Monitoring: Continuous monitoring and audit logging of system access.
• Workforce Training: Mandatory annual HIPAA, privacy, and cybersecurity training for employees and authorized contractors.

7. Data Sharing and Disclosure

Imperial Healthcare Systems does not sell, rent, or share personal or health information for promotional or marketing purposes.

Information may be disclosed only in the following circumstances:

• To authorized payers, clearinghouses, and entities for claims processing and reimbursement.
• To approved sub-processors that have executed a Business Associate Agreement and meet our security standards.
• When required by law, regulation, court order, or government authority.

Opt-in data and mobile information are never shared or sold to third parties for promotional purposes.

8. Individual Rights

Under HIPAA and applicable state privacy laws, individuals may have rights to access, amend, or request an accounting of disclosures of their information.

Because Imperial Healthcare Systems operates as a Business Associate, such requests should typically be directed to the applicable healthcare provider (the Covered Entity), which is responsible for responding to patient rights requests.

9. Third-Party Privacy Policies

Imperial Healthcare Systems' Privacy Policy does not apply to third-party websites or services that may be linked through our website. We encourage users to review the privacy policies of any third-party sites they visit.

10. Contact Us – Privacy & Support

If you have any questions, concerns, or require assistance regarding this Privacy Policy or our data protection practices, please contact us:

24/7 Support Available