Privacy Policy

Your privacy is important to us. Learn how we protect your information.

HIPAA Notice: Baxter Cobb Shared Services, LLC ("BCSS") is committed to protecting your protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Information We Collect

We collect the following types of information:

  • Protected Health Information (PHI): Medical records, treatment information, insurance details, prescription data
  • Personal Information: Name, contact information, date of birth, Social Security Number (when required)
  • Account Information: Username, login credentials
  • Usage Information: Pages visited, features used

How We Use Your Information

We use your information for:

  • Providing healthcare infrastructure services and care coordination
  • Processing billing and insurance claims via X12 EDI transactions
  • Communicating about platform services and technical updates
  • Complying with legal and regulatory requirements (HIPAA, 21 CFR Part 11)
  • Improving our services and platform reliability

Information Sharing and Disclosure

We may share your information with:

  • Healthcare Providers: For coordinated care and treatment
  • Insurance Clearinghouses: For claims processing via X12 EDI
  • Legal Authorities: When required by law or court order
  • Business Associates: Who help us provide services (under HIPAA-compliant Business Associate Agreements)

We will never sell your personal or health information to third parties.

Data Security

We implement comprehensive security measures to protect your information:

  • AES-256-GCM encryption for PHI at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication for administrative access
  • Regular security audits and penetration testing
  • HIPAA-compliant audit logging of all PHI access (45 CFR § 164.312)
  • Role-based access controls and least privilege principles
  • Automated encryption key rotation every 90 days
  • Secure deletion of PHI per NIST SP 800-88 guidelines

Your Rights

Under HIPAA, you have the right to:

  • Access and obtain copies of your health records
  • Request corrections to your health information
  • Request restrictions on certain uses and disclosures
  • Receive confidential communications
  • Request an accounting of PHI disclosures
  • Receive a paper copy of this privacy notice
  • File a complaint with us or the HHS Office for Civil Rights

Data Retention

We retain your health information for a minimum of 7 years after your last service date, as required by federal and state law. After this period, records are securely destroyed using NIST SP 800-88 certified data destruction methods.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page.

Last updated: February 2026

Contact Our Privacy Officer

For questions about this privacy policy or to exercise your rights under HIPAA, please contact our Privacy Officer.

Back to Home