Privacy Policy

Dr Care Services ("we," "us," or "our") is a healthcare revenue cycle management company providing medical billing, medical coding, medical credentialing, prior authorization, denial management, and related services to healthcare providers, practices, and organizations across the United States. Our registered business address is 2700 Wabash, PA 19082, USA.

This Privacy Policy explains how Dr Care Services collects, uses, discloses, and protects personal information when you visit our website at drcareservices.com, contact us directly, or use our services. By accessing our website or engaging our services, you agree to the terms described in this Privacy Policy.

This Policy applies to:

• Visitors to our website and digital properties
• Prospective clients who contact us for information or a consultation
• Healthcare provider clients and their authorized representatives
• Business contacts, partners, and vendors

We collect personal information in the following categories depending on how you interact with us:

2.1 Information You Provide Directly

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information including your IP address, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, and device identifiers. This information is collected through cookies, web beacons, and similar tracking technologies described in Section 6.

2.3 Information from Third Parties

We may receive information about you from third-party sources including business referral partners, publicly available professional databases such as the National Provider Identifier (NPI) registry, LinkedIn and professional networking platforms, and analytics and marketing service providers.

We use the personal information we collect for the following legitimate business purposes:

3.1 Service Delivery

• Providing, managing, and improving our revenue cycle management, medical billing, coding, credentialing, and related services
• Communicating with you about your account, service performance, and reporting
• Processing service agreements, invoices, and payments
• Onboarding new clients and configuring service workflows

3.2 Business Operations

• Responding to inquiries, consultations, and support requests
• Conducting audits, compliance reviews, and quality assurance
• Maintaining our business records and fulfilling legal obligations
• Preventing fraud, unauthorized access, and security incidents

3.3 Marketing & Communications

• Sending newsletters, industry updates, and service announcements (where you have opted in or we have a legitimate interest)
• Contacting prospective clients about our services
• Personalizing website content and user experience

You may opt out of marketing communications at any time by clicking "unsubscribe" in any email we send or by contacting us at privacy@drcareservices.com.

Dr Care Services functions as a Business Associate as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations (45 CFR Parts 160 and 164) when providing revenue cycle management services to healthcare provider clients.

4.1 Business Associate Obligations

As a Business Associate, Dr Care Services:

• Executes a formal Business Associate Agreement (BAA) with every healthcare provider client prior to accessing any PHI
• Uses PHI only as permitted by the BAA and applicable law — strictly for the purposes of providing contracted RCM services
• Implements all required administrative, physical, and technical safeguards under the HIPAA Security Rule
• Reports any breach of unsecured PHI to the covered entity within the timeframes required by the HIPAA Breach Notification Rule
• Ensures that all subcontractors and agents who access PHI on our behalf execute appropriate BAAs and maintain HIPAA compliance

4.2 Patient Privacy Rights

If you are a patient whose PHI has been processed by Dr Care Services on behalf of your healthcare provider, please direct any inquiries regarding your health information privacy rights — including requests for access, amendment, or an accounting of disclosures — to your healthcare provider directly. Your provider, as the HIPAA covered entity, is responsible for managing your individual privacy rights requests.

Dr Care Services does not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:

5.1 Service Providers

We share personal information with trusted third-party service providers who assist us in operating our business, including cloud hosting and infrastructure providers, payment processors, customer relationship management (CRM) software providers, email communication platforms, and cybersecurity and compliance vendors. All service providers are contractually required to protect your information and use it only for the purposes for which it was shared.

5.2 Legal Requirements

We may disclose personal information when required by law, regulation, legal process, or governmental request; when necessary to protect the rights, property, or safety of Dr Care Services, our clients, or the public; or in connection with a fraud investigation, audit, or law enforcement inquiry.

5.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or restructuring of Dr Care Services, personal information may be transferred to the acquiring entity. We will notify affected individuals via email or prominent website notice prior to any such transfer and provide an opportunity to opt out where required by law.

5.4 With Your Consent

We may share your information for any other purpose with your explicit prior consent.

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyze website traffic, and support our marketing activities. We use the following categories of cookies:

• Essential Cookies: Required for core website functionality such as navigation and security. These cannot be disabled without affecting your ability to use the site.
• Analytics Cookies: Collect anonymized data about how visitors use our website — including pages visited, time on site, and referral sources — to help us improve content and performance. We use Google Analytics for this purpose.
• Marketing Cookies: Used to deliver relevant advertising and track the effectiveness of our marketing campaigns. These cookies may be set by third-party advertising partners including Google Ads and LinkedIn.
• Functional Cookies: Remember your preferences and settings to provide a more personalized experience on return visits.

You can manage or disable cookies through your browser settings or through our cookie consent banner. Please note that disabling certain cookies may affect the functionality of our website. To opt out of Google Analytics tracking specifically, you can install the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

Dr Care Services implements comprehensive administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. Our security program includes:

• AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit
• Role-based access controls limiting data access to authorized personnel on a need-to-know basis
• Multi-factor authentication (MFA) for all systems containing personal or health information
• Regular third-party security assessments, vulnerability scans, and penetration testing
• Comprehensive employee security awareness training and background screening
• Incident response and breach notification procedures aligned with HIPAA and applicable state law requirements
• Business continuity and disaster recovery plans to ensure data availability and integrity

Despite our rigorous security measures, no method of electronic storage or transmission is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

We retain personal information for as long as necessary to fulfil the purposes described in this Privacy Policy, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. Our general retention guidelines are:

• Active client data: Retained for the duration of the service relationship and for a minimum of seven (7) years after termination, as required by healthcare industry regulations and applicable law
• Medical billing and RCM records: Retained for a minimum of seven (7) years in compliance with CMS and state-specific medical record retention requirements
• Prospective client and contact information: Retained for up to three (3) years from last contact unless you request deletion sooner
• Website analytics data: Retained for up to twenty-six (26) months in accordance with our Google Analytics configuration
• Employee and contractor records: Retained in accordance with applicable employment law requirements

When retention periods expire, we securely delete or anonymize personal information in accordance with our data disposal procedures.

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal information
• Right to Deletion: Request deletion of your personal information, subject to legal retention obligations
• Right to Portability: Request a copy of your personal information in a structured, machine-readable format
• Right to Object: Object to processing of your personal information for direct marketing or other purposes based on legitimate interests
• Right to Restrict Processing: Request restriction of processing in certain circumstances
• Right to Opt Out of Marketing: Unsubscribe from marketing communications at any time

To exercise any of these rights, please contact us at privacy@drcareservices.com. We will respond to your request within thirty (30) days. We may require verification of your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

Our website and services are directed exclusively to healthcare professionals and business clients. We do not knowingly collect personal information from children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will promptly delete such information. If you believe we may have collected information from a child under 13, please contact us immediately at privacy@drcareservices.com.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this Policy and, where required by law or where we deem appropriate, notify you by email or by posting a prominent notice on our website.

We encourage you to review this Privacy Policy periodically. Your continued use of our website or services following the posting of changes constitutes your acceptance of those changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team using the information below. We are committed to resolving any concerns promptly and transparently.