BillRelief

HIPAA & Security

How we protect your health information and align with HIPAA.

Our Commitment

BillRelief handles documents that may contain protected health information (PHI). We implement administrative, technical, and physical safeguards designed to align with the Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy Rules. This page summarizes our practices. It is not a guarantee of any particular legal outcome; full HIPAA compliance depends on our policies, Business Associate Agreements (BAAs) where required, risk assessments, and your use of our services.

Safeguards We Use

  • Encryption: Data in transit is encrypted (TLS). Data at rest is stored using secure, access-controlled storage (e.g., encrypted cloud storage).
  • Access controls: Only authorized personnel and systems can access PHI, on a need-to-know basis. Access is tied to authentication and roles.
  • Audit logging: We log access to PHI (e.g., when a bill document is viewed or downloaded) to support accountability and breach investigation.
  • Session security: Sessions time out after a period of inactivity to reduce the risk of unauthorized access.
  • Secure file handling: Uploaded documents are stored in a secure manner; download responses use generic filenames where appropriate to avoid exposing PHI in headers.
  • Security headers: Our website uses headers such as Strict-Transport-Security and Referrer-Policy to improve security.

Your Authorization

Before we contact providers or insurers about your bills, we obtain your HIPAA authorization. That authorization describes what we may do with your PHI and how you can revoke it. We use and disclose PHI only as allowed by your authorization and applicable law.

Your Rights

You have the right to request access to your PHI that we hold, to request corrections in certain circumstances, and to request an accounting of disclosures where required by law. You may also have the right to request restrictions on uses and disclosures. To exercise these rights or to report a concern, contact us at contact@billreliefai.com. We will not retaliate against you for exercising your rights.

Breach Notification

If we discover a breach of unsecured PHI that affects you, we will notify you and, where required, the Secretary of Health and Human Services, in accordance with HIPAA and applicable state law.

Business Associates

Where we act as a business associate of a covered entity (or vice versa), we enter into or maintain BAAs that require appropriate safeguards and compliance with HIPAA. Our subprocessors and vendors that handle PHI are selected with security and compliance in mind.

Disclaimer

This page is for informational purposes only and does not constitute legal or compliance advice. HIPAA compliance is an ongoing process and depends on many factors, including your role (covered entity vs. business associate), the nature of the PHI, and applicable state laws. Consult your own legal or compliance advisor for guidance specific to your situation.

← Privacy Policy