Privacy Policy · R3 Healthcare Solutions
Back to Home

Privacy Policy

Last Updated: October 24, 2025

1. Introduction

MDHex ("we," "our," or "us") is committed to protecting your privacy and the security of your Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our charge capture and revenue management platform.

As a HIPAA-compliant healthcare technology provider, we adhere to the highest standards of data protection and privacy as required by the Health Insurance Portability and Accountability Act (HIPAA) and other applicable regulations.

2. Information We Collect

2.1 Protected Health Information (PHI)

We collect and process the following PHI as necessary to provide our services:

  • Patient demographics (name, date of birth, gender, address)
  • Medical record numbers and patient identifiers
  • Insurance information (carrier, policy numbers, subscriber details)
  • Diagnosis codes (ICD-10)
  • Procedure codes (CPT codes)
  • Physician and facility information
  • Medical documentation and facesheet images

2.2 Account Information

We collect the following information when you create an account:

  • Name and email address
  • Organization and hospital affiliation
  • Professional role and credentials
  • Login credentials and authentication data

2.3 Technical Information

We automatically collect certain technical information:

  • IP address and device information
  • Browser type and version
  • Session data and access logs
  • Usage patterns and feature interactions

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide charge capture, patient tracking, and revenue management services
  • AI Processing: To extract patient data from uploaded facesheets using OCR and AI technology
  • Data Storage: To securely store and manage patient records and medical documentation
  • Reporting: To generate reports and analytics for billing and administrative purposes
  • Authentication: To verify user identity and enforce access controls
  • Security: To monitor for security threats and maintain audit logs
  • Compliance: To meet HIPAA and other regulatory requirements
  • Support: To provide customer support and troubleshooting

4. Data Sharing and Disclosure

4.1 Business Associates

We share PHI only with HIPAA-compliant Business Associates who have signed Business Associate Agreements (BAAs):

  • Google Cloud Platform: For cloud infrastructure, data storage, and AI services
  • Anthropic (via Google Vertex AI): For AI-powered data extraction

4.2 What We Never Do

We will never:

  • Sell your PHI to third parties
  • Use your PHI for marketing purposes
  • Share your PHI without proper authorization
  • Disclose your PHI except as required by law

4.3 Legal Disclosures

We may disclose your information when required by law, such as in response to:

  • Court orders or subpoenas
  • Government agency requests (with proper legal authority)
  • Investigations of suspected fraud or abuse
  • Public health and safety emergencies

5. Data Security

We implement comprehensive security measures to protect your PHI:

  • Encryption: All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access with mandatory two-factor authentication (2FA)
  • Audit Logging: Complete audit trails of all PHI access and modifications
  • Session Management: 30-minute inactivity timeout and secure session handling
  • Infrastructure: HIPAA-compliant Google Cloud Platform with enterprise-grade security
  • Monitoring: 24/7 security monitoring and automated threat detection
  • Vulnerability Management: Regular security audits and dependency scanning

6. Data Retention

We retain your information as follows:

  • Patient Data: Retained for the duration of your subscription plus 6 years (HIPAA requirement)
  • Audit Logs: Retained indefinitely for compliance and legal purposes
  • Account Data: Retained until account deletion, then archived for 30 days
  • Uploaded Documents: Retained per your organization's retention policy

7. Your Rights

Under HIPAA and applicable privacy laws, you have the right to:

  • Access: Request access to your PHI and account information
  • Amendment: Request corrections to inaccurate or incomplete PHI
  • Accounting: Request an accounting of PHI disclosures
  • Restriction: Request restrictions on certain uses and disclosures
  • Confidential Communications: Request communications through alternative means
  • Breach Notification: Be notified of any breaches affecting your PHI

To exercise these rights, please contact us at privacy@mdhex.com

8. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Remembering user preferences

We do not use tracking cookies, advertising cookies, or third-party analytics that could compromise patient privacy.

9. Children's Privacy

Our service is not directed to individuals under 18 years of age. While we may process PHI of pediatric patients as part of our healthcare services, we do not knowingly collect personal information directly from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending email notifications for significant changes

Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices:

MDHex Privacy Office

Email: privacy@mdhex.com

Support: support@mdhex.com

For security incidents or data breaches, please contact: security@mdhex.com

12. Compliance Certifications

MDHex maintains compliance with:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • HITECH Act
  • State privacy laws applicable to healthcare data

For more information about our compliance program, please visit our HIPAA Compliance page.