Unified Serve Solutions (“Company,” “we,” “us,” or “our”) is a HIPAA-certified healthcare Business Process Outsourcing (BPO) and digital solutions company registered in the United States and operating globally. This Privacy Policy describes how we collect, use, disclose, and safeguard your information — including Protected Health Information (PHI) — when you access our website, use our services, or otherwise interact with us. By engaging with our services, you acknowledge that you have read and agree to the terms of this policy.
We collect information that is necessary to provide our services, fulfill contractual obligations, and maintain compliance with applicable healthcare regulations. The categories of information we may collect include:
- Personal Identification Information: Name, email address, phone number, job title, and organization name provided through inquiries, contracts, or onboarding processes.
- Protected Health Information (PHI): Patient data processed on behalf of our healthcare clients strictly in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable Business Associate Agreements (BAAs).
- Business & Financial Data: Billing records, insurance documentation, revenue cycle data, and financial reporting information submitted or shared in the course of service delivery.
- Technical & Usage Data: IP addresses, browser type, operating system, pages visited, session duration, and referring URLs collected automatically via cookies and analytics tools.
- Communication Data: Records of emails, support tickets, and correspondence shared with our team.
Information collected is used exclusively to operate, maintain, and improve our services and to meet legal and regulatory obligations. Specific purposes include:
- Delivering contracted healthcare BPO services, including medical billing, revenue cycle management (RCM), and patient engagement solutions.
- Processing PHI solely as a HIPAA Business Associate on behalf of our covered entity clients.
- Communicating service updates, account notifications, and operational changes.
- Conducting internal analytics to enhance service quality and operational efficiency.
- Meeting audit, compliance, and legal reporting obligations.
- Responding to client and user inquiries and providing technical or operational support.
We do not sell, rent, or trade your personal information or PHI to any third party for marketing or commercial purposes.
Unified Serve Solutions operates as a HIPAA Business Associate for all healthcare clients. We handle Protected Health Information (PHI) in strict accordance with the HIPAA Privacy Rule (45 CFR Part 164) and the HIPAA Security Rule.
All PHI processed by Unified Serve Solutions is governed by a signed Business Associate Agreement (BAA) with the covered entity client. PHI is never accessed, used, or disclosed beyond what is expressly authorized under those agreements and applicable law.
Our PHI safeguards include:
- End-to-end encryption of PHI in transit and at rest.
- Role-based access controls and multi-factor authentication for all staff handling PHI.
- Mandatory HIPAA Privacy & Security training for all employees annually.
- Regular risk assessments, vulnerability testing, and internal audits.
- Incident response and breach notification procedures per 45 CFR § 164.400.
We do not disclose personal information or PHI to third parties except in the following circumstances:
- Service Subcontractors: Vetted vendors who support delivery of our services and operate under signed BAAs and data processing agreements.
- Legal Obligations: When required by applicable law, court order, or government regulation.
- Client Consent: When explicitly authorized by the covered entity or data subject.
- Business Transfers: In the event of a merger, acquisition, or asset sale, data will be transferred only with equivalent privacy protections in place.
All third-party partners and subcontractors are evaluated for compliance with HIPAA, ISO, and SOC 2 standards prior to engagement.
We retain personal data and PHI only for the duration necessary to fulfill the purposes for which it was collected, satisfy legal and regulatory retention requirements, or as specified in contractual agreements with our clients.
- PHI is retained in alignment with HIPAA requirements and client-specific BAA terms.
- Business and financial records are maintained in accordance with applicable federal and state regulations.
- Upon contract termination or client request, PHI and sensitive data are securely destroyed using NIST 800-88 compliant methods or returned to the covered entity.
Unified Serve Solutions employs a comprehensive, multi-layered security framework aligned with ISO 27001 and SOC 2 Type II standards. Our administrative, technical, and physical safeguards include:
- ISO 27001-aligned Information Security Management System (ISMS).
- SOC 2 Type II audited controls for Security, Availability, and Confidentiality.
- 256-bit AES encryption for data at rest; TLS 1.2/1.3 for data in transit.
- Secure, access-controlled facilities with physical security protocols for all operational sites.
- Continuous monitoring, threat detection, and incident response capabilities.
- Regular third-party penetration testing and vulnerability assessments.
Subject to applicable law, you may have the following rights with respect to your personal information:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your data where no legal obligation requires its retention.
- Portability: Request transfer of your data in a structured, machine-readable format.
- Withdrawal of Consent: Withdraw consent for processing where consent is the legal basis.
- HIPAA Rights: Patients whose PHI we process on behalf of a covered entity should direct access and amendment requests to their healthcare provider.
To exercise your rights, please contact us using the details provided in Section 11 below.
Our website and services are directed to healthcare organizations and business professionals. We do not knowingly collect personal information from individuals under the age of 13. If we become aware that personal data from a minor has been inadvertently collected, we will promptly delete such information. For concerns, please contact our Privacy Officer directly.
We may revise this Privacy Policy periodically to reflect changes in our services, legal requirements, or industry standards. Material changes will be communicated via a prominent notice on our website or through direct notification to affected clients. The “Last Updated” date at the top of this page reflects the most recent revision. Continued use of our services following any update constitutes your acknowledgment of the revised policy.
For any questions, concerns, or requests related to this Privacy Policy, your personal data, or PHI handled on your behalf, please contact our designated Privacy Officer:
Our Privacy Officer and compliance team are available to address any concerns regarding data handling, HIPAA rights, or policy clarification.
- Email: privacy@unifiedservesolutions.com
- Website: www.unifiedservesolutions.com
- Jurisdiction: United States (Federal HIPAA & applicable state law)