What is Revenue Cycle Management (RCM)?

Revenue Cycle Management is the financial process that healthcare facilities use to track patient care episodes from registration and appointment scheduling to the final payment of a balance. It encompasses billing, coding, claims submission, denial management, and collections.

How is HCIP Billing priced?

We offer flexible pricing based on a percentage of collections — typically 4-8% depending on specialty and volume. No upfront fees. No long-term contracts required. You only pay when we collect.

Is HCIP Billing HIPAA compliant?

Absolutely. HCIP Billing maintains full HIPAA compliance with SOC 2 security standards. All team members complete annual HIPAA training, and our systems use enterprise-grade encryption for all patient data.

HIPAA Notice of Privacy Practices

Last updated: March 2026

1. Our Commitment to HIPAA Compliance

HCIP Billing, a division of Healthcare Industry Partners, is committed to protecting the privacy and security of Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and all applicable federal and state regulations. As a Business Associate to covered healthcare entities, we maintain rigorous standards for PHI handling.

2. Protected Health Information (PHI)

In the course of providing Revenue Cycle Management services, we may access, process, store, or transmit PHI on behalf of our client practices. PHI includes any individually identifiable health information related to:

A patient's past, present, or future physical or mental health condition
The provision of healthcare to a patient
Past, present, or future payment for healthcare services
Demographic information such as name, address, date of birth, and Social Security number when connected to health information

3. How We Use and Disclose PHI

We use and disclose PHI only as permitted or required by HIPAA and our Business Associate Agreements (BAAs). Permitted uses include:

Treatment, Payment, and Healthcare Operations: We process claims, manage denials, handle coding, and support billing operations on behalf of your practice.
As Required by Law: We may disclose PHI when required by federal, state, or local laws.
Business Associate Activities: We use PHI only to perform services specified in our BAA with your practice.

We do not use or disclose PHI for marketing purposes. We do not sell PHI.

4. Patient Rights

Patients whose PHI we process on behalf of covered entities have the following rights under HIPAA:

Right to Access: Patients may request access to their PHI. Such requests should be directed to the treating healthcare provider (covered entity).
Right to Amendment: Patients may request correction of inaccurate PHI through their healthcare provider.
Right to an Accounting of Disclosures: Patients may request an accounting of certain disclosures of their PHI.
Right to Request Restrictions: Patients may request restrictions on certain uses and disclosures of their PHI.
Right to Confidential Communications: Patients may request that communications about their PHI be conducted through specific means or at specific locations.
Right to a Copy of This Notice: Patients may request a copy of this notice at any time.

5. Administrative, Physical, and Technical Safeguards

We maintain comprehensive safeguards to protect PHI:

Administrative: All team members complete annual HIPAA training. Access to PHI is granted on a need-to-know basis. We maintain documented policies and procedures for PHI handling.
Physical: Our facilities employ physical access controls including locked workstations, restricted server areas, and visitor management protocols.
Technical: We utilize enterprise-grade encryption for data at rest and in transit, multi-factor authentication, audit logging, automatic session timeouts, and regular security assessments. Our systems are designed to meet SOC 2 security standards.

6. Breach Notification

In the event of a breach of unsecured PHI, we will notify the affected covered entity without unreasonable delay and no later than 60 days after discovery of the breach, as required by HIPAA and the HITECH Act. We will cooperate fully with the covered entity in notifying affected individuals, the Department of Health and Human Services (HHS), and, where required, the media.

7. Business Associate Agreements

We enter into Business Associate Agreements with all covered entity clients before accessing any PHI. These agreements outline our obligations, permitted uses of PHI, breach notification procedures, and termination provisions in accordance with HIPAA requirements.

8. Subcontractors

Any subcontractors who may access PHI on our behalf are required to enter into BAAs with us and maintain the same level of HIPAA compliance.

9. Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or directly with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against any individual for filing a complaint.

10. Privacy Officer Contact

For questions about this HIPAA notice or our privacy practices, contact our Privacy Officer:

Email: matt@hcip.health
Phone: (318) 401-2221
Address: 8575 Fern Avenue, Suite 108, Shreveport, LA 71105

This notice is provided for informational purposes and does not constitute legal advice. Consult your legal counsel for advice specific to your practice's HIPAA compliance obligations.