Privacy Policy

Cherry Medical Solutions – Privacy Policy

Effective Date: 2025-09-25

Cherry Medical Solutions (“Company,” “we,” “our,” or “us”) respects the privacy of our clients, their patients, and visitors to our website. This Privacy Policy explains how we collect, use, disclose, and protect personal information obtained through our medical billing and revenue cycle management services, as well as our website and related communications. Because we work in the healthcare sector, we are committed to complying with applicable privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), state privacy regulations, and industry best practices.

By using our services or visiting our website, you agree to the terms of this Privacy Policy.

  1. 1. Scope of This Policy

    2. This Privacy Policy applies to:

    • Client information we collect in connection with our billing, insurance verification, payment posting, denial management, and patient billing support services.
    • Patient information provided by healthcare providers or patients themselves in the course of billing or customer support.
    • Information collected through our website, email communications, or other digital platforms.

    This policy does not supersede any Business Associate Agreements (BAAs) we may sign with healthcare providers under HIPAA. In the event of a conflict, the BAA controls.

  2. 2. Information We Collect

    3. We may collect the following types of information:

    A. Client and Practice Information
    • Practice name, address, contact details, and tax ID.
    • Authorized staff contact information
    • Billing and payment preferences.
    B. Patient Information (Protected Health Information)

    As a Business Associate under HIPAA, we may receive or create Protected Health Information (“PHI”) on behalf of our clients. Examples include:

    • Patient names, addresses, phone numbers, and email addresses.
    • Insurance policy numbers and coverage details.
    • Dates of service, procedure codes, diagnoses, and charges.
    • Payment history and outstanding balances.

    We only collect the minimum necessary PHI required to perform our billing and revenue cycle services.

    C. Website and Technical Information

    When you visit our website, we may automatically collect:

    • IP addresses and device identifiers.
    • Browser type and operating system.
    • Pages visited and time spent.
    • Cookies or similar tracking technologies.

    We use this information for website analytics, security, and user experience improvements.

  3. 3. How We Use Information

    4. We use the collected information for the following purposes:

    • Medical Billing Services: To verify insurance, submit claims, manage denials, and post payments accurately.
    • Client Communication: To provide updates, reports, and customer support.
    • Compliance and Auditing: To meet legal, regulatory, and contractual obligations.
    • Security: To monitor and protect against unauthorized access, data breaches, or fraudulent activities.
    • Website Functionality: To improve usability, personalize content, and analyze traffic.
    • Business Operations: To develop new services, conduct training, and improve our technology platforms.

    We do not sell, rent, or trade personal or health information to third parties.

    4. Legal Bases for Processing (For International Visitors)

    While we primarily operate in the United States, international visitors may be subject to other privacy regimes such as the EU/UK GDPR. Where applicable, we rely on the following legal bases:

    • Performance of a contract (to provide services to our clients).
    • Compliance with legal obligations (HIPAA, state regulations).
    • Legitimate interests (e.g., improving services, website security).
    • Consent (for optional marketing communications).
    5. Disclosure of Information

    We may disclose personal information in the following limited circumstances:

    A. With Clients and Their Authorized Staff

    We share information only with the healthcare providers or authorized personnel who engaged our services.

    B. With Business Associates and Service Providers

    We may use trusted third-party vendors (e.g., secure data hosting, clearinghouses, payment processors). These vendors are contractually required to protect PHI and personal data.

    C. Legal Requirements

    We may disclose information if required by law, regulation, court order, or governmental request.

    D. Mergers or Acquisitions

    If our business undergoes a merger, acquisition, or sale, personal data may be transferred as part of that transaction, but it will remain protected under this policy.

    6. Data Security

    We take extensive measures to safeguard personal and health information, including:

    • HIPAA-compliant data centers and secure cloud environments.
    • Encryption of data at rest and in transit.
    • Access controls based on the principle of least privilege.
    • Regular staff training on privacy and security protocols
    • Incident response plans and breach notification procedures

    While no system is completely secure, we continually monitor and improve our security measures.

    7. Data Retention

    We retain personal and health information only as long as necessary to fulfill the purposes described in this policy or as required by law or contract. After retention periods expire, data is securely deleted or de-identified.

    8. Patient Privacy Rights (HIPAA)

    Because we act as a Business Associate to healthcare providers, requests to exercise HIPAA rights (such as access, amendment, or restriction of PHI) should generally be directed to the healthcare provider. However, we will assist providers in fulfilling such requests as required under HIPAA.

    9. Rights of Individuals Under Other Privacy Laws

    If you reside in a jurisdiction that grants you specific privacy rights—such as the California Consumer Privacy Act (CCPA) or GDPR—you may have rights to:

    • Access the personal data we hold about you.
    • Request corrections or deletions of your data.
    • Object to or restrict processing.
    • Withdraw consent where applicable.

    To exercise these rights, contact us at the information provided below. We will respond in accordance with applicable law.

    10. Cookies and Tracking Technologies

    Our website may use cookies or similar technologies to:

    • Maintain session security.
    • Remember user preferences.
    • Analyze website traffic.

    You can control or disable cookies through your browser settings. Please note that disabling cookies may affect website functionality.

    11. Email Communications

    If you provide us with your email address, we may use it to send:

    • Service-related updates and billing notices.
    • Reports or account information.
    • Optional newsletters or educational content (with your consent).

    You can opt out of non-essential communications at any time by following the unsubscribe link in the email or contacting us directly.

    12. Children’s Privacy

    Our services are directed to healthcare providers and adult patients. We do not knowingly collect personal information from children under 13 without parental or guardian consent, except as permitted under HIPAA through our provider clients.

    13. Third-Party Websites

    Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage users to review the privacy policies of any third-party sites they visit.

    14. International Data Transfers

    If you are accessing our website from outside the United States, note that your information may be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your country. By using our services, you consent to such transfers.

    15. Updates to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or industry standards. The “Effective Date” at the top indicates when the policy was last revised. Significant changes will be communicated through our website or directly to clients where required.

    16. How to Contact Us

    If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

    Cherry Medical Solutions
    Phone: 1-888-731-7615
    Email: support@cherrymedicalsolutions.com
    Address:13325 Wolf Rd, Grass Valley, CA 95949, USA

    We will respond promptly and work to resolve your concerns in accordance with applicable laws.

    17. Your Acknowledgment

    By using our services, providing us with personal or health information, or accessing our website, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please refrain from using our services.

    18. Summary of Our Privacy Commitments
    • We only collect and use the minimum necessary information to perform our services.
    • We never sell or trade patient or client information.
    • We maintain HIPAA-compliant security measures to protect your data.
    • We provide transparency, support, and respect for your privacy rights.

    Cherry Medical Solutions remains committed to protecting the confidentiality, integrity, and availability of the information entrusted to us. Our privacy practices are a core part of our mission to simplify medical billing, maximize revenue, and maintain trust with providers and patients alike.