Privacy Policy | BlueBird Medserv — HIPAA Compliant Medical Billing
Last updated: January 1, 2026 | Effective Date: January 1, 2026
1. Information We Collect
BlueBird Medserv collects information necessary to deliver medical billing and revenue cycle management services to our healthcare provider clients. This may include:
- Business contact information — names, practice names, addresses, phone numbers, and email addresses of healthcare providers and their administrative staff
- Protected Health Information (PHI) — patient demographic and clinical data shared by healthcare providers solely for the purpose of billing, claims processing, and related RCM services, as governed by our Business Associate Agreement (BAA)
- Financial information — billing data, payment information, and insurance payer details necessary to process claims and post payments
- Website usage data — standard web analytics including IP addresses, browser type, and pages visited, collected via cookies solely for website improvement purposes
2. HIPAA Compliance
BlueBird Medserv operates as a Business Associate under HIPAA regulations. We enter into a signed Business Associate Agreement (BAA) with every covered entity client before accessing any protected health information. All PHI handled by BlueBird Medserv is used exclusively for the treatment, payment, and healthcare operations purposes outlined in each client's BAA.
We implement the administrative, physical, and technical safeguards required under the HIPAA Security Rule to protect electronic PHI (ePHI), including: encrypted data storage and transmission, access controls and audit logs, workforce training and sanction policies, and documented incident response procedures.
3. How We Use Information
Information collected by BlueBird Medserv is used exclusively for the following purposes:
- Delivering contracted medical billing, coding, and RCM services to our healthcare provider clients
- Communicating with clients about their accounts, billing performance, and service matters
- Complying with legal and regulatory obligations
- Improving our internal processes and service quality (using de-identified aggregate data only)
- Operating and improving our website
BlueBird Medserv does not sell, rent, or share any personal information or PHI to third parties for marketing or commercial purposes.
4. Data Security
We maintain comprehensive data security measures including industry-standard encryption for all data in transit and at rest, role-based access controls that restrict PHI access to authorized personnel only, regular security assessments and penetration testing, secure remote access protocols for all staff, and annual workforce security training.
5. Data Retention
BlueBird Medserv retains client data, including PHI, for the period required under applicable federal and state law and as specified in our client agreements. Upon termination of a client relationship, data is returned, transferred, or securely destroyed in accordance with HIPAA requirements and the terms of the governing BAA.
6. Your Rights
If you are a patient whose information has been processed by BlueBird Medserv on behalf of your healthcare provider, your privacy rights are governed by your provider's Notice of Privacy Practices. For questions about your rights, please contact your healthcare provider directly.
If you are a BlueBird Medserv client or website visitor, you may contact us at any time to: access or correct your business contact information, request removal of your information from our marketing communications, or raise concerns about our privacy practices.
CCPA — California Privacy Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information:
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources of that information, and the purposes for which it is used.
- Right to Delete: You may request deletion of personal information we have collected, subject to certain legal exceptions.
- Right to Opt-Out of Sale: BlueBird Medserv does not sell personal information. You have no need to opt out.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To submit a California privacy request, email sales@bluebirdmedserv.com with the subject line "California Privacy Request."
GDPR — International Visitors
This website is operated from the United States and is primarily intended for US-based healthcare providers. If you access this website from the European Economic Area (EEA) or United Kingdom, your information may be transferred to and processed in the United States.
If GDPR applies to you, you have rights to access, correct, erase, restrict processing of, and port your personal data, and to object to processing. Contact sales@bluebirdmedserv.com to exercise these rights.
Cookies & Analytics
This website uses Google Analytics 4 (GA4), which sets cookies to collect anonymised data about how visitors use the site (pages visited, time on site, browser type). This data helps us improve the website. You may opt out using the Google Analytics Opt-out Browser Add-on.
Our contact form is protected by Google reCAPTCHA v3, which is subject to Google's Privacy Policy and Terms of Service. reCAPTCHA collects hardware and software information to verify that you are a human.
You can manage cookie preferences through your browser settings or by using the cookie consent banner on this site.
7. Contact Us About Privacy
If you have any questions, concerns, or complaints regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer:
- Email: sales@bluebirdmedserv.com
- Phone: 678-940-0222
- Mail: Privacy Officer, BlueBird Medserv, 3652 Chamblee Dunwoody Rd, Atlanta, GA 30341
8. Changes to This Policy
BlueBird Medserv reserves the right to update this Privacy Policy at any time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised effective date. Continued use of our services following any update constitutes acceptance of the revised policy.