info@sunrcm.com +1 (800) 555-0123
India | USA | Global Delivery
Get a Free Quote
Privacy & Data Security
SunRCM is committed to protecting your data with industry-leading security measures and full HIPAA compliance.
Our Commitment
SunRCM is a dedicated third-party medical billing and revenue cycle management company serving healthcare providers across the United States. We operate exclusively as a HIPAA Business Associate — every client relationship begins with a signed Business Associate Agreement (BAA).
We do not merely comply with HIPAA — we build our workflows, systems, and culture around the principle that patient privacy is non-negotiable. Safeguarding protected health information (PHI) is the foundation of everything we do.
HIPAA Compliant
BAA Protected
PHI Safeguarded
How Information Is Used
We access, use, and disclose PHI solely to provide contracted revenue cycle management services. All use is limited to the following functions:
Billing & Claims Management
Process and submit medical claims on behalf of healthcare providers within contracted scope.
Payment Posting
Record and reconcile insurance and patient payments accurately and efficiently.
Reporting & Auditing
Generate performance and compliance reports using minimum-necessary data access.
Claims Follow-Up
Manage denials, appeals, and resubmissions to maximize revenue recovery.
Administrative Functions
Support prior authorizations, credentialing coordination, and related RCM tasks.
What We Will Never Do
  • Use PHI for marketing, advertising, or any purpose outside contracted services
  • Sell, license, or share PHI with any third party beyond the scope of your BAA
  • Access patient or client information beyond what is strictly necessary to perform contracted work
  • Collect patient health information through our website or any unauthorized channel

Our Safeguards

We maintain appropriate administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of all client data:

Role-Based Access Controls

Each team member has minimum necessary access based on their role. Access is logged and revoked immediately upon role changes.

HIPAA-Eligible Platforms

We exclusively use secure, HIPAA-eligible systems and cloud environments with encryption at rest and in transit.

Workforce Training

All SunRCM staff undergo regular HIPAA privacy and security training. Compliance is a condition of employment.

Ongoing Access Monitoring

We continuously monitor system access workflows and data handling patterns to detect and respond to anomalies.

Secure Data Transmission

All PHI uses encrypted, authenticated channels. Unsecured email transmission of PHI is strictly prohibited.

Incident Response

We maintain documented breach notification and incident response procedures aligned with HIPAA's Breach Notification Rule.

Client Responsibility

SunRCM acts exclusively under the direction of our clients. As a Business Associate, we support your compliance obligations — but we do not replace them.

Each client, as a Covered Entity under HIPAA, retains full responsibility for:

  • Their own Notice of Privacy Practices (NPP)
  • Direct patient communications regarding PHI use
  • Overall HIPAA compliance program as a Covered Entity
  • Oversight of all Business Associates, including SunRCM

Our BAA clearly delineates responsibilities. We encourage all clients to review the agreement with their compliance officer or legal counsel prior to engagement.

Website Information

What We May Collect

When you visit sunrcm.com, we may collect limited information you voluntarily provide — such as your name, email address, and inquiry details submitted through our contact form. We also collect standard website usage data to improve site functionality.

How It Is Used

Website information is used solely to respond to inquiries, communicate about our services, and improve your browsing experience. We do not collect patient health information through this website, and we do not sell or share website data for marketing purposes.

Questions & Contact

If you have questions about our privacy or data security practices, please contact us. Our compliance team is available to address questions about:

How we handle and protect your patients’ PHI Our HIPAA safeguards and compliance program Business Associate Agreement terms and requirements Specific data handling procedures for your practice
Contact Our Compliance Team

Legal Disclaimer: This page is provided for informational purposes only and does not constitute legal advice. The practices described herein do not replace or supersede the specific terms of any signed Business Associate Agreement between SunRCM and a client. In the event of any conflict between this page and a signed BAA, the terms of the BAA shall govern.