Privacy Policy
Effective date: May 6, 2026
1. Scope
This Privacy Policy describes how Medvesra, LLC (“Medvesra”) collects, uses, and safeguards information submitted through our websites, intake forms, and commercial engagements. It applies to visitors, prospective clients, and authorized representatives of healthcare organizations evaluating our RCM, medical billing, and provider credentialing services.
2. Information we process
We collect business contact details (name, title, email, phone), organization attributes, provider roster information, and messages you voluntarily provide. When you engage us under a Business Associate Agreement, protected health information is processed solely as permitted by HIPAA and the underlying contract.
3. How we use information
Information is used to respond to inquiries, perform AR and credentialing diligence, execute statements of work, operate secure collaboration environments, and comply with law. We do not sell personal information and we do not use clinical data for unrelated marketing.
4. Security & retention
Medvesra maintains administrative, technical, and physical controls aligned to SOC 2 Type II expectations, including access logging, encryption in transit, and least-privilege provisioning. Retention schedules follow contractual requirements and applicable regulations, including HIPAA minimum necessary standards.
5. Your choices
You may request access, correction, or deletion of marketing contact records by emailing privacy@medvesra.com. HIPAA-covered requests must follow the processes outlined in your BAA.