Privacy Policy

Receipts Health Inc. (“Receipts”) analyzes Medicare Advantage 835 electronic remittance advice files on behalf of medical practices to identify downcoded claims and draft appeal letters. We act as a Business Associate of the practice under HIPAA, governed by a per-engagement limited-purpose Business Associate Agreement (BAA) signed before any file is uploaded.

The 835 files you upload may contain PHI — patient names, member IDs, claim numbers, dates of birth, and dates of service. We process this data solely to detect downcoding and generate your appeal packet.

Raw 835 files are deleted within 24 hours of processing, regardless of whether processing succeeded. This deletion is an actively monitored job, not a best-effort setting — a failure to purge alarms our team so it can be corrected immediately.

After the 24-hour window, we retain only de-identified, aggregate per-payer statistics — for example, “Payer X downcoded N% of E/M claims this quarter.” These aggregates contain no patient identifiers, no claim or member IDs, no provider or practice names, and no dates of service. They are stored in a separate database schema that is technically isolated from the operational data and is never joined back to it.

We also retain the appeal letters and engagement records needed to deliver and support your service. These live in the operational store and are subject to your BAA.

We de-identify every file at the parsing boundary before any content is sent to an AI model: patient name, member ID, claim number, date of birth, and dates of service are stripped first, and your identifiers are re-inserted into the finished letters locally, after the model has run. No PHI is sent to our AI provider.

Email we send contains links only. Your report and appeal packet live behind a short-lived signed download link; we never attach or inline PHI in an email.

PHI-touching infrastructure runs on Google Cloud Platform under a signed BAA (Cloud Run, Cloud SQL, Cloud Storage, and Vertex AI for the AI model). The following providers receive non-PHI data only:

• SendGrid — transactional email (signed links only, no PHI).
• DocuSign — electronic signing of the engagement BAA.
• Beehiiv — our optional newsletter list (email address only).
• Sentry — error monitoring (no PHI or request bodies).

The practice controls its PHI. You may end an engagement and request deletion of your operational records at any time, subject to the terms of your BAA and applicable law. Newsletter recipients can unsubscribe from any email.

Questions about this policy or our data practices: privacy@receiptshealth.com.