BillPilots LLC Notice of Privacy Practices

Effective Date: April 17, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.  

Our Commitment to Your Privacy  

BillPilots is dedicated to protecting the privacy and security of your personal and health information. This Notice explains how we use and share your Protected Health Information (PHI) as part of providing our medical bill negotiation services. PHI includes information about your identity (like name, address, date of birth), your health conditions, the healthcare you receive, and payment for that care, which we receive from you or obtain on your behalf to perform our services. We are required by law, including the Health Insurance Portability and Accountability Act (HIPAA), to protect your PHI and to provide you with this notice explaining our legal duties and privacy practices.

How We May Use and Disclose Your Protected Health Information (PHI)

When you sign up for our services, you will be asked to sign a specific "HIPAA Authorization for Release of Protected Health Information (PHI)" form (typically through our secure partner, FormHippo). This authorization allows us to use and disclose your PHI for the following purposes:

1. For Payment Activities: This is the primary reason we use your PHI. This includes:

  • Reviewing your medical bills and related health information.

  • Communicating with your healthcare providers (doctors, hospitals, clinics) and insurance companies (or other payers) about your bills.

  • Negotiating the amounts you owe on your medical bills on your behalf.

  • Sharing necessary information with providers or insurers to facilitate the negotiation and potential resolution of your bills.

  • Coordinating with you regarding the negotiation process and outcomes.

2. For Health Care Operations: We may use or disclose your PHI for certain activities necessary to operate our business and provide your service, such as:

  • Managing your account and providing customer service related to your negotiation case.

  • Internal record-keeping related to the services we provide you.

  • Training our staff (using minimum necessary information).

  • Important Note: For activities like evaluating and improving our services, tracking overall client savings, or performing general business analytics, we use de-identified information. This means we remove details that could identify you, so the information is no longer PHI and its use is not restricted by HIPAA.

3. As Required by Law: We must disclose your PHI when required to do so by federal, state, or local law. This may include:

  • Responding to a court order, subpoena, or other lawful process.

  • Reporting information to public health authorities (e.g., for disease control, though this is less common for our services).

  • Reporting information to government oversight agencies (e.g., the Department of Health and Human Services for HIPAA compliance reviews).

  • Responding to requests from law enforcement officials in specific circumstances (e.g., related to crime victims, legal investigations).

  • Disclosures for national security, intelligence activities, or military purposes as required by law.

4. To You: We will disclose your PHI to you upon your request, as described in the "Your Rights" section below.

Uses and Disclosures Requiring Your Written Authorization

Any use or disclosure of your PHI not described in this Notice will be made only with your specific written authorization. You must provide separate, written permission for:

  • Marketing: BillPilots does not use or disclose your PHI for marketing purposes without your explicit written authorization.

  • Sale of PHI: BillPilots does not sell your PHI. Any sale of PHI would require your explicit written authorization.

  • Psychotherapy Notes: BillPilots does not collect or handle psychotherapy notes. Disclosure of such notes generally requires specific authorization.

  • Other Uses: Any other purpose not listed above requires your specific written permission.

If you provide us with written authorization, you have the right to revoke (cancel) that authorization in writing at any time. If you cancel your authorization, we will stop any future uses or disclosures for the reasons covered by that authorization, except where we have already acted based on your permission or where we are required by law to continue processing your information.

Your Rights Regarding Your Protected Health Information (PHI)

You have the following rights concerning the PHI that BillPilots maintains about you:

  1. Right to Inspect and Copy: You have the right to look at and get a copy of the PHI we maintain about you that is used to make decisions about your case (such as copies of bills we've processed or correspondence related to your negotiations).

    • How to Request: Submit your request in writing to our contact information below. We may charge a reasonable, cost-based fee for copies.

  2. Right to Request Amendment: If you believe the PHI we maintain about you is incorrect or incomplete, you may ask us to amend (correct or add to) the information.

    • How to Request: Submit your request in writing, including the reason for the amendment, to our contact information below. We may deny your request under certain circumstances (e.g., if the information is accurate, was not created by us, or is not part of the information you are permitted to inspect). We will provide a written explanation if we deny your request.

  3. Right to Request Restrictions: You have the right to ask us to restrict (limit) how we use or disclose your PHI for payment or health care operations. You can also request limits on disclosures to family members or others involved in your care or payment (though this is less typical for our service).

    • How to Request: Submit your request in writing to our contact information below.

    • Our Response: We will consider your request carefully, but we are generally not required by law to agree to the restriction (except in limited circumstances not typically applicable to our service model). If we do agree, we will comply with the restriction unless the information is needed for emergency treatment or required by law.

4. Right to Request Confidential Communications: You have the right to request that we communicate with you about your PHI in a specific way or at a specific location to protect your privacy (e.g., contacting you only at a certain phone number or mailing address).  

  • How to Request: Submit your request in writing to our contact information below. We will accommodate all reasonable requests.

  1. Right to Receive an Accounting of Disclosures: You have the right to request a list (an "accounting") of certain disclosures we have made of your PHI during the past six years (or a shorter period if requested). This list will not include disclosures made for payment, health care operations, directly to you, based on your authorization, for national security, or certain other disclosures.

    • How to Request: Submit your request in writing to our contact information below. The first accounting you request in any 12-month period is free. We may charge a reasonable fee for additional requests within the same year.

  2. Right to Be Notified of a Breach: You have the right to be notified if there is a breach (a compromise) of your unsecured PHI. We will notify you promptly in accordance with legal requirements.

  3. Right Regarding Genetic Information: BillPilots does not collect or use genetic information. HIPAA provides special protections for genetic information.

  4. Right to Get a Copy of This Notice: You have the right to receive a paper copy of this Notice of Privacy Practices upon request, even if you agreed to receive it electronically. A copy is also available on our website.

Our Responsibilities

BillPilots is required by law to:

  • Maintain the privacy and security of your Protected Health Information.

  • Provide you with this Notice of our legal duties and privacy practices regarding your PHI.  

  • Follow the terms of the Notice currently in effect.

  • Notify you following a breach of your unsecured PHI.

We have implemented administrative, physical, and technical safeguards to protect your PHI. This includes using secure platforms and partners (like FormHippo for authorizations and data collection, and Google Workspace for specific forms) who agree to protect your information through Business Associate Agreements (BAAs), and utilizing security measures such as encryption. We retain your PHI only as long as necessary to provide our services and comply with legal obligations, after which it is securely deleted or anonymized.

Changes to This Notice

We reserve the right to change this Notice of Privacy Practices at any time. Changes will apply to PHI we already have about you as well as any information we receive in the future. We will post the current Notice on the BillPilots website with the effective date. You may request a copy of the current Notice at any time.

Contact Information

If you have questions about this Notice, wish to exercise your rights, or have concerns about our privacy practices, please contact us at:

BillPilots LLC
Email: hello@billpilots.com
Mail: 5900 Balcones Drive #24750 Austin, TX 78731

Effective Date: April 17, 2025