Caddison Header
CADDISoN Billing Assistant

Privacy Policy

Caddison • Privacy Policy
Privacy First • HIPAA-Aligned

Privacy Policy of Caddison

Your privacy is important to us. This Policy explains how Caddison collects, uses, discloses, and protects information when you visit our website or use our services. By using our website or services, you agree to these practices.

Last updated: September 2025 • Jurisdiction: New York, USA

1. Introduction & Commitment to Privacy

Welcome to Caddison. Your privacy is important to us, and this Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. By accessing the website or engaging our services, you agree to the practices described in this Privacy Policy.

Caddison specializes in healthcare support services, including medical billing, medical coding, revenue cycle management (RCM), medical scribing, provider enrollment and contracting, audit and analysis, and reporting and analytics. Because our work involves sensitive financial and healthcare information, we are firmly committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable data privacy laws.

We protect both Personally Identifiable Information (PII) and Protected Health Information (PHI). This Policy outlines:

  • What types of information we collect
  • How that information is used
  • When it may be shared
  • Your rights and choices
  • How Caddison secures your data

If you do not agree with any part of this Policy, please discontinue use of our website and services immediately.

2. Information We Collect

2.1 Personal Information (PII)

We may collect information that identifies you directly or indirectly, such as:

  • Full name; business or practice name; job title/role
  • Email address; telephone number(s)
  • Account login details (if applicable)
2.2 Protected Health Information (PHI)

As part of our billing, coding, scribing, and RCM services, we may collect, process, and store PHI (as defined by HIPAA), such as patient contact details, insurance IDs, medical record numbers, diagnosis/treatment history, prescriptions, procedures, and encounter documentation. We process PHI only as required to provide contracted services to healthcare providers, and never for unrelated marketing.

2.3 Financial & Payment Information

We may collect billing and payment data (e.g., bank details, cards, tax IDs, payment history) solely to process payments and manage accounts.

2.4 Automatically Collected Information (Usage Data)

We collect non-personal usage data to improve the website, such as IP address, browser type, device/OS, referring pages, timestamps, pages viewed, and clickstream paths via cookies, pixels, and analytics tools.

2.5 Cookies & Tracking Technologies

We use session and persistent cookies to remember preferences, improve load times, personalize experiences, and deliver relevant content. You can disable cookies in your browser, but some features may not function properly.

3. How Caddison Uses Your Information

3.1 Service Provision
  • Deliver billing, coding, RCM, scribing, provider enrollment, audit/analysis, and reporting services
  • Verify eligibility, process claims, manage denials
  • Coordinate with providers, payers, and vendors
3.2 Account Management
  • Create and manage client accounts, authenticate access
  • Provide account-related updates, invoices, transactions
3.3 Communication
  • Respond to inquiries and support requests
  • Send service notices and security alerts
  • Deliver newsletters/marketing if you opt in
3.4 Service Improvement
  • Analyze performance and usage trends
  • Enhance solutions and conduct QA/training
3.5 Legal & Compliance Obligations
  • Comply with HIPAA and healthcare laws
  • Fulfil reporting requirements, cooperate with lawful requests

4. Disclosure of Information

We do not sell or rent your personal data or PHI to third-party marketers. We may share information only in these limited situations:

4.1 Employees & Contractors

Access is limited to authorized personnel who need it to perform duties. All are HIPAA-trained and bound by confidentiality agreements.

4.2 Healthcare Providers & Insurers

For operational purposes (e.g., billing, claims management, RCM), information may be shared with providers, insurers, and clearinghouses under HIPAA safeguards.

4.3 Third-Party Vendors

We use vendors for payment processing, hosting, analytics, and email. They are contractually required to protect data and not use it for unrelated purposes.

5. Cookies & Tracking Technologies

  • Essential: Basic functionality (e.g., sessions, security)
  • Performance: Site traffic, loading times, navigation
  • Targeting: Remarketing and relevant ads

You can manage cookies in your browser. Disabling cookies may limit some functionality.

6. Behavioral Targeting & Retargeting

  • We may work with advertising networks to display relevant ads
  • These networks may use cookies/beacons to understand browsing
  • Ads may highlight services like billing, coding, and RCM
  • You can opt out via industry tools (e.g., NAI opt-out)

7. HIPAA Compliance & PHI Security

  • Administrative: Staff training, role-based access, confidentiality
  • Physical: Secure locations, controlled access, monitoring
  • Technical: Encryption in transit/at rest, firewalls, IDS
  • Risk Assessments: Regular audits and analyses
  • Breach Notification: Prompt notice in accordance with HIPAA rules

Clients must also maintain HIPAA compliance when interacting with Caddison.

8. Data Security & Storage

  • Encryption (SSL/TLS) in transit and at rest
  • Role-based access controls
  • Continuous monitoring for suspicious activity
  • Regular backups for continuity
  • Vendor security obligations consistent with HIPAA

While we use industry-standard safeguards, no method of transmission or storage is 100% secure.

9. User Rights & Choices

Depending on your location and applicable laws, you may have the right to:

  • Access your data; request a copy of personal data or PHI
  • Correct or update inaccurate information
  • Request deletion (subject to legal/contractual obligations)
  • Restrict processing; request data portability
  • Opt out of marketing communications

To exercise rights, contact us using the details below.

10. Data Retention

  • We retain data only as necessary for services, legal compliance, or disputes
  • PHI: retained per HIPAA/healthcare regulations
  • Billing/financial: per IRS and accounting standards
  • Account/contact data: until deactivation or deletion request
  • Upon expiry, data is securely deleted or anonymized

11. Security Disclaimer

  • No internet-connected system can be guaranteed 100% secure
  • Transmission via email/SMS or other channels can carry risk
  • We are not responsible for breaches beyond our reasonable control
  • Clients must protect their credentials, devices, and systems

12. Children’s Privacy

  • Our website/services are not directed to children under 13
  • We do not knowingly collect children’s data; we will delete it if discovered
  • Parents/guardians can contact us to request removal

13. Compliance with Legal Requirements

  • HIPAA & HITECH
  • State breach notification laws
  • GDPR (EU users interacting with our website)
  • CCPA (California residents)

14. Governing Law & Jurisdiction

This Policy is governed by the laws of the State of New York, USA, without regard to conflict-of-law principles. Disputes are subject to the exclusive jurisdiction of state and federal courts located in New York.

15. Contact Information

If you have questions about this Privacy Policy, privacy rights, HIPAA compliance, or security practices, contact us:

  • Email: info@caddison.com
  • Phone: +1 (201) 736-3621
  • Address: RXR Plaza, Uniondale, NY, 11553

© Caddison. All rights reserved.