Skip to main content

Privacy Policy

Our commitment to protecting your privacy and maintaining HIPAA compliance

Last Updated: January 2025

YOUR PRIVACY MATTERS

Introduction

ABM Management Services ("we," "our," or "us") is committed to protecting the privacy and security of protected health information (PHI) and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws.

HIPAA Compliance

As a Business Associate under HIPAA, we are required to:

  • Protect the privacy and security of protected health information (PHI)
  • Use and disclose PHI only as permitted by our Business Associate Agreements
  • Implement appropriate administrative, physical, and technical safeguards
  • Report any breaches of unsecured PHI to covered entities
  • Ensure our subcontractors agree to the same restrictions and conditions

Information We Collect

Protected Health Information (PHI)

We collect and process PHI on behalf of healthcare providers, including:

  • Patient names, addresses, and contact information
  • Dates of service and medical diagnoses
  • Procedure codes and treatment information
  • Insurance information and billing records
  • Social Security numbers and other identifying information

Business Information

We also collect information from healthcare providers and website visitors:

  • Practice name, address, and contact information
  • Physician names and credentials
  • Tax identification numbers (EIN)
  • Website usage data and cookies

How We Use Information

We use PHI and other information only for permitted purposes:

Treatment, Payment, and Healthcare Operations

  • Processing and submitting insurance claims
  • Managing accounts receivable and collections
  • Handling claim denials and appeals
  • Provider credentialing and enrollment
  • Generating reports and analytics for our clients

Required by Law

  • Compliance with legal obligations and court orders
  • Reporting as required by federal or state agencies
  • Cooperating with law enforcement when legally required

Information Security

We implement comprehensive security measures to protect PHI and other sensitive information:

Administrative Safeguards

  • HIPAA training for all workforce members
  • Risk assessments and security audits
  • Access controls and authorization procedures
  • Incident response and breach notification procedures

Physical Safeguards

  • Secure facilities with restricted access
  • Workstation security and device controls
  • Secure disposal of PHI (shredding, wiping)

Technical Safeguards

  • Encryption of data at rest and in transit
  • Secure user authentication and access controls
  • Audit logs and activity monitoring
  • Regular software updates and security patches
  • Firewall and intrusion detection systems

Information Sharing and Disclosure

We do not sell, rent, or trade PHI or personal information. We may share information only in the following circumstances:

  • With Healthcare Providers: We return information to the covered entities we serve
  • With Insurance Companies: For claim processing and payment purposes
  • With Clearinghouses: For electronic claim submission
  • With Service Providers: With Business Associate Agreements in place
  • As Required by Law: When legally obligated to disclose information

Individual Rights

Individuals have certain rights regarding their PHI. These requests should be directed to your healthcare provider, who is the covered entity. Rights include:

  • Right to Access: Request copies of your PHI
  • Right to Amendment: Request corrections to your PHI
  • Right to an Accounting: Receive an accounting of certain disclosures
  • Right to Restrictions: Request restrictions on uses and disclosures
  • Right to Confidential Communications: Request communications by alternative means

Note: As a Business Associate, we fulfill these requests on behalf of covered entities according to their instructions.

Data Retention

We retain PHI and other information according to:

  • Requirements in our Business Associate Agreements
  • Federal and state recordkeeping laws
  • Industry best practices (typically 7 years from date of service)

When information is no longer needed, we securely destroy it using methods that render it unreadable and indecipherable.

Breach Notification

In the event of a breach of unsecured PHI, we will:

  • Notify affected covered entities without unreasonable delay (within 60 days)
  • Provide details of the breach, individuals affected, and mitigation steps
  • Cooperate with covered entities in their notification to individuals and authorities
  • Document the breach and our response in accordance with HIPAA requirements

Website and Cookies

Our website uses cookies and similar technologies to:

  • Improve website functionality and user experience
  • Analyze website traffic and usage patterns
  • Remember user preferences

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

Third-Party Services: Our website may use third-party analytics services (such as Google Analytics) that collect anonymized usage data. These services have their own privacy policies.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights

  • Right to Know: You can request information about what personal information we collect, use, and disclose
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: You can opt out of the "sale" of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Do Not Sell My Personal Information

ABM Management Services does not sell personal information to third parties. We do not share personal information for cross-context behavioral advertising. If you have questions about how we handle your data, please contact us.

How to Exercise Your Rights

To exercise your California privacy rights, you may:

Note: PHI handled under HIPAA may be exempt from certain CCPA provisions. For PHI requests, please contact your healthcare provider.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

ABM Management Services

Phoenix, AZ

(602) 347-6620

privacy@abmservices.net

For privacy rights requests, please contact your healthcare provider directly.