Security and Privacy
Your data protection is not optional — it is the foundation of everything we build.
Your data is encrypted at rest and in transit
Every piece of data BillRazor stores is encrypted with AES-256 at rest. All data moving between your browser and our servers uses TLS 1.2 or higher. This is the same encryption standard used by banks and government agencies.
We never store your name with your medical data
Your personal identity (name, date of birth, address) is stored separately from your billing data. This means even in the unlikely event of a data breach, your medical billing information cannot be linked back to you without additional encrypted keys.
All providers have signed HIPAA Business Associate Agreements
Every third-party service BillRazor uses — cloud hosting, communication services, and payment processing — has signed a HIPAA Business Associate Agreement (BAA). This legally obligates them to protect your data to HIPAA standards.
Your health information is deleted after your case closes
When your case is resolved, we delete your protected health information from our active systems. We retain only anonymized, de-identified records for regulatory compliance. You can also request deletion at any time.
We use minimum necessary standard
We only access the minimum information needed to identify billing errors and negotiate corrections. We never access your full medical records, clinical notes, or diagnosis information. Only billing codes and amounts are analyzed.
Technical Details
HIPAA Compliance
BillRazor is designed and operated in compliance with the Health Insurance Portability and Accountability Act (HIPAA). We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of Protected Health Information (PHI). For HIPAA-related inquiries, contact [email protected].