Privacy Policy & Terms of Service
How Medmio handles protected health information, personal data, and acceptable use of the platform.
On this page
Privacy Policy Handling Protected Health Information Data retention & deletion Terms of Service ContactPrivacy Policy
Medmio, Inc. ("Medmio," "we," "us," or "our") provides AI-powered medical coding and charge capture software to healthcare providers. This Privacy Policy describes the information we collect, how we use it, and the choices available to our customers and their patients.
Handling Protected Health Information (PHI)
Medmio is a HIPAA Business Associate. When a covered entity uses our platform, we process PHI solely on behalf of the covered entity and in accordance with the Business Associate Agreement (BAA) executed between Medmio and that customer.
- All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access to PHI is role-based and logged in a comprehensive audit log.
- Medmio complies with HIPAA, HITECH, and applicable state privacy laws.
Data retention & deletion
Customer and patient data is retained for the duration of the customer's subscription and for a limited period thereafter as specified in the applicable agreement. Customers may request deletion or export of their data at any time by contacting their account representative or emailing privacy@medmio.com.
Information we collect on our website
Our public website (medmio.com) collects standard analytics information — pages visited, referring source, device/browser — and contact form submissions. We do not collect PHI through the website. Contact form submissions are used solely to respond to inquiries.
Third-party subprocessors
Medmio works with a limited set of vetted subprocessors for hosting, monitoring, and email delivery. A current list is available on request and is covered under our standard BAA.
Terms of Service
Use of the Medmio platform is governed by the Master Services Agreement executed between Medmio and each customer organization. Access to the Medmio mobile application, web console, and APIs is restricted to authorized users of active customer accounts.
Acceptable use
- The platform is intended for use by licensed healthcare providers and their administrative staff.
- Users may not attempt to reverse-engineer, probe, or disrupt the platform.
- Credentials may not be shared. Each user must have an individual account.
AI-generated coding suggestions & provider responsibility
CodeSightTM produces medical coding suggestions with confidence scores. All suggestions are subject to provider review and acceptance. Medmio does not practice medicine and does not warrant that any specific claim will be accepted by a payer.
The healthcare provider and the customer practice retain ultimate responsibility and final authority for the accuracy of all submitted medical billing codes. Medmio's coding suggestions are intended as a decision-support tool to facilitate the billing workflow — final review, edits, and submission of codes to payers remain the responsibility of the licensed providers and authorized billing staff at the practice. Medmio is a tool that facilitates billing operations; ultimate legal responsibility for the final billing codes submitted to any payer lies with the practice.
Changes to these terms
We may update this Privacy Policy and these Terms from time to time. Material changes will be communicated to active customers in advance of taking effect.
Contact
Questions about this policy? Email privacy@medmio.com.