NY Practice Partner (“we,” “our,” or “us”) is committed to protecting the privacy of the individuals and healthcare practices we serve. This Privacy Policy outlines how we collect, use, disclose, and safeguard information when providing our services, including revenue cycle management (RCM), credentialing, virtual front desk, and practice marketing.
By engaging with NY Practice Partner, you consent to the practices described in this policy.
- Who We Are
NY Practice Partner is a healthcare service organization that supports medical practices through revenue cycle management (RCM), credentialing, virtual front desk services, and practice marketing. We are not an Electronic Health Record (EHR) system or software vendor. Instead, we serve as a business associate to our client practices, helping them operate efficiently and grow sustainably.
- Information We Collect
We collect two categories of information:
- Client Practice Information
- Practice name, address, and contact information
- Tax ID, NPI, and provider credentials
- Billing and payer information
- User accounts and preferences
- Credentialing documentation and status updates
- Marketing performance metrics (if applicable)
- Patient Data (on behalf of clients)
In performing services like RCM, credentialing, or virtual front desk support, we may process protected health information (PHI) or personally identifiable information (PII) provided by our clients. This may include:
- Patient names, contact details, and insurance info
- Treatment dates and diagnosis codes
- Claim and payment history
- Appointment scheduling and communication records (for Virtual Front Desk)
We do not collect this data for our own use. It is handled strictly on behalf of our clients and governed by Business Associate Agreements (BAAs).
- We Use the Information
We use collected information only to:
- Deliver contracted services such as RCM, credentialing, virtual front desk, and practice marketing
- Communicate with clients regarding services, updates, or support
- Fulfill compliance obligations under HIPAA or other regulations
- Improve service delivery and operational efficiency
We do not use patient information for marketing or advertising purposes.
- Sharing and Disclosure
We do not sell, rent, or lease your information or patient data.
We may share information with:
- Subcontractors or vendors assisting in delivering RCM, credentialing, virtual front desk, or marketing services (under proper agreements)
- Government agencies or legal entities if required by law or regulation
- Authorized individuals within the client practice
All disclosures follow strict compliance and security protocols.
SMS/Text Messaging Information
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories exclude text messaging originator opt-in data and consent. This information will not be shared with any third parties and will only be used for its intended purpose, such as delivering service-related communications.
- Data Security
We implement industry-standard administrative, physical, and technical safeguards to protect all information we handle. These include:
- Encrypted data transmission
- Access controls and authentication
- Regular audits and monitoring
- Staff training in HIPAA compliance
While no system can guarantee 100% security, we are committed to continuously maintaining and improving protections.
- Business Associate Agreement (BAA)
As a service provider to covered entities under HIPAA, we sign a Business Associate Agreement with each client. The BAA outlines our responsibilities in protecting PHI and maintaining confidentiality, security, and proper use of data.
- Data Retention
We retain client and patient-related data only as long as necessary to fulfill the purpose for which it was collected or as required by law. Upon contract termination, we provide options for secure data return or destruction.
- Your Choices & Rights
Clients may:
- Request access to information we maintain
- Request updates or corrections to practice data
- Terminate services and request secure data return
- Contact us with privacy-related questions at any time
- Children’s Privacy
Our services are intended for professional healthcare providers and are not directed at children under the age of 13. We do not knowingly collect or process data from children.
- Updates to This Policy
We may update this Privacy Policy periodically. Any changes will be posted on our website with the “Revision Date” updated accordingly. We encourage you to review this policy regularly.
