Now accepting new practice partners for Q2 2026. Reserve your spot →

Privacy Policy

Effective Date: January 1, 2026

Cosmos RCM ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our revenue cycle management services.

1. Information We Collect

Personal Information

When you contact us or use our services, we may collect:

  • Name, email address, phone number, and business contact details
  • Practice name, specialty, and location
  • Payment and billing information
  • Communication preferences and inquiry details

Protected Health Information (PHI)

In the course of providing revenue cycle management services, we may access PHI on behalf of our clients, including:

  • Patient names, dates of birth, and demographic information
  • Insurance information and authorization details
  • Medical codes, diagnoses, and treatment records as necessary for billing

Technical Information

We automatically collect certain information when you visit our website:

  • IP address, browser type, and device information
  • Pages visited, time spent on site, and referral sources
  • Cookies and similar tracking technologies (see Section 6)

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide revenue cycle management, billing, coding, credentialing, and related services to our clients
  • Communication: To respond to inquiries, send service updates, and provide customer support
  • Business Operations: To process payments, manage contracts, and improve our services
  • Compliance: To meet legal and regulatory requirements, including HIPAA and tax obligations
  • Marketing: To send relevant content, newsletters, and promotional materials (you may opt out at any time)
  • Analytics: To analyze website traffic, user behavior, and service performance

3. Data Security

We take data security seriously and implement industry-standard safeguards to protect your information:

  • Encryption: All PHI and sensitive data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access controls and multi-factor authentication (MFA) for all team members
  • Monitoring: Continuous monitoring for security threats and unauthorized access attempts
  • Compliance: Working toward SOC 2 Type II certification; regular security assessments planned
  • Training: Annual security and privacy training for all employees
  • Business Associate Agreements: Executed BAAs with all vendors who may access PHI

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you promptly in the event of a data breach as required by law.

4. HIPAA Compliance

Cosmos RCM operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We:

  • Execute Business Associate Agreements (BAAs) with all covered entity clients
  • Limit PHI access to the minimum necessary to perform our services
  • Implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule
  • Conduct annual risk assessments and maintain compliance documentation
  • Train all employees on HIPAA Privacy and Security Rules
  • Report breaches of unsecured PHI to clients within required timeframes

5. Third-Party Disclosures

We do not sell, rent, or trade your personal information or PHI. We may disclose information to third parties only in the following circumstances:

  • Service Providers: Trusted vendors who assist with hosting, payment processing, and analytics (all under BAAs where PHI is involved)
  • Legal Obligations: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected parties)
  • With Your Consent: When you explicitly authorize disclosure for a specific purpose

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience and analyze site traffic. Types of cookies we use:

  • Essential Cookies: Required for site functionality (cannot be disabled)
  • Analytics Cookies: Google Analytics to understand site usage (anonymized data)
  • Marketing Cookies: To deliver relevant ads and measure campaign effectiveness

You can manage cookie preferences through your browser settings. Disabling cookies may affect site functionality.

7. Your Rights

You have the following rights regarding your information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal and contractual obligations)
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Data Portability: Request your data in a machine-readable format
  • Restrict Processing: Request that we limit how we use your information

If we are processing PHI on behalf of your healthcare provider, you should direct privacy requests to the provider directly.

8. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Cosmos RCM Privacy Office
Email: privacy@cosmosrcm.com
Address: [Company Address]

We will respond to all requests within 30 days.

Changes to This Policy: We may update this Privacy Policy from time to time. The "Effective Date" at the top reflects the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.