Privacy Policy

Cure AR (a product of RCM Matter) is committed to protecting the privacy and security of information we process while delivering medical billing software services. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices available to our clients and their patients.

Information We Collect

To provide our services, we may collect the following types of information:

• Personal and contact information: names, addresses, phone numbers, email addresses, and practice contact details.
• Protected health information (PHI): medical record numbers, dates of service, diagnoses, procedures, insurance details, and other data necessary to perform billing and claims processing.
• Financial information: billing and payment details required to process payments or refunds (for example, payer remittance information; credit/debit or bank details are collected only when required and then handled by a PCI-compliant payment processor).
• Account and usage data: usernames, passwords (securely stored), system activity logs, and usage metrics related to the Cure AR application.
• Device and technical data: IP address, browser type, device identifiers, and cookies or similar technologies used for analytics and product improvements.
• Third-party data: information received from integrated partners such as EHR systems, clearinghouses, and payer feeds necessary to operate billing workflows.
  
  

We collect information directly from clients, client-authorized users and staff, and, where permitted, from patients and third-party partners, such as EHRs and payers.

How We Use Information

We use collected information only as necessary to provide and improve our services, including to:

• Operate, maintain, and deliver medical billing and collection functions, claims submission, payment posting, and reporting.
• Validate eligibility, verify coverage, and perform claim scrubbing and coding support.
• Communicate with clients, client staff, and patients about accounts, claims status, and billing inquiries.
• Provide product support, onboarding, training, and system updates.
• Conduct analytics and product development to improve Cure AR performance and features.
• Meet legal, regulatory, and contractual obligations (including HIPAA compliance where applicable).
• Send administrative messages and, with consent, promotional updates (users may opt out of marketing communications at any time).
  
  

We do not sell personal information. We share data only as described in this policy, to fulfill service obligations, or as required by law.

Who We Share Information With

To ensure full-fledged functionality of Cure AR, we may share information with:

• Authorized client personnel and their delegates (per client instructions and applicable agreements).
• Business partners and service providers (e.g., EHR vendors, clearinghouses, payment processors, cloud hosting providers) that perform services on our behalf under contract. These parties are bound to use the information only for the purposes we authorize and to provide at least the same level of privacy protection.
• Regulators, law enforcement, or other third parties, when required by law or to protect our legal rights.
• Potential acquirers or in connection with corporate transactions, subject to confidentiality protections.
  
  

Where we act as a Business Associate for HIPAA-covered entities, we will execute a Business Associate Agreement (BAA) that governs our use and disclosure of PHI.

Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information and PHI from unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to:

• Encryption of data in transit (TLS) and at rest, where applicable.
• Role-based access controls and multi-factor authentication for authorized users.
• Secure cloud hosting and hardened infrastructure, firewalls, and intrusion detection.
• Regular security assessments, vulnerability scanning, and patch management.
• Audit logging, access monitoring, and incident response procedures.
• Employee security training, background checks where appropriate, and contractual confidentiality obligations for personnel and contractors.
  
  

While we use commercially reasonable security measures, no system is completely immune to risk. If we identify a security incident affecting personal data or PHI, we will respond in accordance with applicable laws and notify affected parties as required.

Data Retention

We retain personal information and PHI only as long as needed to provide services, to meet contractual or legal obligations, or as otherwise permitted under applicable law. Retention periods may vary by data type and client instructions. When information is no longer required, we securely delete, anonymize, or destroy it in accordance with our policies and applicable retention schedules.

Your Privacy Rights

Subject to applicable law and contractual arrangements with your provider, clients and patients may have rights to:

• Access or obtain a copy of the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion or restriction of processing where permitted by law.
• Request portability of your data to another service provider (where technically feasible).
• Object to certain processing activities and opt out of marketing communications.
  
  

To exercise these rights, clients and patients should contact their healthcare provider (the data controller) or contact us at the address below. We will respond to requests in accordance with applicable law and verification procedures.

Cookies and Analytics

We use cookies and similar technologies to operate the Cure AR application, enhance security, analyze usage, and improve performance. Clients may configure some browser settings or consent preferences; disabling certain cookies may limit functionality.

International Transfers

If data is transferred or stored outside the country where it was collected, we take commercially reasonable steps to ensure an adequate level of protection, including contractual protections with service providers.

Changes to This Policy

We may update this Privacy Policy from time to time. When material changes are made, we will post the revised policy with a new effective date and, where required, provide additional notice. Continued use of Cure AR after the effective date constitutes acceptance of the updated policy.

Contact Us

If you have questions, want to exercise your privacy rights, or need to report a privacy concern, please contact:

Email: info@curear.com

Privacy inquiries: info@curear.com

Mailing address: info@curear.com

For urgent security incidents, please reference the subject line “Cure AR — Security Incident” so we can prioritize your request.