Privacy Policy

1. Introduction

RCMGen LLC is a Delaware limited liability company ("RCMGen," "we," "us," or "our"). We respect your privacy and take it seriously. This Privacy Policy describes how we collect, use, share, store, and protect information when you visit our website at rcmgen.com, interact with our online tools, submit information through our forms, call our published phone numbers, or engage our revenue cycle management services.

This policy applies to general website visitors, prospective clients, current clients, business partners, and anyone else interacting with RCMGen outside the scope of a signed Business Associate Agreement (BAA). Protected Health Information (PHI) handled under a BAA is governed separately by that BAA and by applicable HIPAA regulations.

By using our website, tools, or services, you agree to the collection and use of information as described in this Privacy Policy.

2. Information we collect

2.1 Information you provide directly

We collect information you submit through forms, email, phone, online tools, or other direct communication channels, including:

• Full name
• Work email address
• Phone number
• Organization or facility name
• Role or job title
• Type of organization (hospital, clinic, physician group, ASC, FQHC, RHC, etc.)
• Number of providers, beds, or approximate monthly claim volume
• Information about your revenue cycle setup, current performance, challenges, or evaluation criteria
• Any additional context you provide in free-text fields
• Files you upload through our website (such as deidentified denial data exports or A/R aging reports for audit purposes)
• Inputs you enter into interactive tools on our website (such as the Free Instant Revenue Audit, Denial Recovery Report request, ROI calculators, and benchmark comparisons)

2.2 Information collected automatically

When you visit our website or use our tools, we automatically collect certain technical information, including:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Referring URL and search terms used to find us
• Pages visited, time spent, and interaction patterns
• Date and time of visit
• Geographic location (country and city level)
• Tool usage data, including which calculators and audits you ran and the inputs and results generated
• Phone call metadata when you call our published phone numbers (caller ID, call duration, time of call, recordings where applicable)

This information is collected through cookies, web beacons, server logs, telephony platforms, and similar technologies. See Section 7 for details on cookies and telephony.

2.3 Information from third parties

We may receive information about you from third parties, including:

• Lead generation platforms and LinkedIn if you interact with our content there
• Publicly available business directories, professional networks, and corporate filings
• Referrals from existing clients, consultants, or partners
• Analytics providers (Google Analytics and similar tools)
• Email service providers tracking email opens, clicks, and engagement when you receive our communications
• Healthcare industry data providers for organizational firmographics (bed count, specialty mix, EHR vendor, public financial data)

3. How we use your information

We use the information we collect for the following purposes:

• Respond to inquiries, proposal requests, and discovery call bookings
• Provide, operate, and maintain the website, tools, and services
• Generate audit results, benchmark reports, and analytical outputs you request
• Send service-related communications and requested resources
• Improve the website, tools, services, and user experience
• Analyze website usage, tool usage, and marketing campaign performance
• Send marketing communications about RCMGen services, including follow-up sequences after you use one of our tools or submit an inquiry
• Conduct retargeting and remarketing campaigns on third-party platforms (such as LinkedIn, Google, and Meta) based on your engagement with our website or tools
• Build aggregated, deidentified industry benchmarks and research from tool inputs
• Comply with legal obligations and enforce our Terms of Use
• Protect against fraud, abuse, security incidents, or misuse of our tools

We do not sell your personal information to third parties for their direct marketing purposes.

4. Use of online tools and marketing follow-up

RCMGen offers free online tools, including the Free Instant Revenue Audit, the Denial Recovery Report request, ROI calculators, and benchmark comparisons. These tools are provided at no cost to support your evaluation of revenue cycle performance and of RCMGen as a potential vendor.

By using these tools, you understand and agree that:

• The contact information you provide (name, email, phone, organization) may be used by RCMGen for marketing follow-up, including but not limited to email outreach, phone outreach, retargeting advertisements on third-party platforms, and inclusion in CRM and lead nurturing systems.
• Inputs you submit (such as monthly claim volumes, denial counts, payer mix, A/R aging, organization type, EHR system) may be retained by RCMGen and used to generate aggregated, deidentified industry benchmarks, internal research, and editorial content. Your individual organization's data is never published or shared in identifiable form without your written consent.
• Outputs generated by our tools (revenue leakage estimates, denial recovery projections, KPI comparisons) are provided for general informational purposes only and do not constitute financial, legal, accounting, or regulatory advice. Actual results vary by organization, payer mix, specialty, and operational factors.
• Tool inputs are not Protected Health Information unless they include patient-identifiable details. Do not submit patient-identifiable information through our online tools. If a tool requests data that may include PHI, contact us first to execute a BAA.

You may opt out of marketing follow-up at any time by clicking the unsubscribe link in any email, replying STOP to text messages, requesting removal by phone, or emailing legal@rcmgen.com. Operational and transactional communications related to a request you submitted (such as delivering a Denial Recovery Report) will continue.

5. Legal basis for processing

Where applicable law requires a legal basis for processing your information, we rely on one or more of the following:

• Your consent, where you have explicitly opted in
• Performance of a contract with you
• Compliance with legal obligations
• Our legitimate interests in operating, improving, and promoting our business, balanced against your privacy rights

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), described in Section 11.

6. How we share your information

We share information only as described below:

6.1 Service providers

We use trusted third-party service providers to help us operate the website, tools, and services. Categories of providers include hosting providers, email and SMS platforms, analytics tools, CRM systems, telephony and voice platforms, advertising and retargeting platforms, and meeting and booking platforms. These providers have contractual obligations to protect your information and use it only for the services they provide to us.

6.2 Legal requirements

We may disclose information if required by law, subpoena, court order, or legal process, or to protect the rights, property, or safety of RCMGen, our clients, or the public.

6.3 Business transfers

If RCMGen LLC is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before information is transferred and becomes subject to a different privacy policy.

6.4 With your consent

We may share information with additional parties when you explicitly authorize us to do so, such as when you request an introduction to another vendor or partner.

7. Cookies, tracking, and telephony

We use cookies and similar technologies to operate the website, remember your preferences, analyze usage, and improve our services. Types of cookies used:

• Strictly necessary cookies. Required for the website to function. Cannot be disabled.
• Analytics cookies. Help us understand how visitors use the website and tools. Google Analytics is currently used.
• Marketing and retargeting cookies. Used to measure advertising effectiveness and deliver relevant content across third-party platforms.

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

Phone calls and AI voice assistance. When you call a published RCMGen phone number, your call may be routed through cloud telephony providers and may be answered by an automated voice assistant powered by artificial intelligence. Calls may be recorded for quality, training, and compliance purposes. If your call is being recorded, you will be notified at the start of the call. If you do not wish to have your call recorded or do not wish to interact with an AI voice assistant, please end the call and email us instead.

8. Data storage and security

8.1 Where information is stored

Website visitor data and general business inquiries are stored on U.S.-based infrastructure. Information submitted for revenue cycle audits, proposals, or engagements is stored on U.S.-based, BAA-eligible infrastructure with full U.S. data residency.

8.2 Security measures

We implement reasonable technical and organizational safeguards designed to protect your information, including:

• Encryption of data in transit using current industry-standard TLS
• Encryption of data at rest using current industry-standard methods
• Multi-factor authentication for employee access to systems containing personal information
• Role-based access control with least-privilege enforcement
• Access logging and monitoring
• Periodic security review and staff training
• Alignment with the NIST Cybersecurity Framework
• HIPAA Security Rule compliance for all PHI handling under executed BAAs

While we use reasonable security measures, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

8.3 Data retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Website inquiry data is generally retained for up to 3 years from your last interaction unless you request earlier deletion. Data submitted through free online tools is retained in identifiable form to allow follow-up; aggregated, deidentified versions of tool inputs may be retained indefinitely for benchmark research.

9. HIPAA and protected health information

RCMGen operates as a HIPAA Business Associate when engaged by covered entities. All PHI received under a BAA is handled according to HIPAA Privacy Rule and Security Rule requirements, with the additional protections specified in the BAA itself.

10. Your rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access. Request a copy of the information we hold about you.
• Correction. Request correction of inaccurate information.
• Deletion. Request deletion of your information (subject to legal retention requirements).
• Restriction. Request restriction of certain processing activities.
• Portability. Request a portable copy of information you provided.
• Objection. Object to certain processing, including marketing communications.
• Withdraw consent. Withdraw previously given consent at any time.

To exercise any of these rights, contact legal@rcmgen.com. We respond within 45 days where required by law.

11. California privacy rights (CCPA and CPRA)

California residents have additional rights under state law:

• Right to know what personal information we collect, use, disclose, and sell or share
• Right to delete personal information (with exceptions)
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information (we do not sell personal information; we may share information with advertising partners for cross-context behavioral advertising, which California treats as "sharing" under CPRA, and you may opt out of this)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising these rights

California residents may submit requests via legal@rcmgen.com. We verify identity before processing requests.

12. Other state privacy rights

Residents of Virginia, Colorado, Connecticut, Texas, Utah, Oregon, Montana, Iowa, Delaware, and other states with comprehensive privacy laws may have rights similar to those described for California residents. Contact legal@rcmgen.com to exercise your rights under applicable state law.

13. Children's privacy

Our services are intended for business use and are not directed to children under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we delete it promptly.

14. International users

RCMGen is based in the United States. If you access our services from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. By using the services, you consent to these transfers.

15. Changes to this privacy policy

We may update this Privacy Policy periodically. Material changes will be posted on this page with a revised "Last updated" date and, where appropriate, notified via email or website notice. Continued use of the services after changes take effect constitutes acceptance.

16. Contact us

For privacy questions, requests, or complaints, contact:

For HIPAA-specific inquiries related to an executed BAA, contact legal@rcmgen.com.

You also have the right to file a complaint with your state attorney general or relevant data protection authority if you believe your privacy rights have been violated.