Privacy Policy

RSB Healthcare Consulting LLC

Last Updated: January 13, 2026

Effective Date: January 13, 2026

1. Introduction and Policy Scope

RSB Healthcare Consulting LLC ("Company," "we," "us," "our," or "RSB") respects your privacy and is committed to protecting your personal information and data. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit our website at https://www.rsbhealthcare.com (the "Website") and use our services, including InsScrub AI, RingCentral integration, AllTierLabs, examinemyhealth and related healthcare data management solutions (the "Services").

Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use our Website or Services. Your continued use of the Website and Services indicates your acceptance of this Privacy Policy.

Primary Privacy Contact:

Email: support@rsbhealthcare.com

Phone: +1 313-756-6801

Address: 19 Overlook Ridge Terrace, Revere, MA 02151, United States

2. Information We Collect

2.1 Information You Provide Directly

Account Registration: Full name, email, phone organization name, business address, professional credentials, username, password, billing information, job title
Service Usage: Data you upload (documents, patient records, claims), correspondence, support communications, feedback
Healthcare Information: Protected Health Information (PHI) under HIPAA, patient demographics, medical history, insurance information, lab results, health assessments
SMS and Contact: Phone numbers for SMS opt-in, contact preferences, message delivery confirmations

2.2 Information Collected Automatically

Technology Data: IP address, device type, browser, pages visited, clickstream data, search queries, geographic location, device identifiers
Cookies & Technologies: Session/persistent cookies, web beacons, pixels, tracking technologies, local storage

2.3 Information from Third Parties

We may receive information from your employer, healthcare providers, insurance companies, Business Associates, third-party service providers, public records and RingCentral (for integrated services).

3. Legal Basis for Processing

HIPAA and Healthcare Data

If you use our Services to process Protected Health Information (PHI), we process such information as a Business Associate under HIPAA and the HITECH Act. A separate Business Associate Agreement (BAA) is required and will govern the handling of PHI.

California Consumer Privacy Act (CCPA/CPRA)

For California residents, we process personal information based on: explicit consent, contractual necessity, legal compliance obligations, legitimate business interests and consumer's vital interests.

General Data Protection Regulation (GDPR)

For European residents, we process personal data under GDPR based on: consent, contract performance, legal obligation, vital interests, legitimate interests and public task.

SMS and Messaging Services

For SMS services, we process personal information based on your express opt-in consent, contractual necessity and legal compliance .

4. How We Use Your Information

Service Delivery and Operations

Providing Services, managing accounts, processing transactions, customer support, diagnosing technical problems.

Healthcare Operations

Processing insurance claims, analyzing revenue cycle performance, generating analytics, conducting lab testing, facilitating patient engagement, ensuring HIPAA compliance.

Communication and Marketing

Service notifications, responding to inquiries, marketing communications (with consent), surveys, policy change notifications, SMS messages (after opt-in).

Analytics and Improvement

Analyzing usage patterns, market research, improving Services, developing new features, aggregating and de-identifying data.

Legal and Regulatory Compliance

Complying with laws, responding to legal processes, detecting fraud, enforcing Terms, protecting legal rights.

6. Data Retention

We retain information for as long as necessary to provide Services, maintain accurate records, comply with legal obligations, resolve disputes and enforce agreements.

Specific Retention Timelines:

Account Information: Retained during active use and for 7 years after account closure
Healthcare and PHI Data: Retained per HIPAA requirements (typically 6 years minimum) and applicable state laws
Payment Information: Retained for 7 years (tax and financial reporting)
Website Usage Data: Retained for 12 months unless longer retention is legally required
Marketing Communications: Retained until you unsubscribe

7. Your Privacy Rights and Choices

California Residents (CCPA/CPRA)

Right to Know: Request what personal information we collect, use and disclose
Right to Delete: Request deletion of personal information
Right to Correct: Request correction of inaccurate information
Right to Opt-Out: Opt out of sale or sharing of personal information
Right to Limit: Limit use of sensitive personal information
Right to Portability: Request data in a portable format

To exercise these rights, contact: support@rsbhealthcare.com with subject line "CCPA Request". Response within 45 days (may be extended 45 days for complex requests).

EU Residents (GDPR)

Right of Access: Obtain confirmation and request a copy of your data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data
Right to Restrict Processing: Limit how we process your data
Right to Data Portability: Receive data in a structured, commonly used format
Right to Object: Object to processing based on legitimate interests or direct marketing
Right to Appeal: Lodge a complaint with your local data protection authority

To exercise these rights, contact: support@rsbhealthcare.com with subject line "GDPR Data Subject Request".

8. Healthcare-Specific Privacy Provisions

HIPAA Compliance

Business Associate Agreement Required: If you use our Services to process PHI, a separate BAA must be executed specifying permitted uses, safeguarding requirements, breach notification procedures and termination provisions.

Safeguards:

Encryption of PHI in transit and at rest
Access controls and authentication
Audit controls and logging
Integrity verification
Regular security risk assessments

HITECH Act Compliance

We comply with the HITECH Act, including minimum necessary standards, breach notification requirements (60-day notification), security rule compliance, accounting of disclosures and individual authorization requirements.

State Privacy Laws

We comply with applicable state healthcare privacy laws, including state medical records laws, mental health parity rules, substance abuse treatment privacy, genetic privacy laws and biometric privacy regulations.

9. RingCentral Services and Account Data Protection

Phone Number and Contact Information Protection

Phone numbers and contact information collected for SMS or messaging purposes are NOT shared, sold, rented or licensed to any third party. These data are used exclusively by RSB Healthcare Consulting LLC to provide our services and by RingCentral solely to deliver these services on our behalf.

We do NOT use purchased contact lists, lead lists or data from third-party brokers for SMS messaging. All phone numbers in our database come exclusively from user opt-in consent.

RingCentral Account Data Handling

Data Security: Encryption and access controls
No Third-Party Disclosure: Account data NOT disclosed without explicit written consent
Limited Use: Used only for providing our specific services
Data Integrity: We do NOT modify or alter account data content
Security Standards: Measures at least as protective as RingCentral's
Regulatory Compliance: Compliance with all privacy laws

SMS Message Types and Frequency

Message Categories:

Transactional: Account confirmations, password resets, appointment reminders order updates, service alerts
Informational: Important notices, security alerts, policy updates, service announcements
Promotional (if applicable): Special offers, new features, marketing updates (no more than 2 per week)

Message Standards: All SMS messages include clear sender identification (RSB Healthcare Consulting LLC), opt-out instructions (reply STOP), contact information and "Message and data rates may apply" notice.

Campaign Registry Compliance: We are registered with The Campaign Registry (TCR) and maintain full compliance with all TCR requirements for SMS messaging.

SMS and Contact Data Retention

SMS Opt-In Data: Retained for 3 years after last contact or until account deletion, whichever comes first
SMS Message Records: Retained for legal compliance (7 years) and customer service (1 year)
User Request: Users can request deletion of phone number and SMS history anytime by contacting support@rsbhealthcare.com or replying STOP. Deletion completed within 30 days.
After Opt-Out: Number added to do-not-contact list; no further messages from any campaigns

10. Data Security

Security Measures

Technical Safeguards

AES-256 encryption for data at rest
TLS 1.2+ encryption for data in transit
Firewall and intrusion detection systems
Multi-factor authentication
Vulnerability assessments and penetration testing
Regular security patches and updates

Administrative Safeguards

Security awareness training for all employees
Background checks for personnel
Workforce security policies
Access control procedures
Security incident procedures
Regular audit and monitoring

Physical Safeguards

Restricted facility access
Visitor logs and badges
Secure data center operations
Environmental controls

Data Breach Notification

In the event of a breach of unsecured PHI or personal information, we will: investigate immediately, notify affected individuals without unreasonable delay (within 60 days for HIPAA), notify relevant regulatory bodies as required and provide credit monitoring services if applicable.

11. Third-Party Links and Services

The Website may contain links to third-party websites and services not operated by us. This Privacy Policy does not apply to third-party websites. We encourage you to review the privacy policies of any third-party sites before providing personal information.

12. Children's Privacy

The Services are not directed to individuals under 18 years of age and we do not knowingly collect information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information and terminate the child's use of the Services.

13. International Data Transfers

If you are located outside the United States, your information may be transferred to, stored in and processed in the United States or other countries where we operate. By using the Services, you consent to such transfers.

EU-US Data Transfers: For transfers of personal data from the EU to the US, we rely on Standard Contractual Clauses (SCCs), adequacy decisions or your explicit consent.

14. Accessibility

We are committed to ensuring our Website and Services comply with accessibility standards. If you experience accessibility barriers, please contact us at support@rsbhealthcare.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy at any time. We will notify you of material changes by posting the updated policy on the Website or sending an email notification. Your continued use of the Services after such modifications constitutes your acceptance of the updated Privacy Policy.

16. Contact Us and Privacy Requests

For questions about this Privacy Policy or to exercise your privacy rights:

Email: support@rsbhealthcare.com
(Subject Line: "Privacy Request" or "Data Protection Matter")