Demand stalled waiting on a provider? Free Provider Review

Privacy & Data Security

Last Updated: January 19, 2026

1. Handling of Protected Health Information (PHI)

Unlike standard ecommerce or general service providers, Medtrieval is built specifically to handle Protected Health Information (PHI) under the HIPAA Privacy Rule. We recognize that medical records, billing ledgers, and lien notices are highly sensitive and require specialized administrative and technical safeguards.

2. Business Associate Agreement (BAA)

We operate as a Business Associate (as defined by 45 CFR § 160.103) to our law firm clients. We do not commence auditing or retrieval services until a formal Business Associate Agreement (BAA) is executed. This ensures a clear chain of custody and legal accountability for every record handled.

3. Security & Technical Safeguards

Your firm's data is protected by the following enterprise-grade protocols:

  • Encryption at Rest: All stored data is encrypted using AES-256 standards.
  • Encryption in Transit: Data moving between your firm and our auditors is protected via TLS 1.2+ or secure SFTP.
  • No Third-Party Access: We do not outsource auditing to overseas "virtual assistants." All manual audits are conducted through our secure internal systems.

4. Mandatory Data Destruction Policy

To minimize liability for our clients, Medtrieval follows a strict 30-day "Final Purge" policy. Upon successful delivery of an audit or record set to your firm's Case Management System (CMS), all local copies of the PHI are permanently destroyed within 30 days unless a different retention period is legally mandated.

5. Audits and Transparency

We maintain detailed access logs of every person who views a specific file. These logs are available to your firm's compliance officer upon request in the event of an internal audit.

6. Website Tracking & Analytics

To improve our website's performance and facilitate scheduling, we use the following third-party services:

  • Google Analytics: We use Google Analytics to collect anonymous information such as IP addresses, browser types, and page visit behavior. We do not transmit PHI to Google Analytics.
  • Calendly: When you schedule a consultation, data you provide is processed by Calendly to facilitate the appointment.
  • Cookies: Our website uses small data files (cookies) to recognize repeat visitors. You can manage your preferences via the notice on our site.

Manage Preferences: If you wish to change your previous selection, you may . This will refresh the page and allow you to Accept or Decline tracking.

Is your demand stalled waiting on a single provider?

Often, it’s because requests were sent to the wrong custodian. We'll identify the portal, fax, or delivery method for you completely free of charge so you can get your offer faster.