HIPAA Notice of Privacy Practices
This notice describes how protected health information about you may be used and disclosed and how you can access this information. Please review it carefully.
IMPORTANT NOTICE REQUIRED BY FEDERAL LAW: This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Sirius Solutions Global, LLC is a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We are committed to maintaining the privacy and security of your protected health information.
1 Who We Are and Our Role
Sirius Solutions Global, LLC ("we," "us," or "our") is a healthcare revenue cycle management company headquartered at 18383 Preston Rd #202, Dallas, TX 75252. We provide medical billing, coding, credentialing, and related administrative services to healthcare providers and practices across the United States.
Under HIPAA, we operate as a Business Associate of the healthcare providers we serve. This means we receive, process, and handle protected health information (PHI) on behalf of covered entities such as physicians, clinics, hospitals, and other healthcare providers. We do not directly treat patients; we support the administrative and billing functions of the providers who do.
We execute a formal Business Associate Agreement (BAA) with every covered entity client before accessing or processing any PHI. That agreement legally obligates us to safeguard your information in compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.
What is Protected Health Information (PHI)? PHI is any individually identifiable health information that relates to your past, present, or future physical or mental health condition, the provision of healthcare to you, or the payment for that healthcare. This includes your name, address, date of birth, Social Security number, diagnosis codes, treatment records, insurance information, and any other information that could reasonably identify you.
2 How We Use and Disclose PHI
As a Business Associate, we may use and disclose PHI only as permitted by our Business Associate Agreement and applicable law. The primary purposes for which we handle PHI are:
Treatment Support
We may use PHI to support the treatment activities of the healthcare providers we serve, including verifying insurance eligibility, obtaining prior authorizations, and ensuring that claims accurately reflect the services provided to patients.
Payment
We use PHI to submit, track, and manage insurance claims on behalf of providers. This includes preparing and transmitting claims to Medicare, Medicaid, and commercial insurance payers, posting payments, following up on unpaid claims, and managing accounts receivable. This is the primary function for which providers engage our services.
Healthcare Operations
We may use PHI for internal operations directly related to our services, including quality improvement activities, staff training on billing and coding, compliance audits, and the development of improved billing processes. These activities are conducted solely to improve the accuracy and efficiency of the services we provide to healthcare providers.
As Required by Law
We may disclose PHI when required by federal, state, or local law, including in response to court orders, subpoenas, regulatory investigations, or other legal process. We will notify the relevant covered entity of such disclosures where permitted by law.
For Public Health Activities
In limited circumstances, we may disclose PHI to authorized public health authorities for activities such as disease surveillance, reporting of child abuse or neglect, or FDA oversight of regulated products, as required by law.
Business Associates
We may share PHI with our own subcontractors and service providers who assist us in delivering services. All such parties are required to sign a Business Associate Agreement and are bound by the same HIPAA obligations that apply to us.
3 Uses and Disclosures That Require Your Authorization
Certain uses and disclosures of PHI require written authorization from you. We will not use or disclose your PHI for the following purposes without your prior written consent:
- Marketing communications, including selling PHI to third parties for marketing purposes
- Sale of PHI for any commercial purpose not related to your healthcare treatment or payment
- Most uses and disclosures of psychotherapy notes
- Any use or disclosure not described in this notice or in our Business Associate Agreement
You have the right to revoke any authorization you have provided at any time, except where we have already taken action in reliance on that authorization. Revocation requests must be submitted in writing to the contact information in Section 9.
4 Your Rights Regarding Your PHI
Although Sirius Solutions Global is a Business Associate and not your direct healthcare provider, HIPAA grants you important rights regarding your PHI. These rights are primarily exercised through the healthcare provider (covered entity) whose care generated your records. We support those providers in honoring your rights.
Right to Access
You have the right to inspect and receive a copy of your PHI held in a designated record set. Requests should be directed to the healthcare provider who treated you. We will cooperate fully with providers in fulfilling verified access requests.
Right to Amendment
If you believe PHI about you is incorrect or incomplete, you may request an amendment through your healthcare provider. We will work with the provider to process approved amendments in our billing records.
Right to an Accounting of Disclosures
You have the right to request a list of disclosures of your PHI that were made for purposes other than treatment, payment, or healthcare operations. Requests should be directed to your healthcare provider.
Right to Request Restrictions
You may request that we restrict certain uses or disclosures of your PHI. While we are not required to agree to all restriction requests, we will honor any restriction that a covered entity has agreed to in writing, and we will comply with requests to restrict disclosures to a health plan when you have paid for services out of pocket in full.
Right to Confidential Communications
You may request that PHI be communicated to you through alternative means or at alternative locations. Such requests should be submitted to your healthcare provider, who will notify us of any applicable restrictions.
Right to Notice
You have the right to receive this notice and to request a paper copy at any time, even if you have previously agreed to receive it electronically.
5 Our Legal Duties
We are required by federal law to maintain the privacy and security of your PHI and to abide by the terms of this notice. Our specific legal obligations include:
- Maintaining written privacy and security policies and procedures that comply with the HIPAA Privacy Rule and Security Rule
- Training all workforce members who handle PHI on HIPAA requirements and our internal policies
- Implementing appropriate administrative, physical, and technical safeguards to protect PHI from unauthorized access, use, or disclosure
- Executing Business Associate Agreements with all covered entity clients and applicable subcontractors
- Notifying affected covered entities, and in turn patients, of any breach of unsecured PHI in accordance with the HIPAA Breach Notification Rule
- Providing individuals and covered entities with access to this notice upon request
We reserve the right to change the terms of this notice and to make the revised notice effective for all PHI we maintain. We will post the updated notice on our website with a new effective date and will provide a copy to covered entity clients upon request.
6 Security Safeguards
We take the security of protected health information seriously. Our technical and operational safeguards include:
- Encryption: All PHI is encrypted at rest and in transit using 256-bit AES encryption
- Access Controls: Role-based access ensures only authorized personnel can view or process specific PHI
- Audit Logging: All access to PHI-related systems is logged and regularly reviewed
- Zero Breach Record: We have maintained a zero data breach record across 6+ years of operation
- Certifications: We hold PCI-DSS Level 1, HIPAA, and CMS certifications and undergo regular independent security assessments
- Workforce Training: All employees with access to PHI complete HIPAA training upon hire and annually thereafter
7 Breach Notification
In the event of a breach of unsecured PHI, we will notify the relevant covered entity (your healthcare provider) without unreasonable delay and no later than 60 days after discovery of the breach, as required by the HIPAA Breach Notification Rule. The covered entity will then fulfill their obligation to notify affected individuals and, where required, the Department of Health and Human Services.
Our notification will include, to the extent possible, a description of what happened, the types of PHI involved, steps you can take to protect yourself, what we are doing to investigate and mitigate the breach, and contact procedures for further questions.
8 How to File a Complaint
If you believe your privacy rights under HIPAA have been violated, you have the right to file a complaint. You may do so through either of the following channels:
File a Complaint With Us
Sirius Solutions Global, LLC - Privacy Officer
18383 Preston Rd #202, Dallas, TX 75252
Email: info@siriussolutionsglobal.com
Phone: (682) 403-6805
Please include "HIPAA Privacy Complaint" in the subject line of any written correspondence.
File a Complaint With the Government
You may also file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR):
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W., Washington, D.C. 20201
Toll-Free: 1-800-687-6116
Website: hhs.gov/hipaa/filing-a-complaint
We will not retaliate against you in any way for filing a complaint. You have the right to raise concerns about our privacy practices without fear of negative consequences.
9 Changes to This Notice
We reserve the right to update this HIPAA Notice of Privacy Practices at any time. Any revised notice will be effective for all PHI we currently hold, as well as PHI we receive in the future. We will post the updated notice on our website at billing.siriussolutionsglobal.com/hipaa-notice with a new effective date. Covered entity clients will be notified of material changes directly.
You may request a printed copy of the current notice at any time by contacting us using the information below.
10 Contact Information
For questions about this notice, to exercise your privacy rights, or to report a privacy concern, please contact us:
Sirius Solutions Global, LLC
18383 Preston Rd #202, Dallas, TX 75252
Email: info@siriussolutionsglobal.com
Phone: (682) 403-6805
Business Hours: Monday through Friday, 9:00 AM to 6:00 PM Central Time
This notice is effective as of June 1, 2026. It supersedes all previously issued versions of this notice.