M
MedPayIQ

Privacy Policy

Last updated: April 30, 2026

The short version

MedPayIQ is a free reference tool for medical billing professionals. We do not require accounts, do not collect personal information, and do not sell data. We never knowingly collect protected health information (PHI), and we actively scan submissions to reject anything that looks like patient data.

The rest of this page describes what we do collect, what we do with it, and the choices you have.

What we do not collect

We do not collect:

  • Names, addresses, phone numbers, or email addresses (we have no signup or login)
  • Patient information of any kind, including names, dates of birth, medical record numbers, dates of service, or clinical details
  • Payment information (the site is free and has no paid features)
  • Health information about you personally

When you submit a denial report or appeal outcome, our system scans for patterns that look like patient information (names, dates of birth, SSNs, addresses, medical record numbers, copy-pasted EHR content) and rejects submissions that contain them. This scanning happens server-side before any data is stored.

What we do collect

Anonymous biller-contributed reports

When you voluntarily submit a denial report or appeal outcome through our forms, we collect:

  • The CPT code the report relates to
  • The payer name (e.g., “Medicare,” “UnitedHealthcare”)
  • The state where the claim was filed (optional, you choose)
  • The category of denial or appeal strategy you select
  • An optional short description (max 200-300 characters) describing the issue
  • Optional details: modifier used, what fixed it, days to resolution, payment received

Technical metadata

To prevent spam and abuse, when you submit a report we also store:

  • A one-way cryptographic hash of your IP address (we cannot reverse this to your real IP)
  • A one-way hash of your browser’s user-agent string
  • The timestamp of your submission
  • A computed quality score for the submission

We use this metadata only to detect spam, prevent abuse, and apply rate limits. It is never used to identify you personally and is not shared.

Server logs and basic analytics

Our hosting provider (Vercel) keeps standard server logs that include IP addresses, request times, and pages visited. These are kept for a limited time and used for security and troubleshooting. We may also use privacy-respecting analytics that count page views and basic interactions without tracking individuals across sites or storing personally identifiable information.

How we use what we collect

  • To compute and display aggregate statistics about denials and appeals (e.g., “Top denial reason for CPT 99213: documentation issue, 38%”) on each code page. Individual reports are never displayed; only aggregated counts and percentages are shown after a code accumulates at least 5 quality reports.
  • To improve MedPayIQ’s accuracy and content over time
  • To detect and prevent spam, abuse, and submissions containing patient data
  • To debug technical problems

We do not sell, rent, or share user-contributed data with third parties. We do not use it for advertising. We do not build personal profiles of users.

HIPAA position

MedPayIQ is not a HIPAA covered entity and does not act as a business associate to any healthcare provider. We do not store or process protected health information.

We actively prevent PHI from entering our system through automated scanning that rejects submissions containing names, dates of birth, medical record numbers, dates of service, addresses, phone numbers, email addresses, and content that appears to be copied from electronic health records.

If you believe PHI has been submitted to our system despite these protections, please contact us immediately at hello@medpayiq.com so we can investigate and remove it.

Data retention

User-contributed reports are retained indefinitely so that aggregate statistics remain stable over time. We may delete or anonymize older reports if the data becomes stale or if a user requests deletion.

Server logs and rate-limit data are kept for up to 90 days, then deleted.

Cookies and tracking

We use one functional cookie to store your selected Medicare locality (state and locality code). This cookie is set only after you choose a locality in our rate selector and is used to display state-adjusted rates as you browse code pages. It contains no personal information and is not shared with anyone.

We do not use advertising cookies, tracking pixels, or third-party analytics that build cross-site behavioral profiles.

Your rights

Because we do not collect personal information and do not require accounts, most data privacy rights frameworks (CCPA, GDPR, etc.) have limited applicability to MedPayIQ. That said:

  • You can stop using MedPayIQ at any time. There is no account to delete.
  • You can request that a specific report you submitted be removed by contacting hello@medpayiq.com with enough detail to identify the report (CPT code, approximate submission time, payer, denial category). We will remove it within 30 days.
  • You can request information about whether we hold any data associated with you, though because we do not collect personal identifiers, we are usually unable to identify any data as being “yours.”
  • Residents of California, the EU, the UK, or other regions with applicable privacy laws have any additional rights granted by those laws.

To exercise any of these rights, email hello@medpayiq.com.

Children’s privacy

MedPayIQ is intended for healthcare billing professionals and is not directed to children under 13. We do not knowingly collect information from children. If we learn we have done so, we will delete it.

Changes to this policy

We may update this policy as MedPayIQ grows. The “last updated” date at the top reflects the most recent change. Material changes will be reflected on the home page or in a banner notice.

Contact

Questions about this policy? Email hello@medpayiq.com.

This Privacy Policy is provided as a baseline. It is not legal advice and does not create an attorney-client relationship. Healthcare organizations using MedPayIQ in their workflow may have additional compliance requirements specific to their operations.