Master BillingRevenue Specialists
Last updated: April 27, 2026
Master Billing LLC operates revenue cycle management services exclusively for dermatology practices. Because our work involves access to claim, encounter, and payer data, we operate as a HIPAA Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and the regulations implementing them (45 CFR Parts 160, 162, and 164). This page describes our HIPAA posture and what dermatology practices and patients should know.
Under HIPAA, a Covered Entity is a healthcare provider, health plan, or healthcare clearinghouse that conducts certain transactions electronically. A Business Associate is a third party that creates, receives, maintains, or transmits Protected Health Information (PHI) on behalf of a Covered Entity to perform a function or service.
When a dermatology practice engages Master Billing for revenue cycle management — coding, claim submission, denial management, A/R follow-up, patient billing, credentialing, or audit response — we are acting as that practice's Business Associate. We sign a Business Associate Agreement (BAA) with every client before any PHI is exchanged, as required by 45 CFR § 164.504(e).
Our BAA addresses the requirements set out in HIPAA, including:
If your practice needs a copy of our standard BAA for review by your counsel, email team@masterbilling.org.
Master Billing maintains a HIPAA compliance program addressing the administrative, physical, and technical safeguards required by 45 CFR Part 164 Subpart C. Without disclosing operational details that could undermine our security posture, the program covers:
Specific configuration details, vendor names, and version-level technical specifications are available to active clients on request and are addressed in our Business Associate Agreement.
HIPAA establishes a federal floor for the privacy and security of PHI. Several states have enacted laws that, in certain respects, exceed HIPAA's protections. Where Master Billing serves a dermatology practice located in one of these states, or processes PHI of patients residing in one of these states, we comply with the applicable additional requirements as part of our Business Associate Agreement with the practice.
Examples include California's Confidentiality of Medical Information Act (CMIA), Texas Health and Safety Code Chapter 181 (HB 300), the New York SHIELD Act, and the Massachusetts data security regulations (201 CMR 17.00). When state law and HIPAA conflict, we follow the more protective standard.
Master Billing does not sell PHI in any form. We do not use or disclose PHI for marketing purposes (as defined in 45 CFR § 164.501) without a signed authorization from the affected individual that meets the requirements of the HIPAA Privacy Rule. We do not provide PHI to third parties for their independent marketing or commercial purposes.
Master Billing may use de-identified data — that is, data from which identifiers have been removed in accordance with 45 CFR § 164.514(b) so that it cannot reasonably be used to identify an individual — for the following purposes: internal benchmarking, quality improvement, and the development of aggregate industry insights. Once data is de-identified under HIPAA, it is no longer considered PHI. We do not re-identify de-identified data, and any aggregate insights we publish (such as benchmark statistics) are derived only from de-identified inputs.
When we use subcontractors that may access PHI on our behalf — for example, secure file-transfer providers, claims clearinghouses, or specialized coding partners — we execute a written agreement (a Subcontractor BAA) that imposes the same restrictions and conditions that apply to us under our BAA with the practice. We maintain an internal list of current subprocessors and notify active clients of material changes consistent with our BAA terms.
An up-to-date list of subprocessors is available to active clients on request. Email team@masterbilling.org with the subject line "Subprocessor List Request" if you need a copy.
This website is a marketing and informational property. It is not designed to receive, store, or transmit Protected Health Information. The forms on the site (Free Revenue Audit, contact, strategy call) collect business contact information — name, work email, practice name, phone, location, number of providers — not patient data.
Please do not submit patient names, dates of birth, diagnosis information, claim numbers, account balances, or any other PHI through any form on this site. If you need to share data with us as part of an engagement, your client success contact will provide a HIPAA-compliant secure channel.
Standard web analytics on masterbilling.org (Google Analytics 4, Google Ads conversion tracking) collect only de-identified site-traffic data and IP-derived information. They are not configured to collect or transmit PHI. See our Privacy Policy for details.
If we discover a breach of unsecured PHI, we will notify the affected practice without unreasonable delay and in no case later than the time required by 45 CFR § 164.410. Notifications include the information specified by the rule: a description of what happened, the types of PHI involved, the steps we are taking to investigate and mitigate, and the steps the practice should take.
Under HIPAA, patients have rights regarding their PHI — including the right to access, amend, request restrictions on the use and disclosure of, and receive an accounting of disclosures of their PHI. Master Billing does not respond to these requests directly. Patients should contact the dermatology practice (the Covered Entity) that holds the treatment relationship.
If a patient contacts Master Billing directly with a HIPAA rights request, we will redirect the request to the relevant practice and notify the practice promptly. We will not act on a patient rights request without authorization from the practice that maintains the treatment relationship.
We support practices in fulfilling their obligations under the Privacy Rule, including by promptly providing records and information they need to respond to patient requests within HIPAA's timelines.
If you believe Master Billing has used or disclosed PHI improperly, contact our Privacy Officer immediately:
Privacy Officer — Master Billing LLC
Email: team@masterbilling.org
Phone: (321) 204-1438
Mail: 258 Treemonte Dr, Suite 258, Orange City, FL 32763
We will investigate every report. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr. We will not retaliate against anyone for filing a complaint or otherwise participating in an investigation.
We review this Notice at least annually and update it as our practices evolve or as the law changes. The "Last updated" date at the top of this page reflects the most recent revision. Material changes are also communicated to active clients through our standard client communications channels.