Privacy Policy

1. About Us

ClaimSureAI Pty Ltd (ABN 62 913 093 728) (we, us, our) provides post-submission Medicare claims reconciliation, rejection analysis, and revenue recovery services to medical practices, diagnostic imaging and radiology practices in Australia.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information in the course of our business. It applies to all individuals whose information we handle, including employees and contractors of our clients, and — where applicable — individuals whose Medicare information appears in data provided to us by our clients.

Contact: finn.kearns@claimsureai.com

2. What Personal Information We Collect

The personal information we collect depends on the nature of our engagement. In the course of providing services to healthcare clients, we may handle:

• Business contact information of client personnel (name, email, phone, job title) for the purpose of managing the engagement.
• Medicare Benefits Schedule (MBS) remittance and rejection data provided by clients, which may include Medicare card numbers, patient identifiers, service dates, item numbers, and billed and paid amounts.
• Information about the health services billed by our clients, to the extent necessary to perform reconciliation and identify billing discrepancies.

We do not collect sensitive personal information (as defined in the Privacy Act) beyond what is contained in client-supplied Medicare data, and we do not seek to collect more information than is necessary for the purpose of the engagement.

3. How We Collect Personal Information

We collect personal information in the following ways:

• Directly from our clients, when they provide us with Medicare remittance advice, rejection notices, or billing data as part of a recovery review or ongoing engagement.
• From client personnel, when they correspond with us by email or in the course of managing an engagement.

We do not collect personal information from Medicare Australia or Services Australia directly. All patient-adjacent data we handle originates from our clients, who are the primary data controllers for that information.

4. Why We Collect and Use Personal Information

We collect and use personal information solely for the following purposes:

• To perform the services described in our agreement with the relevant client, including Medicare claims reconciliation, rejection analysis, and revenue recovery.
• To communicate with client personnel regarding the engagement.
• To comply with our legal obligations.

We will not use personal information for any purpose other than the purpose for which it was collected, without the consent of the individual or the client who provided it, unless we are required to do so by law.

5. How We Store and Protect Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures include:

• Storage of client data in encrypted cloud storage hosted in Australia, with access restricted to authorised ClaimSureAI personnel only.
• Transmission of client data via encrypted channels (TLS/SFTP or equivalent). We do not accept sensitive data by unencrypted email.
• Access controls, including password protection and multi-factor authentication on systems containing personal information.
• Contractual confidentiality obligations on any contractors or third parties who may assist with analytical work.

Client-supplied data is retained only for the duration of the engagement. Upon completion of services or written request, all client data is securely deleted or returned, and we provide written confirmation of deletion on request.

6. Disclosure of Personal Information

We do not sell, rent, or trade personal information. We do not share client-supplied Medicare data with any third party except:

• Where necessary to provide the services and with the client's express prior consent (for example, engaging a specialist analyst under a confidentiality agreement).
• Where required by law, regulation, or court order, in which case we will notify the client promptly where permitted to do so.

We do not disclose personal information to overseas recipients. All data is stored and processed in Australia.

7. Access and Correction

Individuals have the right to request access to personal information we hold about them, and to request correction of information that is inaccurate, incomplete, or out of date. Requests should be directed to finn.kearns@claimsureai.com. We will respond within 30 days.

In most cases, the personal information we hold relating to individuals will have been provided by our clients in their capacity as data controllers. Where this is the case, we will refer the individual to the relevant client to handle the access or correction request directly.

8. Notifiable Data Breaches

We are bound by the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. If we become aware of a data breach that is likely to result in serious harm to any individuals, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals (or the relevant client, who will notify affected individuals) as soon as practicable.

9. Complaints

If you have a complaint about how we have handled your personal information, please contact us at finn.kearns@claimsureai.com. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the OAIC at www.oaic.gov.au.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on request. The effective date at the top of this document reflects the date of the most recent update.