Compass Scribe

Privacy Policy

Effective date: June 29, 2026 · Last updated: June 29, 2026

Compass Medical Administrative Services LLC (“CMAS,” “we,” “us”) provides healthcare administrative technology services. This policy explains how we collect, use, protect, and share your information, including protected health information (PHI) we handle on behalf of our healthcare clients.

Information We Collect

  • Identity & contact data: name, phone number, email address.
  • Health information: health-related information as needed to provide administrative services (e.g., appointment and eligibility details), handled in accordance with HIPAA.
  • Consent records: for SMS, your phone number, the consent text you agreed to, a timestamp, IP address, and device/user agent — collected to document your opt-in.
  • Technical data: limited log data needed to operate and secure our services.

How We Use Your Information

  • Healthcare administration and coordination on behalf of providers.
  • Appointment management (scheduling, reminders, confirmations).
  • Billing and related administrative functions.
  • Sending SMS messages you have consented to receive.
  • Security, fraud prevention, and legal compliance.

SMS Communications

When you opt in to SMS, we collect the phone number you provide and store your consent with a timestamp as proof of opt-in. We honor opt-out requests immediately: reply STOP to any message and we will stop sending messages to that number. See our SMS Terms of Service for full program details. Mobile information collected for SMS is not sold or shared with third parties for their own marketing purposes.

Data Protection

  • Encryption of data in transit (TLS) and at rest.
  • Role-based access controls limiting who can access your data.
  • Business Associate Agreements (BAAs) with subprocessors that handle PHI, as required by HIPAA.

Data Retention

We retain personal and health-related records only as long as needed for the purposes above or as required by law. Consent records are retained for a minimum of five (5) years in accordance with applicable healthcare regulations.

Third Parties

We share data only with service providers necessary to operate our services:

  • Twilio — SMS message delivery.
  • Hosting provider — secure cloud infrastructure.

These providers act under contract (including BAAs where PHI is involved) and may only use data to provide services to us.

Your Rights

Subject to applicable law, you may request to access, correct, or delete your personal information. To exercise these rights, contact us at support@compassscribe.com.

HIPAA Notice of Privacy Practices

Where we act as a Business Associate to a covered entity, your provider’s HIPAA Notice of Privacy Practices describes how your protected health information may be used and disclosed and your rights regarding that information. Contact your provider or support@compassscribe.com to obtain a copy.

Contact

Compass Medical Administrative Services LLC
support@compassscribe.com