How we protect your practice data

How claims data and clinical notes are handled

Claims data and clinician-authored notes may exist in the same product, but application access is restricted by role and practice scoping. Insurance-operations data — such as claim status, remittances, denials, and aging — is made available to billing and practice-management roles as needed to work denials, reconcile ERAs, and support appeals. Clinical notes are not granted to billing-side roles by default.

Notes that clinicians designate as psychotherapy notes in the product are stored under stricter application access controls: only the authoring clinician can read or edit them, reads are audit-logged, and they are excluded from standard export paths. Clinicians are responsible for ensuring that the content they place in this bucket is appropriate for that treatment.

Margin for Care connects to clearinghouse infrastructure for claims submission and remittance workflows. It does not currently mirror or sync an external EHR; clinical notes held in Margin for Care are created or imported directly in the product.

• At rest: AES-256 on object storage (explicitly configured on every write). Postgres encryption at rest is managed by our database provider.
• In transit: HTTPS on all client-facing traffic, with HSTS enforced on all marginforcare.com properties.
• Field-level encryption: Sensitive columns use envelope encryption with versioned key encryption keys on top of the provider-managed storage encryption.

Role-based access control governs who can see what inside a practice. A biller or practice manager role sees the claim queue; a clinician role sees only what they need to answer an appeal question. Every user is scoped to their own practice's data.

Margin for Care engineers do not have routine access to customer PHI through the product itself — there is no admin or impersonation endpoint that exposes customer data on a one-click path. Support access, when it is needed for a specific case, is gated through operational procedures and the same append-only audit log described below.

Suspected unauthorized access is investigated under our security-incident procedures and handled under the applicable Business Associate Agreement and HIPAA breach-notification requirements where a reportable breach occurs.

Every access to PHI and every state-changing action is recorded in an append-only audit log. Practice administrators can review the log for their own practice — who accessed what, and when. Logs are retained per HIPAA requirements.

Your data belongs to you. You can export everything Margin for Care holds about your practice — claims, ERAs, denials, appeal drafts, audit records — at any time, in standard formats. No lock-in, no paperwork hoops.

The full subprocessor list for the marketing website is on our privacy page. Product subprocessors (database, authentication, error monitoring, email delivery, AI providers) are disclosed via the Business Associate Agreement signed with each design partner, not on this public page. Material changes to product subprocessors will be communicated to design partners in advance.