Privacy Policy & Notice of Privacy Practices

Claim Knight
Palmetto Health Pro, LLC, dba Happy Health Agency
Effective Date: May 29, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. About This Notice

Palmetto Health Pro, LLC, doing business as Happy Health Agency ("we," "us," or "our"), operates Claim Knight, a Medicare claims monitoring service (the "Service"). Think of us as a personal watchdog for your Medicare account — we use technology to check your Medicare charges for mistakes and suspicious activity so you don't have to.

Happy Health Agency is also a licensed health insurance brokerage offering Medicare and Marketplace health insurance plans. This Privacy Policy applies only to Claim Knight, our Medicare claims monitoring service. We do not use your Medicare claims data for insurance sales or marketing purposes. Your claims data is never shared with our brokerage operations.

This document is both our Privacy Policy and our Notice of Privacy Practices as required by the Health Insurance Portability and Accountability Act ("HIPAA"). It explains in plain language how we collect, use, share, and protect your health information.

We are required by law to:

Keep your health information private and secure
Give you this notice explaining our privacy practices
Follow the terms of this notice
Notify you if there is ever a breach of your health information

By using Claim Knight, you acknowledge that you have read and understood this notice. If you do not agree with these practices, please do not use the Service.

2. Information We Collect

2.1 Information You Give Us Directly

Account Information: Your name, email address, phone number, and password when you sign up.
Medicare Information: Your Medicare number (also called your Medicare Beneficiary Identifier, or MBI), date of birth, and basic personal details we need to access your claims.
Documents You Upload: Medicare Summary Notices (MSNs) or Explanation of Benefits (EOBs) — these are the statements Medicare sends you showing what was billed. You may upload photos or files of these for us to review.
Payment Information: Your billing address and payment details, which are handled securely by our payment processor (Stripe, Inc.). We do not store your credit card number.
Family Member Information: If you use our Family Plan, basic information about the family members you want us to monitor.

2.2 Information We Get from Medicare (Blue Button)

With your permission, we connect to your Medicare account through a secure government system called the "Blue Button 2.0 API" run by the Centers for Medicare & Medicaid Services (CMS). This lets us pull your claims information directly from Medicare. The data we receive may include:

Part A claims: Hospital stays, skilled nursing facility care, hospice, and home health services
Part B claims: Doctor visits, outpatient care, medical equipment, and lab tests
Part D claims: Prescription drug purchases and costs
Names and identification numbers of your doctors and other providers
Diagnosis codes (the medical reason for your visit) and procedure codes (what was done)
Dates of service and how much was billed and paid

You are always in control. You can disconnect your Medicare account at any time through Medicare.gov or by contacting us.

2.3 Information We Collect Automatically

How You Use the Service: Which pages you visit, which features you use, and how long you spend on the Service.
Device Information: Your browser type, operating system, and general location (based on IP address).
Cookies: Small files that keep you logged in and remember your preferences. We only use essential cookies — we do not use advertising or tracking cookies.

3. How We Use Your Information

We use your information for the following purposes. Under HIPAA, these fall into categories called Treatment, Payment, and Health Care Operations:

3.1 To Provide Your Medicare Monitoring Service (Health Care Operations)

Fraud and Error Detection: We review your Medicare charges to look for problems — for example, charges for services you never received, bills from doctors you never visited, duplicate charges (being billed twice for the same thing), or charges that seem too high for the service provided (called "upcoding").
Claims Summaries: We turn your complex Medicare statements into easy-to-read weekly and monthly reports that show what was billed, what Medicare paid, and what you may owe.
Alerts: We send you a notification when something looks unusual — for example, "You were billed $4,200 for medical equipment on March 15. Did you receive this item?"
Dispute Help: If we find a problem, we help you report it to Medicare or the Office of Inspector General (OIG) and guide you through the process.

3.2 To Manage Your Account (Payment)

Processing your subscription payments
Sending you account-related communications (receipts, plan changes, etc.)
Providing customer support when you contact us

3.3 To Improve the Service (Health Care Operations)

Making our fraud detection more accurate over time
Improving how we present information to you
When we use data for improvement, we remove all personal details first (this is called "de-identification") so that no individual person can be identified

3.4 Other Uses and Disclosures Without Your Authorization

In certain situations, we may use or share your information without asking you first, as permitted or required by law. These include:

When required by law: For example, if a court orders us to share information, or if a government agency requires it.
Public health and safety: To prevent serious harm or threats to health and safety.
Health oversight: For government audits, investigations, or inspections related to healthcare.
To report suspected fraud: We may report suspected Medicare fraud to appropriate government agencies.

3.5 Uses That Require Your Written Permission (Authorization)

For any use of your health information not described in this notice, we will ask for your written permission first. For example, we would need your authorization to use your information for marketing purposes (which we do not do) or to sell your information (which we will never do). You can take back your permission at any time by contacting us in writing.

What This Means for You: We only use your Medicare information to help protect you from fraud and billing errors. We never sell your information. We never use it for advertising. You are always in control of your data.

4. How Our Technology Works (AI Processing)

Claim Knight uses artificial intelligence (AI) — a type of computer technology that can read and analyze large amounts of data quickly — to review your Medicare claims. Here is how it works:

How data is sent: Your claims data is sent through a secure, encrypted connection (like the security used in online banking) to our AI technology partner's system.
How it is protected: Our AI partner operates under a Business Associate Agreement (BAA) — a legal contract that requires them to protect your health information under HIPAA rules, just like we do.
What the AI does: The AI reads your claims and looks for patterns that may indicate fraud, errors, or unusual activity. It then creates a report highlighting anything that looks wrong.
No human review by the AI partner: Your data is processed by computer systems only. Employees of our AI partner do not read or review your personal health information.
Data is not kept: After the AI finishes its analysis and returns your report, your health information is promptly deleted from the AI partner's systems. They do not keep a copy.
Your data is never used for training: We do not allow your health information to be used to train or improve AI systems. Your data is used solely to generate your personal fraud report.

What This Means for You: Your Medicare information is sent securely to be analyzed by computer technology, not read by people. It is deleted right after your report is created. It is never used for any other purpose.

5. How We Share Your Information

We do not sell your personal information or health information. Ever.

We share your information only in these limited situations:

Service Providers (with BAAs): Companies that help us run the Service — such as our technology partner (AI analysis), our website host, our payment processor, and our email delivery service. Every company that handles your health information signs a Business Associate Agreement (a legal contract requiring them to protect your data under HIPAA).
Family Members You Authorize: If you use our Family Plan, the family members you designate (such as an adult child helping manage your care) can see your claims summaries and alerts.
Insurance Agency Partners: If you signed up through an insurance agency, that agency may see your account status and alert summaries — but not your detailed claims data — as described in their agreement with you.
When Required by Law: If a court, law enforcement agency, or government regulator legally requires us to share information, we must comply.
Fraud Reporting (at Your Direction): If you ask us to help report suspected fraud, we will share the relevant claims information with Medicare, the OIG, or other government agencies on your behalf.

6. How We Protect Your Information

We take the security of your information seriously. Here are the safeguards we have in place:

Encryption in transit: When your data moves between your device and our systems, it is scrambled using strong encryption (TLS 1.2 or higher) — the same type of security used by banks.
Encryption at rest: When your data is stored in our systems, it is encrypted using AES-256, one of the strongest encryption methods available.
Access controls: Only authorized team members can access health information, and only the minimum amount needed to do their job.
Audit trails: We keep records of every time health information is accessed, by whom, and for what purpose.
Regular security testing: We regularly test our systems for vulnerabilities.
Employee training: All team members receive training on HIPAA requirements and how to handle health information properly.
Breach response plan: We have a plan in place to respond quickly if a security incident ever occurs.

No system is 100% secure. If you ever notice anything unusual with your account, please contact us right away.

7. How Long We Keep Your Information

Account Information: Kept while your account is active, plus 30 days after you delete your account.
Claims Data and Reports: Kept for up to 24 months so we can compare your claims over time and spot trends. This helps us catch fraud that develops gradually. You may ask us to delete it sooner at any time.
Uploaded Documents: When you upload a Medicare statement, we analyze it and then delete the original document within 72 hours. We only keep the results of the analysis.
Security Logs: Kept for 6 years, as required by HIPAA.

What This Means for You: We keep your data only as long as we need it to protect you. You can ask us to delete your claims data at any time, and we will — except for security logs we're required by law to keep.

8. Your Rights

Under HIPAA and our policies, you have the following rights. You can exercise any of these by contacting us (see Section 11 below).

See Your Information: You can ask for a copy of all the health information we have about you. We will provide it within 30 days.
Fix Mistakes: If any of your information is wrong, you can ask us to correct it. We will respond within 60 days.
Delete Your Data: You can ask us to delete your account and health information, subject to any legal requirements that may require us to keep certain records.
Disconnect Medicare: You can stop us from accessing your Medicare data at any time through Medicare.gov or by contacting us.
Limit Sharing: You can ask us to limit how we share your information. We will consider your request, though we are not required to agree to every restriction.
See Who We've Shared With: You can ask for a list of the times we have shared your health information over the past 6 years (called an "accounting of disclosures").
Choose How We Contact You: You can ask us to contact you in a specific way or at a specific address (for example, only by email, not by phone).
File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights. We will never punish you or treat you differently for filing a complaint.

9. Children's Privacy

Claim Knight is designed for Medicare beneficiaries (generally age 65 and older) and their authorized adult family members. We do not knowingly collect information from anyone under 18 years old. If you believe a child has used our Service, please contact us immediately.

10. Changes to This Notice

We may update this notice from time to time. If we make important changes, we will email you and post the updated version on our website with a new date. Your continued use of the Service after changes are posted means you accept the updated notice.

11. Contact Us

If you have questions about this notice, want to exercise any of your rights, or want to file a complaint, please contact us:

Claim Knight
Happy Health Agency
Palmetto Health Pro, LLC
Email: alex@happyhealthagency.net
Phone: (864) 507-5373
Hours: Monday – Friday, 9:00 AM – 5:00 PM Eastern Time

You may also file a complaint with the federal government:

U.S. Department of Health and Human Services
Office for Civil Rights
Website: hhs.gov/ocr/privacy
Phone: 1-877-696-6775

12. Compliance with State Laws

In addition to HIPAA, we comply with all applicable state privacy and data protection laws, including South Carolina state laws regarding health information and breach notification. If state law provides greater privacy protections than HIPAA in a particular area, we follow the stricter standard.

13. Glossary — Key Terms in Plain Language

PHI (Protected Health Information): Any personal information that is connected to your health or healthcare — for example, your name combined with a diagnosis code, or your Medicare number combined with a billing record.
BAA (Business Associate Agreement): A legal contract between us and any company that handles your health information on our behalf. It requires them to protect your data under the same HIPAA rules we follow.
HIPAA: The Health Insurance Portability and Accountability Act — a federal law that protects the privacy and security of your health information.
Blue Button 2.0 API: A secure system run by the federal government (CMS) that lets you give approved apps permission to access your Medicare claims data. You are always in control of this access.
Upcoding: When a healthcare provider bills Medicare for a more expensive service than what was actually provided — for example, billing for a comprehensive exam when only a basic checkup was done.
Phantom Provider: A fake doctor, clinic, or medical company that bills Medicare for services that were never provided.
De-identification: Removing all personal details (name, date of birth, Medicare number, etc.) from data so that no individual person can be identified.
Encryption: A way of scrambling data so that only authorized people can read it — like a digital lock on your information.
MBI (Medicare Beneficiary Identifier): Your unique Medicare number, found on your red, white, and blue Medicare card.