Privacy Policy &
Notice of Privacy Practices

Last Updated: April 2026  |  S2S Medical Billing Co., LLC  |  Contact Us

1. Who We Are

S2S Medical Billing Co., LLC ("S2S," "we," "us," or "our") is a boutique medical billing, credentialing, prior authorization, consulting, and training company serving specialty medical practices nationwide. S2S is a US-based business operating remotely.

This Privacy Policy applies to information collected through our website (www.s2smedicalbillingco.com), through our service engagement process, and in connection with the services we provide to healthcare practices.

2. Information We Collect

Information You Provide Directly

When you contact us, request a quote, or engage our services, we may collect:

• Your name, title, and contact information (phone, email, address)
• Practice name, specialty, state of practice, and EHR system
• Tax ID (EIN), NPI numbers, and payer information — required to provide billing services
• Information submitted through our contact and quote forms

Information Collected Automatically

When you visit our website, we may automatically collect basic technical information such as your browser type, IP address, pages visited, and time on site. This information is used solely to improve our website and is not linked to your identity.

Protected Health Information (PHI)

In the course of providing billing, credentialing, and related services, we may access Protected Health Information (PHI) on behalf of our healthcare provider clients. All PHI is handled strictly in accordance with HIPAA and is governed by the signed Business Associate Agreement (BAA) between S2S and each client. We do not collect, store, or use PHI for any purpose other than performing contracted services.

3. How We Use Your Information

We use the information we collect to:

• Provide, manage, and improve our medical billing, credentialing, and consulting services
• Communicate with you about your account, invoices, and service updates
• Respond to inquiries and deliver requested quotes or proposals
• Comply with legal obligations, including HIPAA, tax reporting, and applicable state laws
• Protect the security and integrity of our systems and client data

We do not sell, rent, or share your personal information with third parties for marketing purposes. Ever.

4. How We Protect Your Information

S2S maintains administrative, physical, and technical safeguards to protect all information we handle, including:

• 256-bit AES encryption for all ePHI stored or transmitted electronically
• Multi-factor authentication (MFA) on all systems used to access client data
• US-based workstations only — no offshore access to PHI or client systems
• Encrypted email for all communications containing sensitive information
• Strict access controls — only authorized personnel access client data
• Regular security reviews and HIPAA compliance assessments

5. Information Sharing

We do not sell or share your personal information except in the following limited circumstances:

• Service Providers: We may share information with clearinghouses, payer portals, and technology vendors strictly as necessary to perform billing and credentialing services on your behalf
• Legal Requirements: We may disclose information if required by law, court order, or regulatory authority
• Business Transfers: In the unlikely event of a merger or acquisition, client data would be subject to the same privacy protections under any successor entity

Any third party that receives PHI on our behalf is required to execute appropriate data protection agreements consistent with HIPAA requirements.

6. Website Contact Forms

When you submit information through our website contact or quote forms, that information is transmitted securely to Jennifer Noel directly. We do not use your submitted information for marketing purposes without your consent. Form submissions are used solely to respond to your inquiry and prepare a custom proposal.

7. Cookies & Tracking

Our website may use basic cookies to improve functionality and user experience. We do not use advertising cookies or behavioral tracking. You may disable cookies in your browser settings without affecting your ability to use our website.

8. Data Retention

We retain client records and associated data for a minimum of seven (7) years following the end of our engagement, consistent with medical billing recordkeeping requirements and applicable law. PHI is returned or securely destroyed upon termination of services as specified in the Business Associate Agreement.

9. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information (subject to legal retention obligations)
• Opt out of any marketing communications

To exercise any of these rights, please contact us at contact us here.

10. HIPAA Notice of Privacy Practices

Individuals who have questions about how their healthcare provider handles their PHI should contact their provider directly. Your provider is the Covered Entity responsible for their Notice of Privacy Practices under HIPAA.

If you believe your PHI has been mishandled in connection with S2S's services, you may contact us directly or file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr.

11. Children's Privacy

Our website and services are directed to healthcare professionals and business entities, not to individuals under the age of 18. We do not knowingly collect personal information from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised "Last Updated" date. Continued use of our services after any update constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: