Privacy Policy
Last updated: April 2026
Mira™ (formerly CPS Medical Billing) (“Mira™,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage with our medical billing services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site.
1. Information We Collect
We collect information you voluntarily provide to us when you fill out contact forms, inquiry forms, billing assessment requests, or newsletter sign-ups on our website. This may include:
- Contact information — full name, email address, and phone number
- Organization details — practice or company name, job title, and practice size
- Billing information — specialty, EMR system in use, and current billing challenges submitted through our assessment or inquiry forms
- Communications — messages, questions, or other content you send us directly
We may also automatically collect limited technical data such as your IP address, browser type, pages visited, and time spent on our site through analytics tools described in Section 6.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To respond to your inquiries and provide requested information about our services
- To deliver medical billing, revenue cycle management, and related services you have engaged us to provide
- To send operational communications such as service updates, reporting summaries, and account-related notices
- To send marketing communications (e.g., newsletters or industry updates) where you have opted in
- To improve our website, services, and user experience based on aggregate analytics data
- To comply with applicable legal obligations and regulatory requirements
We will not use your personal information for any purpose incompatible with those listed above without first obtaining your consent.
3. HIPAA Compliance
Mira™ operates as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HITECH Act. We take our HIPAA obligations seriously and maintain comprehensive policies and procedures to safeguard Protected Health Information (PHI).
Specifically, we:
- Execute a Business Associate Agreement (BAA) with every covered entity client prior to accessing, using, or disclosing PHI
- Limit our use and disclosure of PHI to only what is necessary to perform contracted services
- Train all staff members on HIPAA requirements and enforce internal compliance policies
- Report any breach of unsecured PHI to the covered entity within the timeframes required by HIPAA
- Maintain documentation of our HIPAA practices and update them as regulations evolve
PHI handled in the course of providing billing services is governed by your BAA with Mira™ and by HIPAA, not solely by this Privacy Policy.
4. Data Security
We implement industry-standard technical and organizational security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security practices include:
- TLS/SSL encryption for all data transmitted between your browser and our servers
- Encryption at rest for sensitive records stored on our systems
- Secure, access-controlled servers hosted by reputable cloud infrastructure providers
- Role-based access controls ensuring staff can only access data necessary for their job functions
- Regular internal security reviews and vulnerability assessments
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We encourage you to use caution when sharing sensitive information online.
5. Information Sharing
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:
- Service providers — We may share data with trusted vendors (e.g., email platforms, CRM software, AI providers, clearinghouses) who assist us in delivering our services. All service providers handling PHI are required to execute a BAA and comply with HIPAA.
- Legal compliance — We may disclose information when required by law, court order, or governmental regulation.
- Business transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred subject to this Privacy Policy.
- With your consent — We may share information for any other purpose with your explicit prior approval.
5.5. AI Features and Your Data
When you enable AI features (admin opt-in, per organization, default off), Mira™ sends limited request payloads to AI providers (currently Anthropic, OpenAI-compatible providers) under a Business Associate Agreement (BAA). These providers process the request under HIPAA-aligned controls. We log only metadata about each AI call — including the prompt length, the AI feature invoked, the user/ organization identifier, and the outcome — never the prompt body or the model response. You can disable AI features at any time from the Admin panel; disabling fails closed (no AI calls execute).
6. Cookies and Tracking
Our website uses cookies and similar tracking technologies to understand how visitors interact with our content. Specifically, we use:
- Google Analytics 4 (GA4) — to collect anonymized usage data including page views, session duration, traffic sources, and user flow. Data is processed by Google in accordance with their privacy policy.
- Microsoft Clarity — to record anonymized heatmaps and session replays that help us improve site usability. No personally identifiable information is captured.
We do not use advertising or retargeting cookies. You may opt out of analytics tracking by enabling the “Do Not Track” setting in your browser or by using a browser extension such as the Google Analytics Opt-out Add-on. Disabling cookies will not affect your ability to use our site.
7. Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information:
- Access — Request a copy of the personal information we hold about you
- Correction — Request that we correct inaccurate or incomplete information
- Deletion — Request that we delete your personal data, subject to legal retention requirements
- Opt-out of marketing — Unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us directly
- Data portability — Request your data in a portable, machine-readable format where technically feasible
To exercise any of these rights, please contact us using the information in Section 9. We will respond to all verified requests within 30 days.
8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our general retention schedules are as follows:
- Inquiry and contact form data — retained for 3 years from the date of submission, after which it is securely deleted or anonymized
- Newsletter and marketing list data — retained until you unsubscribe, after which we remove your email from active lists within 10 business days
- Active client records — retained for the duration of the service relationship plus the period required by applicable healthcare and tax regulations
PHI handled under a BAA is subject to the retention terms specified in that agreement and applicable HIPAA regulations.
9. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a privacy concern, please contact us:
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will:
- Update the “Last updated” date at the top of this page
- Post a notice on our website for material changes
- Where required by law, notify affected users directly via email
Your continued use of our website or services after any changes become effective constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
Questions? We're happy to help.