HIPAA Compliance

ClaimRev is a HIPAA-covered entity operating as a business associate for every provider we serve. HIPAA compliance is a legal requirement we have built our operations around from day one.

• Business Associate Agreements (BAAs): We sign a BAA with every client before a single transaction is processed. This is non-negotiable and standard in every engagement.
• HIPAA-compliant EDI transactions: All claim submissions, eligibility inquiries, and remittance processing follow HIPAA-mandated electronic data interchange standards.
• Minimum necessary access: We access only the PHI required to process your transactions.
• Workforce training: Our team is trained on HIPAA requirements for handling protected health information.

If you are evaluating us for a tribal health program, IHS facility, or government-contracted clinic with heightened compliance obligations, we are experienced in those environments specifically.

Multi-Factor Authentication

Access to the ClaimRev platform requires multi-factor authentication (MFA) for all users. MFA is enforced through an authenticator app — not SMS codes — because authenticator-based MFA is significantly more resistant to SIM-swapping, phishing, and interception attacks.

• Required for all users: MFA cannot be bypassed or disabled by individual accounts.
• Authenticator app only: Compatible with Google Authenticator, Microsoft Authenticator, Authy, and other standard TOTP apps.
• No SMS fallback: Text message verification is not offered as an alternative, keeping your access credentials fully protected.

For healthcare organizations that handle protected health information, this level of access control is not optional — it is the standard we hold ourselves to.

X12 Licensed Clearinghouse

ClaimRev is licensed through X12, the standards body responsible for the EDI transaction sets required under HIPAA. We support the full set of required HIPAA EDI transactions:

• 837P & 837I: Professional and institutional claim submission
• 835: Electronic Remittance Advice
• 270 / 271: Eligibility inquiry and response
• 276 / 277: Claim status inquiry and response

Every transaction we handle follows the X12 implementation guides required under HIPAA 5010.

Your Data Is Yours

Your claims data, patient information, and revenue data belong to you. Not us.

• We do not sell your data.
• We do not aggregate your patient data for third-party use or analytics that benefit anyone but you.
• You can export your data at any time in standard formats.
• Leaving ClaimRev does not mean losing access to your history. We work with departing clients to ensure clean data transitions.

Many large clearinghouses operate on models that monetize aggregated claims data. Our business model is straightforward: you pay us to process your claims, and that is the relationship.

Built by Healthcare Technology Veterans

ClaimRev was founded by Brad Sharp, a healthcare software engineer with 21 years of experience building revenue cycle and claims management systems. His background is in API-first architecture and revenue optimization systems — the engineering foundation a clearinghouse needs.

Amber Sharp, our CEO and a registered nurse, brings 14 years of clinical and healthcare operations experience. She understands the connection between accurate claims processing and patient care outcomes because she has worked on both sides of it.

This is not a generic payments platform repurposed for healthcare. It is a purpose-built system by people who have worked in this industry for decades.

Organizational Stability

ClaimRev is a focused, founder-led company. We are not backed by venture capital, which means we are not chasing a liquidity event or a pivot. Our organizational structure is stable by design:

• Founder-owned and operated — no outside investors whose interests might conflict with yours
• Mission-driven focus — serving underserved healthcare providers, not maximizing short-term growth metrics
• Month-to-month billing — you are not locked in, which means we earn your business every month
• Small team, direct access — when you need help, you reach people who actually know your account

Certifications & Business Credentials

• Native Woman-Owned Business
• SBA HUBZone Certified
• WOSB Certified (Women-Owned Small Business, federal certification)
• ISBEE Certified (Indian Small Business Economic Enterprise)
• Cherokee Nation Preferred Vendor
• Cherokee Nation TERO Listed
• X12 Licensed Clearinghouse

For tribal health programs, government-contracted clinics, and federally-qualified health centers with procurement requirements, these credentials matter for vendor selection and reporting.

Common Vendor Risk Questions

• Do you sign BAAs? Yes, with every client, before any transaction is processed.
• Is MFA required? Yes. All users must use an authenticator app. There is no SMS fallback and no way to bypass it.
• Are you compliant with 42 CFR Part 2? If you treat patients subject to Part 2 substance use disorder protections, contact us directly to discuss your specific requirements.
• What happens to my data if I leave ClaimRev? You retain access to your historical data and we facilitate clean transitions. We do not hold data hostage.
• Are you HITRUST certified or SOC 2 audited? We operate as a HIPAA-compliant clearinghouse. If your organization has additional third-party audit requirements beyond HIPAA, contact us to discuss your compliance checklist.
• Who do I call when something goes wrong? A person who knows your account. Not a chatbot, not a tier-1 support queue.
• Can we do a security review before signing? Yes. We welcome compliance reviews and can provide documentation for your due diligence process.