Privacy Policy

MediCheck Pro — 2026 Billing Compliance · v2.0

Last updated: May 2026

MediCheck Pro is a Chrome extension built by PixelForgeHub (Yogesh Nichal). This document is the full, plain-English privacy statement covering v2.0 features — including the optional BYOK AI clinical-note inference, EHR Quick-Launch injectors, NPI / Drug / LCD external lookups, and Team-tier Firestore audit-log sync.

30-second summary

We have no servers for this extension. PixelForgeHub does not receive any data from your use of MediCheck. The only PixelForgeHub URL the extension ever contacts is a static JSON file at pixelforgehub.pro/medicheck/manifest-2026.json that delivers the quarterly dataset refresh — and that fetch is anonymous.
Code lookups (CPT, ICD-10, modifiers, NCCI, MUE, HCC, denial codes) are 100% local. The 2026 reference dataset is bundled inside the extension package.
NPI Registry, Drug/NDC, and AI-inference features query third-party APIs directly from your browser. PixelForgeHub never sees those queries. Each feature is opt-in.
EHR Quick-Launch injectors are off by default. Even when enabled, they read no patient data — only scan for billing-code-shaped tokens and render a floating launcher button.
BYOK AI clinical-note inference is gated behind a HIPAA / BAA acknowledgment the user must tick before any send.
No telemetry, no analytics, no error reporting by MediCheck at any point.

Data Categories & Where Each Goes

Data	Destination
CPT / ICD-10 lookup queries (the codes you type)	100% local — bundled JSON dataset. Nothing transmitted.
Right-click context-menu selections	100% local — Chrome's `contexts: ['selection']` hands us the text.
NPI lookup queries	NPPES public API at `npiregistry.cms.hhs.gov` (CMS). Only the NPI or name you type.
Drug / NDC / RxCUI queries	RxNorm public API at `rxnav.nlm.nih.gov` (NIH NLM). Only the drug/NDC you type.
AI clinical-note inference	Direct browser-to-provider HTTPS request to `api.openai.com`, `generativelanguage.googleapis.com`, or `api.anthropic.com` — depending on which provider you chose. Authenticated with YOUR API key. Note content goes only to that one provider. BAA required when sending PHI.
Team audit-log sync (opt-in, requires Firebase config)	Your own Firebase Firestore project at `firestore.googleapis.com`. No PixelForgeHub access.
Quarterly dataset patch	Anonymous `GET` of `pixelforgehub.pro/medicheck/manifest-2026.json` every 7 days. We log no request data.
UI preferences, license key, AI keys, audit history	`chrome.storage.local` on your device only.

BYOK AI — HIPAA, BAA, and PHI

The AI tab is the most sensitive feature in the extension. Before each session you must tick an acknowledgment that either:

You have a signed Business Associate Agreement (BAA) with the LLM provider you selected, OR
The clinical note you are about to paste contains no Protected Health Information (PHI).

The current BAA landscape for the three supported providers:

OpenAI: BAA available for Enterprise + ChatGPT Enterprise customers under their Business Associate Agreement program.
Google Gemini: HIPAA-eligible only via Google Cloud Vertex AI with a signed BAA — not via the public Gemini API key in this extension. If you require HIPAA coverage, you must use Vertex AI from your own backend (this extension targets the public API for low-friction setup).
Anthropic: BAA available for Enterprise + Claude Team customers under their Business Associate Agreement program.

We strongly recommend that any clinical note containing PHI be sent only to a provider with whom you have a current BAA. The acknowledgment checkbox is intentionally a hard gate — the "Analyze with AI" button stays disabled until you tick it.

EHR Quick-Launch Injectors — Opt-in Only

v2.0 offers optional content-script injectors for seven EHR platforms (Epic, Oracle Cerner, athenahealth, Practice Fusion, eClinicalWorks, DrChrono, NextGen). Each is OFF by default. To enable: Settings → EHR Quick-Launch → tick the EHR you use → Chrome prompts you to grant the host permission for that EHR's domain.

The injected content script does only the following:

Scans document.body.innerText with two regexes: \b\d{5}\b (CPT-shaped) and \b[A-TV-Z]\d{2}(\.\d{1,4})?\b (ICD-10-shaped).
Counts the matches. Patient names, MRNs, free-text, dates do NOT match these patterns.
Renders a small Shadow-DOM-isolated launcher button at the bottom-right with the live count.
On click, sends a message to the extension's background worker to open the side panel.

The injector does NOT:

Read or transmit the matched code-shaped tokens off-device
Read DOM elements other than visible body text
Modify the host EHR page in any way other than appending the launcher
Persist anything to storage
Intercept navigation, network requests, or keyboard input

Team Tier & Firestore Audit Log

A PFH-TEAM-XXXX-XXXX license enables an optional shared audit log across your team's members. To use it, you configure MediCheck with your own Firebase project's public API config (Settings → Team Management → Firebase project config). Every time a team member runs a code lookup, MediCheck writes an audit entry to your Firestore database at the path teams/{teamId}/audit_log/{entryId}.

The audit entry contains only:

The CPT or ICD-10 code (already a public identifier, not PHI)
The lookup timestamp
The member slot (e.g., 0003)
The code's risk score (a number from the local risk meter)
The code's description (e.g., "Office visit, established, moderate")

It does NOT contain: patient identifiers, MRNs, clinical notes, encounter details, or any free text from the user. The audit log captures what was looked up, not who it was for. Firestore data is held under YOUR Firebase project — PixelForgeHub has no access to it.

Permissions Justification

Permission	Why MediCheck needs it
`sidePanel`	The entire MediCheck workbench (9 tabs) renders in a Chrome side panel.
`storage`	Persists UI preferences, Pro license key, AI provider API keys, audit history, Firebase config, team membership, 7-day update cache — all on the user's device.
`contextMenus`	Adds the right-click "Check '%s' with MediCheck Pro" entry that appears only when text is selected. Uses `contexts: ['selection']`; no host permissions required.
`scripting`	Required to programmatically register OPTIONAL content scripts (auto-detect tooltip + 7 EHR injectors) AFTER the user explicitly enables them in Settings and grants the per-origin host permission. Never used otherwise.
`optional_host_permissions`	`<all_urls>` for the auto-detect tooltip, plus narrow per-EHR patterns. All off by default, user-granted only.

What MediCheck Does NOT Do

No analytics, no telemetry, no crash reporting.
No A/B testing, no remote feature flags, no remote config beyond the data-only quarterly patch.
No third-party SDKs, no ads, no tracking pixels.
No remote code execution — no eval, no new Function(), no remote script fetches.
No access to other tabs' content beyond what you explicitly opted into via EHR Quick-Launch.
No transmission of PHI to PixelForgeHub — we have no servers that could receive it.

Pricing & License Key

Free tier: 20 lookups/day plus a small "Made with MediCheck Pro" watermark. Pro tier: $19/month or $99 lifetime via Lemon Squeezy. Team tier: $79/month for 5 seats or $249/year for unlimited seats. License keys (PFH-XXXX-XXXX-XXXX solo or PFH-TEAM-XXXX-XXXX team) are validated by local regex format check; team licenses additionally verify against Firestore if you've configured it. No license data is transmitted from your browser to PixelForgeHub.

Children's Privacy

MediCheck Pro is intended for use by professional medical billers, coders, physicians, and revenue cycle staff. It is not directed to children under 13 and does not knowingly collect personal information from anyone.

Changes to This Policy

If MediCheck ever adds a feature that changes the data-handling story above, this page will be updated and the version number raised before the new build ships to the Chrome Web Store. The current published version of the extension and the version covered by this page should always match.

Contact

Questions, concerns, BAA inquiries, or data-deletion requests: pixelforgehub.pro/support

PixelForgeHub · Yogesh Nichal · India · pixelforgehub.pro

Other extensions: StyleSnap · LegalBinder · RedactFlow · LabelWiz