Millin Medical Compliance

• The MillinPro+ information system is used to support Federal, State, and Local Government, and may only be accessed and used for official Government business by authorized personnel only.
• Unauthorized access, actions, use, modification, or disclosure of the data contained herein or in transit to/from this system constitutes a violation of the Computer Fraud and Abuse Act, Pub. L. No. 99-474, codified at 18 U.S.C. §1030, state criminal and civil laws, and may subject violators to criminal, civil, and/or administrative action and penalties.
• All authorized use of this system must comply with Executive Orders, directives, policies, regulations, standards, and guidance. Any unauthorized use or actions will be investigated, and if required, prosecuted.
• All data contained within this information system may be monitored and recorded and disclosed in any manner by authorized personnel. By proceeding to access the information system, the user acknowledges that there is no right to privacy in this system.
• System personnel may provide law enforcement officials, for investigation and prosecution purposes, any potential evidence of crime found within this information system.
• The use of this system by any user, authorized or unauthorized, constitutes consent to monitoring, recording and disclosure.

Privacy Impact Assessment Policy Statement

Millin Associates recognizes its responsibility to safeguard the privacy of personally identifiable information (PII) and protected health information (PHI) entrusted to us by our clients and their patients. In alignment with NIST SP 800-53 Revision 5, control RA-8, the organization maintains a Privacy Impact Assessment (PIA) process as a living activity that is:

• Ongoing: PIAs are conducted not only during system acquisition and deployment but also updated whenever technology, practices, or regulatory requirements change.
• Comprehensive: PIAs address the full set of applicable NIST privacy controls, identifying risks and recommending mitigations.
• Vendor-inclusive: Vendor assessments include structured evaluation of privacy controls, not limited to breach notification or policy presence.
• Integrated with Change Management: All system changes, updates, and maintenance activities require a documented privacy risk classification (Low/Moderate/High/Not Applicable).

This ensures that privacy considerations are embedded into system lifecycle management, vendor oversight, and day-to-day operations, thereby reducing the risk of inappropriate disclosure or misuse of PII/PHI.

Millin Business Model

Millin Medical operates strictly as a B2B (Business-to-Business) entity, processing medical claims on behalf of healthcare providers for submission to payers. We do not offer consumer-facing services, nor do we interact directly with individuals regarding their personally identifiable information (PII). All HIPAA and PII data remain securely contained within our Azure cloud environment, and data is disclosed only to the extent necessary for claims processing and payment purposes, in compliance with legal and contractual requirements. Therefore, mechanisms for individual access and review of PII are not applicable to our business model.

• Millin Medical is committed to maintaining compliance with all applicable laws and regulations governing the privacy and security of PII and PHI.
• Regular audits and assessments are conducted to ensure adherence to HIPAA, HITECH, and other relevant standards.
• Staff training programs are implemented to promote awareness and understanding of compliance requirements.
• Policies and procedures are regularly reviewed and updated to reflect changes in regulations and best practices.

View Compliance Details →

New York State Vendor Responsibility Questionnaire

Millin Associates LLC is certified through the NYS Office of the State Comptroller VendRep System.

Certified by: James Barrett, CTO
Certification Date: March 5, 2026

View Certification →