What enters Bitewing?
Customer-approved reimbursement sources needed for review, starting read-only.
Bitewing reads the reimbursement sources you already depend on and shows where the actual adjudicated allowed amount does not match the governing contract. It works alongside your PMS, clearinghouse, and RCM team.
read-only to start
provided by the customer
only what the service needs
Crosses: customer-approved sources
Not by default: no write-back to PMS by default
customer-scoped processing
evidence remains attached
held until human approval
Crosses: only the data needed for review
Not by default: no public PHI examples or cross-customer PHI training
details shared through the package
time-bound and role-bound
approved findings and exports
Crosses: reviewed findings and exports
Not by default: no PHI sale or public reuse
Customer-approved sources needed for reimbursement review, starting read-only.
Customer sources, source-backed findings, human review, support access, and customer outputs are kept distinct.
Boundary crossings, reviewer decisions, exports, and support access write to audit logs.
This page names what enters, what leaves, who can access it, and what is never reused. The same twelve questions every reviewer asks, answered in order.
Want the underlying controls in writing? Request the security package — it carries the questionnaire categories, BAA template, and gated materials path.
Request the security packageCustomer-approved reimbursement sources needed for review, starting read-only.
Connector, upload, secure transfer, shared folder, or customer-approved API path.
A logical tenant boundary for that customer. Public examples use synthetic data only.
Source records and derived findings only as needed for the contracted service and customer agreement.
Tenant partitioning, role-bound access, and source pointers scoped to the customer.
Customer roles and logged internal break-glass access for support or engineering review.
Access, administrative actions, reviewer decisions, exports, and support access.
Customer-approved findings, exports, and workflow outputs.
Covered in the security package and live technical review when relevant.
Handled under the customer agreement and BAA; deletion requests go through the support/security path.
Cross-customer learning uses de-identified aggregates only when allowed.
No cross-customer PHI training, no sale of PHI, no pooled customer examples in public pages.
| 01 | What enters Bitewing? | Customer-approved reimbursement sources needed for review, starting read-only. |
|---|---|---|
| 02 | How does it enter? | Connector, upload, secure transfer, shared folder, or customer-approved API path. |
| 03 | Where is it processed? | A logical tenant boundary for that customer. Public examples use synthetic data only. |
| 04 | Where is it stored? | Source records and derived findings only as needed for the contracted service and customer agreement. |
| 05 | How is it separated? | Tenant partitioning, role-bound access, and source pointers scoped to the customer. |
| 06 | Who can access it? | Customer roles and logged internal break-glass access for support or engineering review. |
| 07 | What is logged? | Access, administrative actions, reviewer decisions, exports, and support access. |
| 08 | What leaves Bitewing? | Customer-approved findings, exports, and workflow outputs. |
| 09 | How is third-party processing reviewed? | Covered in the security package and live technical review when relevant. |
| 10 | How long is data kept? | Handled under the customer agreement and BAA; deletion requests go through the support/security path. |
| 11 | What is de-identified? | Cross-customer learning uses de-identified aggregates only when allowed. |
| 12 | What is never used? | No cross-customer PHI training, no sale of PHI, no pooled customer examples in public pages. |
These are the control categories Bitewing operates against. The security package carries the detail, scope, and current state of each one.
Details provided under the security package.
Request the package or reach the engineering review path at security@bitewing.ai.