Later Today Inc., operating as BillSherpa · Effective: May 3, 2026 · Last Updated: May 16, 2026
BillSherpa is a patient billing advocacy service operated by Later Today Inc. ("Company," "we," "us," or "our"), a corporation incorporated under the laws of Ontario, Canada. BillSherpa is a brand name of Later Today Inc. We help patients identify errors on their medical bills by analysing billing codes against applicable federal and state regulations and generating dispute documentation on their behalf.
This Privacy Policy explains how we collect, use, disclose, store, and protect information — including Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") — when you use our website and services.
Contact: Later Today Inc. · hello@billsherpa.com · billsherpa.com
This Policy applies to visitors to billsherpa.com, patients who submit medical bills for analysis, and any individual whose health information is included in a submitted bill. It does not apply to the practices of third-party websites linked from our site.
BillSherpa operates as a Business Associate as defined under HIPAA 45 CFR § 160.103. We process Protected Health Information on behalf of patients for the limited purpose of billing advocacy — identifying billing errors, generating dispute documentation, and providing regulatory citations. We are not a covered entity, healthcare provider, health plan, or healthcare clearinghouse.
As a Business Associate, we maintain Business Associate Agreements (BAAs) with every vendor and subcontractor who processes PHI on our behalf.
When you submit a medical bill for analysis, we collect:
We collect only the minimum PHI necessary to perform our services 45 CFR § 164.514(d).
We collect your name and email address to deliver your analysis results and communicate with you about your case. We do not require you to create an account.
Payment processing is handled entirely by Stripe, Inc. BillSherpa does not collect, store, or process your credit card or payment account information.
We automatically collect standard technical information when you visit our website, including IP address, browser type, pages visited, and referring URLs. This information is used for security monitoring and service improvement and is not linked to your PHI.
We use your PHI solely for the following purposes:
Your PHI is processed to the extent necessary to conduct analysis against these ten frameworks:
We do not use your PHI for marketing, advertising, or sale to third parties. We do not use your PHI to train artificial intelligence models.
We share PHI with vendors bound by Business Associate Agreements, including: cloud infrastructure providers; AI processing services (for analysis against the ten regulatory frameworks); PDF generation services; secure email delivery services; case management and data storage services; and CPC contractors performing quality assurance review. No vendor may use your PHI for any purpose other than providing services to BillSherpa.
We may disclose PHI without your consent when required by law, including: in response to a valid court order or subpoena; to report to government agencies as required by law; to avert a serious and imminent threat to health or safety; or as required by the HIPAA Privacy Rule.
We will share your PHI with any third party you explicitly authorise in writing. You may revoke such authorisation at any time by contacting hello@billsherpa.com.
BillSherpa does not sell, rent, or trade your Protected Health Information. We do not share PHI with advertisers, data brokers, or any commercial party for marketing purposes.
We implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule 45 CFR §§ 164.302–164.318:
In the event of a breach affecting your PHI, we will notify you as required by HIPAA and applicable state law.
We retain your PHI for a minimum of six (6) years from the date of service on your bill 45 CFR § 164.530(j). After this period, PHI is securely destroyed using cryptographic erasure, secure database deletion, and documented destruction records. You may request deletion of your PHI before the retention period expires — we will honour such requests unless retention is required by law or pending legal proceedings.
You have the right to inspect and receive a copy of the PHI we hold about you within 30 days of a written request. Contact hello@billsherpa.com.
You have the right to request correction of PHI you believe is inaccurate or incomplete. We will respond within 60 days.
You have the right to request a list of disclosures of your PHI we have made within the previous six years, other than for treatment, payment, operations, or disclosures you authorised.
You have the right to request that we restrict the use or disclosure of your PHI. We are not required to agree to all restrictions, but if we agree, we are bound by that agreement.
You may withdraw your consent to our processing of your PHI at any time by contacting hello@billsherpa.com. Withdrawal does not affect processing that occurred before the withdrawal.
If you believe your privacy rights have been violated, you may file a complaint with Later Today Inc. at hello@billsherpa.com, or with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr/privacy. We will not retaliate against you for filing a complaint.
California residents have additional rights under the CCPA and CPRA, including the right to know what personal information we collect, the right to delete, the right to correct, and the right to opt out of the sale of personal information. We do not sell personal information. Contact hello@billsherpa.com to exercise your rights.
Residents of Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy laws may have additional rights. Contact hello@billsherpa.com to exercise any applicable rights.
Our services are intended for adults submitting bills on their own behalf or as the legal guardian or authorised representative of a minor. We do not knowingly market our services directly to individuals under 18. If a minor's PHI is included in a submitted bill, it is processed with the same safeguards as adult PHI in accordance with HIPAA requirements for minor health information.
Our website uses minimal cookies necessary for site functionality. We do not use tracking pixels, cross-site tracking, or advertising cookies. We do not share website usage data with advertising networks.
BillSherpa uses AI services to analyse your medical bill. Specifically:
AI analysis is used as a tool to assist human review. BillSherpa does not represent that AI findings are infallible. The final report reflects the combined output of automated analysis and human quality assurance.
BillSherpa is a patient advocacy service and not a law firm, certified public accountant, or licensed healthcare professional. Nothing in our reports or dispute letters constitutes legal advice, medical advice, or financial advice. Our analysis is based on the ten publicly available billing regulations described in Section 5.1. Results may vary. Our liability for any claim arising from our services is limited to the amount paid for those services.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, the regulations we apply, or the services we offer. When we make material changes, we will update the "Last Updated" date, post the updated Policy on our website, and send an email notice to patients who have submitted bills within the previous 12 months. Your continued use of our services after the effective date of an updated Policy constitutes your acceptance of the updated terms.
Later Today Inc. — Privacy Officer
Email: hello@billsherpa.com
Website: billsherpa.com
We will respond to all privacy-related enquiries within 30 days.