Privacy Policy — Chrome Extension
Last updated: March 15, 2026
Overview
The CodeBase RCM Coding Edit Checker Chrome extension (“the Extension”) is a free tool that helps medical coders identify NCCI bundling edits, MUE limits, and coding warnings while working in browser-based coding platforms. This privacy policy explains what data the Extension accesses, how it is used, and how it is protected.
Data We Collect
The Extension collects no personal information. Specifically:
- No account or login required. The Extension does not require sign-up, authentication, or any personal identifiers.
- No browsing history collected. The Extension does not track, store, or transmit any URLs you visit.
- No patient or health data collected. The Extension reads CPT/HCPCS procedure codes displayed on coding platform pages to check for billing edits. These are standardized medical billing codes, not patient data. The Extension never reads, stores, or transmits patient names, medical record numbers, dates of birth, or any Protected Health Information (PHI).
- No analytics or tracking. The Extension does not include any analytics libraries, tracking pixels, or telemetry.
Data We Access
The Extension reads CPT/HCPCS codes, ICD-10 codes, modifiers, and units from coding platform pages (currently aiHealth) in order to perform edit checks. This data is:
- Processed locally in the browser.
- Sent only to the CodeBase RCM database (hosted on Supabase) to look up NCCI edits, MUE limits, and code descriptions from publicly available CMS data.
- Never stored, logged, or associated with any user identity.
Data Storage
The Extension uses Chrome’s chrome.storage.sync API solely to store your preferences (e.g., which edit checks are enabled, panel display settings). This data is synced across your Chrome profile and contains no personal or patient information.
Third-Party Services
The Extension communicates with a single external service:
- Supabase (supabase.co) — Used to query the CodeBase RCM database for NCCI PTP edits, MUE limits, and CPT code descriptions. All data in this database is derived from publicly available CMS (Centers for Medicare & Medicaid Services) datasets. No personal or patient data is sent to or stored by this service.
Permissions Justification
| Permission | Justification |
|---|---|
| activeTab | Allows the Extension to read page content on the current tab when the user clicks “Scan Current Page.” Only activated on user action. |
| storage | Stores user preferences (toggle settings, panel configuration). No personal data. |
| scripting | Injects the code detection script into coding platform pages to scan for CPT/HCPCS codes. |
| Host: ai-health.io | Required to auto-inject the content script on aiHealth pages, the primary supported coding platform. |
| Host: supabase.co | Required to query the CodeBase RCM edit database for NCCI edits, MUEs, and code descriptions. |
HIPAA Compliance
The Extension does not access, store, or transmit Protected Health Information (PHI) as defined by HIPAA. It reads only standardized medical billing codes (CPT, HCPCS, ICD-10), which are industry-standard code sets and not patient-identifiable data. No Business Associate Agreement (BAA) is required for use of this Extension.
Children's Privacy
The Extension is intended for use by healthcare revenue cycle professionals. It does not collect any data from any users, including children under the age of 13.
Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted at this URL. Continued use of the Extension after changes constitutes acceptance of the updated policy.
Contact
If you have questions about this privacy policy or the Extension, contact us at: