Coding Assist — Privacy Policy

Last updated: June 6, 2026

Coding Assist ("the extension") is an internal tool provided by Mariam Maniya Internal Medicine PC d/b/a Maniya Health Medical Group ("we," "us") for use by our own authorized staff. It is not offered to the general public. This policy describes what data the extension accesses, how it is used, and how it is handled.

Who this applies to

The extension is installed only by our authorized workforce members for use within our Practice Fusion workspace. We do not collect data from anyone outside our organization. The extension is deployed through our Google Workspace (Enterprise Standard) environment, which is covered by our Business Associate Agreement with Google.

What the extension accesses

• Clinical record content. The extension reads the content of the patient record open in the active Practice Fusion tab, including clinical note text and patient age, in order to suggest billing and diagnosis codes. Any clinical note text used for diagnosis-code suggestions is transmitted only to our Google Cloud Vertex AI service, which is governed by our Business Associate Agreement with Google; it is never sent to any service not covered by that agreement.
• Health information. Clinical note text, diagnoses, ICD-10 codes, and billing/charting data are processed to perform coding assistance. Where this clinical note text is sent to Google Cloud Vertex AI for diagnosis-code suggestions, it is handled under our Business Associate Agreement with Google and is not transmitted to any non-covered service.
• Authentication context. The extension reads the authorization and related session headers that the user's browser already sends to Practice Fusion, and reuses them to call Practice Fusion's own internal endpoints. This is necessary because Practice Fusion does not provide a public integration API.
• Configuration data. The extension reads a coding prompt and provider directory from a Google Sheet that we control and link-share in read-only form.

How data is used

• Record content and health information are used solely to generate billing-code and ICD-10 diagnosis-code suggestions for the staff member using the extension.
• When Diagnosis Assist is enabled by an administrator, the relevant clinical note text is sent from the user's browser directly to our Google Cloud Vertex AI service to obtain ICD-10 suggestions. This clinical note text is transmitted only to Vertex AI, which is governed by our Business Associate Agreement with Google and is HIPAA-eligible; it is never sent to any other external service.
• Our token backend issues only short-lived Vertex AI access tokens. The clinical note text is never sent to, logged by, or stored on that backend; the note text goes directly from the user's browser to the BAA-covered Vertex AI service.
• Authentication context is used only to call Practice Fusion's own endpoints and is stored only in the user's browser.

Where data is stored

• User preferences, the session authentication context, and administrator-managed configuration are stored locally in the user's browser (Chrome storage). They are not transmitted to us or to any third party other than Practice Fusion itself.
• The extension does not maintain its own central database of patient records.

Data sharing

• We do not sell user data.
• We do not use or transfer data for advertising.
• We do not use data to determine creditworthiness or for lending.
• The only external transfers are: to Practice Fusion (the source system itself); and to Google Cloud Vertex AI, which acts as our data processor to return diagnosis-code suggestions and is governed by our Business Associate Agreement with Google. Any clinical note text leaving the browser is sent only to this BAA-covered Vertex AI service.

Health data / HIPAA

This extension processes protected health information on our behalf as part of our treatment and healthcare-operations activities. The clinical note text used for diagnosis-code suggestions is transmitted only to Google Cloud Vertex AI, which is governed by our Business Associate Agreement with Google. Our Google Workspace (Enterprise Standard) environment, through which the extension is deployed, is likewise covered by our Business Associate Agreement with Google. Our handling of protected health information is governed by our HIPAA policies and these agreements with our service providers.

Data retention

Locally stored values persist in the user's browser until the user clears them, disables the extension, or uninstalls it. The session authentication context is transient and tied to the browser session.

Contact

Questions about this policy: help@maniyahealth.com — Mariam Maniya Internal Medicine PC d/b/a Maniya Health Medical Group.