This Privacy Policy explains how LitLion Medical-Legal Consulting (“LitLion MD,” “we,” “us”) collects, uses, discloses, secures, and retains information in connection with our medical-legal consulting services and the website at litfrogmd.com.
1. Who we are
LitLion Medical-Legal Consulting produces Future Care Projections and related medical-cost work product for plaintiff personal-injury attorneys. Each report is reviewed and authorized by a licensed, board-certified medical professional. Contact: admin@litfrogmd.com, 8507 Ward Parkway, Kansas City, MO 64114-2722.
2. Information we collect
Information attorneys and firms provide
- Account & contact information — attorney name, firm name, email address, and firm identifiers used to route and bill orders.
- Case materials — medical records and related documents uploaded for analysis. These materials may contain protected health information (PHI) of the injured claimant, which we handle as a HIPAA Business Associate.
- Order details — your internal file or case reference and the product requested.
Information collected automatically
- Limited technical data — standard request metadata (such as IP address and timestamps) processed transiently for security, rate-limiting, and abuse prevention. We do not deploy third-party advertising trackers or behavioral analytics, and we do not add telemetry to our applications.
Billing information
- Payment & invoicing — billing is processed through Stripe; we receive payment status and amounts. Our billing records are maintained free of protected health information by design.
3. How we use information
- To produce, review, and deliver the Future Care Projection or other work product you order.
- To provision and maintain your secure upload link and process your orders.
- To invoice you and reconcile payments.
- To secure our systems, prevent abuse, and meet our legal and HIPAA obligations.
We do not use protected health information for marketing, and we do not sell or rent personal information to anyone.
4. How we share information
We share information only as needed to provide the service and only with parties bound by appropriate confidentiality and, where PHI is involved, Business Associate obligations:
- Cloud infrastructure (Amazon Web Services) — protected health information is processed and stored exclusively on HIPAA-eligible AWS services (such as S3, Bedrock, Textract, Key Management Service, DynamoDB, CloudTrail, and Simple Email Service) under a Business Associate Agreement, encrypted in transit (TLS) and at rest.
- Payment processing (Stripe) — for billing and payment status only; no protected health information is provided to Stripe.
- Accounting (Intuit QuickBooks Online) — we connect our own accounting system to QuickBooks to record financial transactions (such as payments and fees). No protected health information is sent to Intuit. Data transmitted to QuickBooks is limited to non-PHI financial fields built from an explicit allowlist, and payer names are screened before transmission. Intuit is not a HIPAA Business Associate of LitLion MD and never receives medical records.
- Legal requirements — where required by law, court order, or to protect rights and safety.
5. The QuickBooks Online integration
When the operator connects LitLion MD’s administrative application to QuickBooks Online, the application accesses the connected QuickBooks company solely to write LitLion MD’s own bookkeeping entries (sales receipts, fees, refunds, transfers, and expenses) derived from payment-processor activity. The integration:
- transmits only non-PHI financial data assembled from a fixed allowlist;
- does not transmit medical records, diagnoses, treatment details, or claimant health information;
- stores OAuth tokens encrypted, and uses them only to maintain the accounting sync;
- can be disconnected at any time, which revokes the tokens and stops all data exchange.
6. Data security
- All data is transmitted exclusively over TLS.
- Records are encrypted at rest using AWS Key Management Service; locally stored work product is encrypted with strong, key-managed encryption.
- Access is least-privilege; storage is configured to be durable and to deny deletion of source records.
- Infrastructure runs on SOC 2 Type II–attested cloud services with audit logging enabled.
7. Data retention
Source records and audit logs are retained as long as needed to deliver the service, maintain a defensible audit trail, and meet legal and professional obligations, after which they are handled in accordance with our agreements with the engaging firm. Billing records are retained for tax and accounting purposes. Protected health information is retained and disposed of consistent with our Business Associate obligations.
8. Your choices and rights
Because most personal information we hold belongs to the law firms we serve (and the claimants they represent), requests to access, correct, or delete claimant information should generally be directed to the engaging firm, which is the covered entity or its representative. For information about your own attorney/firm account, contact us at admin@litfrogmd.com. Where applicable law grants you privacy rights, we will honor valid requests.
9. Children’s privacy
Our services are intended for legal professionals and are not directed to children. We do not knowingly collect personal information directly from children.
10. International users
LitLion MD operates in the United States and processes data in the United States. If you access the service from outside the U.S., you consent to processing in the United States.
11. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by an updated “Last updated” date on this page.
12. Contact us
Questions about this Privacy Policy or our data practices: admin@litfrogmd.com · LitLion Medical-Legal Consulting, 8507 Ward Parkway, Kansas City, MO 64114-2722.