HIPAA Compliance

Our commitment to protecting your healthcare information

Our Commitment to HIPAA Compliance

Upper East Home Care is committed to maintaining the privacy and security of all Protected Health Information (PHI) and complying with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and its subsequent amendments. We implement comprehensive policies and procedures to ensure the confidentiality, integrity, and availability of PHI.

Protected Health Information (PHI)

Protected Health Information (PHI) includes any individually identifiable health information that we collect, maintain, or transmit in any form or medium. This includes:

  • Medical records and health histories
  • Billing and payment information
  • Insurance information
  • Test and laboratory results
  • Demographic information when linked to health data
  • Care planning and coordination documentation

HIPAA Security Measures

Upper East Home Care has implemented the following security measures to protect PHI:

  • Administrative safeguards including policies, risk analysis, and staff training
  • Physical safeguards such as facility access controls and workstation security
  • Technical safeguards including encryption, access controls, and audit controls
  • Regular security assessments and updates
  • Business Associate Agreements with all vendors who handle PHI
  • Incident response procedures for potential data breaches

Privacy Practices

Our privacy practices are designed to protect your health information while allowing necessary access for your care:

  • Minimum necessary standard: We only use or disclose the minimum amount of PHI necessary
  • Authorization requirements for uses not related to treatment, payment, or healthcare operations
  • Patient rights to access, amend, and receive an accounting of disclosures of their PHI
  • Restrictions on marketing communications involving PHI
  • Regular staff training on privacy requirements and best practices

Digital Security

Our digital systems incorporate multiple layers of security:

  • End-to-end encryption for all electronic PHI in transit and at rest
  • Secure, role-based access controls
  • Multi-factor authentication for system access
  • Regular security updates and patch management
  • Secure backup procedures
  • Continuous system monitoring for unauthorized access attempts

Website Information Collection

Our website is designed with privacy and security in mind:

  • All forms that may collect PHI use secure, encrypted connections
  • We do not store PHI in cookies or tracking mechanisms
  • Medical information submitted through our website is protected by the same HIPAA safeguards as information collected in person
  • Contact forms are securely transmitted and accessible only to authorized personnel

Breach Notification

In the unlikely event of a breach of unsecured PHI, Upper East Home Care will:

  • Notify affected individuals without unreasonable delay (and no later than 60 days following discovery)
  • Provide information about what happened, the types of information involved, steps individuals should take to protect themselves, what we are doing to investigate and mitigate harm, and contact procedures for questions
  • Notify the Secretary of Health and Human Services as required by law
  • Notify prominent media outlets for breaches affecting more than 500 residents of a state or jurisdiction

Your Rights Under HIPAA

As our client, you have the following rights regarding your health information:

  • Right to inspect and copy your health information
  • Right to request amendments to your health information
  • Right to receive an accounting of certain disclosures of your health information
  • Right to request restrictions on certain uses and disclosures
  • Right to request alternative means of communication
  • Right to receive a paper copy of our Notice of Privacy Practices
  • Right to be notified of a breach of unsecured PHI

Contact Information

If you have questions about our HIPAA compliance or wish to exercise your rights regarding your health information, please contact our Privacy Officer:

For more information about HIPAA, visit www.hhs.gov/hipaa.

Last updated: June 15, 2023