π Privacy Policy
Martinez Heart & Home Care • Washington State Licensed Home Care Agency • LPN-Supervised
π Privacy at a Glance
1 Who We Are & Scope of This Policy
Martinez Heart & Home Care is a Washington State licensed in-home care agency operating under Home Care Agency License pursuant to WAC 246-335, supervised by a Licensed Practical Nurse (LPN). We provide non-skilled and LPN-level in-home care services to clients in Washington State.
This Privacy Policy describes how we collect, use, disclose, and protect your personal information and protected health information (PHI). It applies to all clients, prospective clients, family members, authorized representatives, website visitors, and all employees and caregivers of the Agency.
2 Information We Collect
2.1 Protected Health Information (PHI)
| Category | Examples | How Collected |
|---|---|---|
| Identifying Information | Name, date of birth, address, phone, email | Client intake forms, in-person assessment |
| Medical History | Diagnoses, surgical history, hospitalizations | Client assessment, physician records |
| Medication Information | Current medications, dosages, allergies | Client assessment, pharmacy records |
| Vital Signs & Clinical Data | Blood pressure, weight, Oβ saturation | LPN assessment visits |
| Functional Status | ADL abilities, mobility, cognitive status | Client assessment form |
| Insurance & Payment | Medicaid ID, insurance policy numbers | Intake forms, insurance verification |
| Care Documentation | Visit notes, plan of care, progress notes | Caregiver documentation, LPN notes |
2.2 Personal Information (Non-PHI)
Through our website and public forms, we collect limited personal information that does not constitute PHI β contact information, general care preferences, and referral source information. Our public forms are designed to collect contact information only, not medical diagnoses or sensitive health data.
3 How We Use Your Health Information
3.1 Treatment
We use your health information to provide, coordinate, and manage your care, including sharing information with your physicians, specialists, pharmacists, and other healthcare providers involved in your care.
3.2 Payment
We may use and disclose your health information to obtain payment for services, including submitting claims to Medicaid (Apple Health), Medicare, long-term care insurance, or the VA.
3.3 Healthcare Operations
We may use your health information for quality assurance, caregiver training and supervision, compliance audits, and business planning.
3.4 Other Permitted Uses Without Authorization
- As Required by Law: Mandatory reporting under RCW 74.34 (suspected abuse, neglect, or exploitation)
- Public Health Activities: Reporting communicable diseases to public health authorities
- Health Oversight: Responding to audits or inspections by DSHS, DOH, or other regulatory agencies
- Emergency Situations: To prevent or lessen a serious and imminent threat to health or safety
- Workers' Compensation: As authorized by Washington State workers' compensation laws
4 Your Rights Regarding Your Health Information
π Right to Access
You have the right to inspect and obtain a copy of your health records within 30 days of your request.
βοΈ Right to Amend
You may request corrections to your health information if you believe it is inaccurate or incomplete.
π Right to an Accounting
You may request a list of disclosures we have made of your PHI for the past 6 years.
π« Right to Restrict
You may request restrictions on how we use or disclose your PHI.
π Right to Confidential Communications
You may request that we communicate with you in a specific way or at a specific location.
β©οΈ Right to Revoke Authorization
You may revoke any authorization you have given us at any time in writing.
π Right to a Copy of This Notice
You have the right to receive a paper copy of this Notice at any time.
βοΈ Right to File a Complaint
You may file a complaint with us or with HHS if you believe your privacy rights have been violated. We will not retaliate.
5 How We Protect Your Information
5.1 Administrative Safeguards
- Designated Privacy Officer responsible for HIPAA compliance
- Staff training on privacy and security policies
- Access controls limiting PHI access to authorized personnel only
- Business Associate Agreements (BAAs) with all vendors who handle PHI
5.2 Physical Safeguards
- Secure storage of paper records in locked files
- Secure disposal of PHI (shredding of paper records)
- Device and media controls for electronic PHI
5.3 Technical Safeguards
- SSL/TLS encryption for all web-based data transmission
- Password-protected access to electronic health records
- Encrypted email for PHI communications
5.4 Breach Notification
In the event of a breach of unsecured PHI, we will notify affected individuals, HHS, and if required, the media, in accordance with the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D) and Washington State data breach notification law (RCW 19.255.010) within 60 days of discovery.
6 Record Retention
| Record Type | Retention Period | Legal Basis |
|---|---|---|
| Client Health Records (PHI) | Minimum 6 years | HIPAA 45 CFR Β§164.530(j); WAC 246-335 |
| HIPAA Authorizations | 6 years from date of signature | HIPAA 45 CFR Β§164.508(b)(6) |
| This Privacy Notice | 6 years from effective date | HIPAA 45 CFR Β§164.520(e) |
| Caregiver Employment Records | 3 years after termination | RCW 49.12; federal employment law |
| Billing & Payment Records | 7 years (Medicaid: 10 years) | IRS; Medicaid regulations |
| Incident Reports | 6 years minimum | WAC 246-335; RCW 74.34 |
7 Website Privacy & Cookies
When you visit our website, we may automatically collect non-personal information including IP address, browser type, pages visited, and device type. This information is used solely to improve our website and is not linked to your personal identity.
Our website may use essential cookies required for the website to function and analytics cookies to understand how visitors use our site. You may disable cookies through your browser settings.
Information submitted through our public consultation request form is transmitted using SSL/TLS encryption and collects contact information only β not protected health information.
8 Washington State Privacy Rights
Washington Health Care Information Act (RCW 70.02)
Washington State law provides strong protections for health care information. Under RCW 70.02, you have the right to access your health care information within 15 business days of request, request corrections, restrict disclosure, and file a complaint with the Washington State Department of Health.
Washington My Health MY Data Act (RCW 70.372)
Washington State's My Health MY Data Act provides additional protections for consumer health data. We comply with all applicable requirements of this law, including restrictions on the collection, sharing, and sale of consumer health data.
Vulnerable Adult Protections (RCW 74.34)
As a home care agency serving vulnerable adults, we are mandatory reporters under RCW 74.34. We are required by law to report suspected abuse, neglect, financial exploitation, or abandonment of vulnerable adults to Adult Protective Services and law enforcement.
9 Changes to This Privacy Policy
We reserve the right to change this Privacy Policy at any time. We will post the revised Notice on our website and make it available in our office. We will notify existing clients of material changes by posting the updated Notice with a new effective date and providing a copy at the next scheduled care visit.
10 Contact Us & How to File a Complaint
π Privacy Officer Contact
π Phone: (XXX) XXX-XXXX
π§ Email: privacy@martinezheartandhomecare.com
π Hours: MonβFri 8amβ6pm • Sat 9amβ3pm
To file a complaint:
- Martinez Heart & Home Care Privacy Officer: (XXX) XXX-XXXX
- HHS Office for Civil Rights: 1-800-368-1019 • hhs.gov/hipaa/filing-a-complaint
- Washington State DOH: 1-800-525-0127
- DSHS Complaint Resolution: 1-800-562-6078
βοΈ Privacy Policy Acknowledgment
Please confirm you have read and understood this Privacy Policy β then sign below
Acknowledgment Recorded!
Thank you for reviewing and acknowledging our Privacy Policy. Your acknowledgment has been securely recorded.
A copy of this acknowledgment is retained in your client file per HIPAA requirements (minimum 6 years).
π Secure • HIPAA-Compliant • Retained per 45 CFR Β§164.520 • Minimum 6-year retention