Privacy Policy

1. Introduction

Desi HomeCare LLC ("Desi HomeCare," "we," "our," or "us") is committed to maintaining the highest standards of privacy and confidentiality. This Privacy Policy describes our practices concerning the collection, use, disclosure, and protection of your personal information and Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and applicable state privacy laws.

This Privacy Policy applies to all individuals who receive services from Desi HomeCare, visit our website, or otherwise interact with our organization. By engaging our services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Personal Identifying Information

We collect personal identifying information necessary to provide quality home healthcare services and maintain accurate records, including:

• Full legal name, residential address, mailing address, telephone numbers, and email address
• Date of birth, gender, and Social Security Number (when required for billing or identification)
• Emergency contact information and authorized representatives
• Language preferences and cultural considerations
• Guardian or power of attorney information (when applicable)

2.2 Protected Health Information (PHI)

As a HIPAA-covered entity, we collect and maintain Protected Health Information essential to delivering safe and effective care:

• Complete medical history, current diagnoses, and prognoses
• Medication lists, allergies, and adverse reactions
• Treatment plans, care assessments, and progress notes
• Physical and cognitive functional assessments
• Laboratory results, vital signs, and other clinical data
• Mental health and behavioral health information
• Documentation of services provided and caregiver observations

2.3 Financial and Insurance Information

• Health insurance policy numbers, group numbers, and coverage details
• Medicaid waiver information and authorization numbers
• Payment method details and billing information
• Claims and payment history

2.4 Website and Digital Information

When you visit our website, we may automatically collect:

• IP address, browser type, and device information
• Pages visited, time spent, and navigation patterns
• Referral sources and search terms used
• Cookies and similar tracking technologies (see Section 9)

3. How We Use Your Information

We use and disclose your personal information and PHI only for legitimate healthcare operations, treatment, payment, and as otherwise permitted or required by law. Specifically, we use your information for:

3.1 Treatment

• Providing, coordinating, and managing your home healthcare services
• Developing individualized care plans and conducting assessments
• Coordinating care with your physicians, specialists, and other healthcare providers
• Consulting with healthcare professionals regarding your treatment

3.2 Payment

• Processing billing, claims, and reimbursement from insurance carriers and Medicaid
• Determining eligibility for coverage and benefits verification
• Collecting payment for services rendered
• Managing accounts and responding to payment-related inquiries

3.3 Healthcare Operations

• Quality assurance, performance improvement, and outcome evaluations
• Caregiver training, supervision, and competency assessments
• Business planning, development, and management activities
• Legal compliance, licensing, and accreditation requirements
• Risk management and investigating incidents or complaints

3.4 Legal and Regulatory Compliance

• Complying with federal, state, and local healthcare regulations
• Responding to lawful requests from government agencies and courts
• Reporting as required by law (e.g., suspected abuse, communicable diseases)
• Cooperating with health oversight activities and investigations

4. HIPAA Compliance and Notice of Privacy Practices

Desi HomeCare is a HIPAA-covered entity and fully complies with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, Security Rule, and Breach Notification Rule, as well as the HITECH Act. We maintain comprehensive policies and procedures to protect the privacy and security of your Protected Health Information.

Administrative Safeguards

• Designated Privacy Officer and Security Officer responsible for compliance
• Workforce training on HIPAA privacy and security requirements
• Written policies and procedures for PHI handling and disclosure
• Sanctions for workforce members who violate privacy policies
• Business Associate Agreements with all third-party service providers

Technical Safeguards

• Encryption of electronic PHI both in transit and at rest
• Secure user authentication and access controls
• Audit logs and monitoring of information system activity
• Automatic logoff from electronic systems after inactivity
• Regular security assessments and vulnerability testing

Physical Safeguards

• Controlled facility access with visitor logs and surveillance
• Secure storage of paper records in locked cabinets
• Workstation security and screen privacy measures
• Secure disposal of PHI through shredding and data wiping

Notice of Privacy Practices: You have the right to receive our complete Notice of Privacy Practices, which provides detailed information about how we use and disclose your health information and your rights under HIPAA. To request a copy, please contact our Privacy Officer at info@desicares.com or (502) 819-2191.

5. Information Sharing and Disclosure

We disclose your personal information and PHI only as permitted or required by law, or with your written authorization. We will never sell, rent, or market your information to third parties.

5.1 Disclosures with Your Authorization

With your written authorization, we may share information with:

• Family members, friends, or caregivers you designate
• Your physicians, specialists, and other healthcare providers
• Hospitals, rehabilitation facilities, and other care settings
• Third parties you specifically authorize (e.g., attorneys, advocates)

5.2 Disclosures for Treatment, Payment, and Operations

HIPAA permits disclosure without authorization for:

• Treatment coordination with your healthcare team
• Payment activities including insurance claims, billing, and Medicaid
• Healthcare operations such as quality improvement and training
• Business associates who perform services on our behalf (under strict confidentiality agreements)

5.3 Legally Required Disclosures

We may disclose information when required by law:

• To report suspected abuse, neglect, or domestic violence
• In response to court orders, subpoenas, or legal proceedings
• To public health authorities for disease prevention and reporting
• To law enforcement for specific law enforcement purposes
• To health oversight agencies for audits, investigations, and inspections
• To coroners, medical examiners, and funeral directors as necessary
• For workers' compensation claims and disability determinations

5.4 Minimum Necessary Standard

When disclosing PHI, we follow the HIPAA minimum necessary standard, limiting disclosures to the minimum amount of information necessary to accomplish the intended purpose, except when disclosing information to healthcare providers for treatment purposes.

6. Data Security

We employ comprehensive administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your personal information and PHI against unauthorized access, use, disclosure, alteration, or destruction.

Security Measures Include:

• 256-bit encryption for data transmission and storage
• Multi-factor authentication for system access
• Role-based access controls limiting information access to authorized personnel
• Regular security audits, vulnerability assessments, and penetration testing
• Firewall protection and intrusion detection systems
• Secure backup systems with encrypted offsite storage
• Incident response and breach notification procedures
• Annual workforce security awareness training
• Secure disposal protocols for paper and electronic records

Important Notice: While we implement industry-standard security measures and continuously work to enhance our safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security against all potential security threats. In the unlikely event of a data breach affecting your information, we will notify you in accordance with applicable laws and regulations.

7. Your Privacy Rights Under HIPAA

Under HIPAA and applicable state laws, you have the following rights regarding your Protected Health Information. To exercise these rights, please submit a written request to our Privacy Officer.

7.1 Right to Access

You have the right to inspect and obtain a copy of your health information in our designated record set, with limited exceptions. We will provide access within 30 days of your request (or 60 days if records are stored offsite). We may charge a reasonable, cost-based fee for copying and mailing.

7.2 Right to Amend

If you believe your health information is incorrect or incomplete, you may request an amendment. We will respond within 60 days and either make the amendment or provide a written denial with the reason and your right to submit a statement of disagreement.

7.3 Right to Accounting of Disclosures

You have the right to receive a list of certain disclosures we have made of your PHI within the past six years (excluding disclosures for treatment, payment, healthcare operations, and certain other exceptions). The first accounting in a 12-month period is free; we may charge a reasonable fee for additional requests.

7.4 Right to Request Restrictions

You may request that we restrict how we use or disclose your PHI for treatment, payment, or healthcare operations, or to family members involved in your care. We are not required to agree to most requests, but we must agree if you request that we not disclose information to your health plan for services you paid for in full out-of-pocket.

7.5 Right to Confidential Communications

You may request that we communicate with you about your health information by alternative means or at alternative locations (e.g., sending mail to a P.O. Box instead of your home address). We will accommodate reasonable requests without asking for an explanation.

7.6 Right to Notification of Breach

You have the right to be notified in the event of a breach of your unsecured PHI. We will notify you without unreasonable delay and no later than 60 days after discovery of the breach.

7.7 Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Privacy Policy, even if you have agreed to receive it electronically.

7.8 Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights. You will not be retaliated against for filing a complaint.

8. Cookies and Website Data

Our website uses cookies and similar technologies to improve user experience, analyze website traffic, and understand how visitors interact with our site. We respect your privacy and give you control over how cookies are used.

Types of Cookies We Use

Managing Your Cookie Preferences

You can control and manage cookies in several ways:

• Cookie Consent Banner: When you first visit our website, you'll see a cookie consent banner where you can accept all cookies, reject non-essential cookies, or customize your preferences.
• Browser Settings: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies.
• Clear Cookies: You can delete cookies that have already been set through your browser settings.

Please note that blocking or deleting certain cookies may impact your experience on our website and limit the functionality available to you.

9. Children's Privacy

Our services may be provided to children under 18 with parental or guardian consent. We comply with all applicable laws regarding children's privacy and obtain appropriate consent before collecting information from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: