Privacy Policy of Heed Home Healthcare

The privacy of your personal and health information is important. You do not need to do anything unless you have a request or complaint. This notice explains how your medical information may be used and disclosed and how you can get access to this information. Please review it carefully.

This Notice of Privacy Practices applies to Heed Home Healthcare LLC, a Medicare and Medicaid certified agency accredited by the Community Health Accreditation Partner (CHAP) and Covered Entity under HIPAA.

Please read this Privacy Policy carefully. We want you to understand what information we collect from you when you use our Services, how we use such information, and whether and with whom we disclose such information. Using our Services is voluntary, and by accessing or using the Services, you (i) acknowledge that you have read and understand this Privacy Policy; and (ii) agree that your access to and use of the Services is subject to this Privacy Policy and related Terms of Use. We reserve the right to change the Privacy Policy at any time. When we make a significant change in our privacy practices, we will change this notice and send the notice to our health plan subscribers.

What is nonpublic personal or health information?

• • Nonpublic personal or health information includes both medical information and personal information, like your name, address, telephone number, Social Security number, account numbers, payment information, or demographic information.
• • The term "information" in this notice includes any nonpublic personal and health information. This includes information created or received by a healthcare provider or health plan.
• • The information relates to your physical or mental health or condition, providing healthcare to you, or the payment for such healthcare.

How do we collect information about you?

We collect information about you and your family when you complete applications and forms. We also collect information from your dealings with us, our affiliates, or others. For example, we may receive information about you from participants in the healthcare system, such as your doctor or hospital, as well as from employers or plan administrators, credit bureaus, and the Medical Information Bureau.

What information do we receive about you?

• • The information we receive may include such items as your name, address, telephone number, date of birth, Social Security number, premium payment history, and your activity on our website. This also includes information regarding your medical benefit plan, your health benefits, and health risk assessments.
• • Insurance Information: Policy numbers and eligibility details to facilitate billing through Medicare, Medicaid, or private HMOs.

Categories of Personal Information We May Collect

Through your use of the website and the Services, we may collect your Personal Information. Personal Information generally refers to any information that can be linked to an identified or identifiable person. Please note that certain information may not be personally identifiable when standing alone (e.g., your age), but may become so when combined with other information (e.g., your age and address). The term Personal Information also covers certain categories of "sensitive" or "special" Personal Information that often receive additional protections and/or are subject to additional restrictions under applicable laws.

The Personal Information that we may collect about you, or have collected about you in the past 12 months, varies depending on the context of our interactions with you. Personal Information collected from or about you falls into the following categories:

• • Direct and Personal Identifiers: We may collect various Personal Information that identifies you. This information includes your name, email, any user name and password that you may provide, your address, your tax identification number or social security number, unique identifiers (such as a mobile device ID) and your email and other personal contact information.
• • Demographic Information: Under certain circumstances, we may collect Personal Information regarding your gender, race, or other protected classification data.
• • Commercial Information: We may collect data regarding products that you use or purchase of products or Services. This data may include information about products or Services you considered utilizing through mobile applications, application data, and pricing information. We collect information from you when you provide us with feedback and we may collect information regarding your receipt and interaction with emails and other messages that you receive from us.
• • Payment or Banking Information: Credit card number, name on credit card, expiration date, security code, and billing address.
• • Electronic Network Activity: We collect information regarding your use of our websites and mobile applications. This data includes but is not limited to Internet Protocol address information, information obtained through weblogs concerning you activity on our websites and application, mobile device identifiers and other related metadata regarding use of our mobile applications. We may collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, device ID, language preferences, referring website, the length of time you are visiting our website, and/or a date/time stamp for visitors. We may also collect such information in relation to monitoring potential malicious code on our systems, such as through the collection of metadata and traffic data, or portions or hashes (a file that has been converted into a numerical string by a mathematical algorithm) of any of the information listed here. For more information relating to the use of such tools, review our "Cookies" section.
• • Geolocation Information: We may collect information about the location from which you are accessing our mobile applications. For more information relating to the use of such tools, review our "Cookies" section.
• • Audio, Visual or Other Information: We may collect your photograph or other images identifying you through certain of our mobile applications. If you visit one of our locations, or call our call center, we may record your image or voice.
• • Inferences: We may develop inferences about you using the data set forth above. Improve the functionality of Heedhhc.com
• • Sensitive Personal Information: Of the information listed above, geolocation, your Social Security or Driver's License number, your login and password information for certain Services, may also qualify as sensitive Personal Information.

The provision of the sensitive Personal Information listed above is voluntary. In certain instances, we will not be able to process your request for our Services without the requested sensitive Personal Information.

How do we protect your information?

We have a responsibility to protect the privacy of your information in all formats including electronic and oral information. We have administrative, technical, and physical safeguards in place to protect your information in various ways including:

• Limiting who may see your information
• Limiting how we use or disclose your information
• Informing you of our legal duties about your information
• Training our employees about our privacy program and procedures

How do we use and disclose your information?

We use and disclose your information:

• • To you or someone who has the legal right to act on your behalf
• • To the Secretary of the Department of Health and Human Services

We have the right to use and disclose your information:

• • To a doctor, a hospital, or other healthcare provider so you can receive medical care.
• • For payment activities, including claims payment for covered services provided to you by healthcare providers and for health plan premium payments.
• • For healthcare operation activities, including processing your enrollment, responding to your inquiries, coordinating your care, improving quality, and determining premiums.
• • To your plan sponsor to permit them to perform, plan administration functions such as eligibility, enrollment, and disenrollment activities. We may share summary level health information about you with your plan sponsor in certain situations. We will ask your permission, or your plan sponsor must certify they agree to maintain the privacy of your information.
• • To contact you with information about health-related benefits and services, appointment reminders, or treatment alternatives that may be of interest to you. If you have opted out, we will not contact you.
• • To your family and friends if you are unavailable to communicate, such as in an emergency.
• • To your family and friends, or any other person you identify. This applies if the information is directly relevant to their involvement with your health care or payment for that care. For example, if a family member or a caregiver calls us with prior knowledge of a claim, we may confirm if the claim has been received and paid.
• • To provide payment information to the subscriber for Internal Revenue Service substantiation.
• • To public health agencies, if we believe that there is a serious health or safety threat.
• • To appropriate authorities when there are issues about abuse, neglect, or domestic violence.
• • In response to a court or administrative order, subpoena, discovery request, or other lawful process.
• • For law enforcement purposes, to military authorities and as otherwise required by law.
• • To help with disaster relief efforts.
• • For compliance programs and health oversight activities.
• • To fulfill our obligations under any workers' compensation law or contract.
• • To avert a serious and imminent threat to your health or safety or the health or safety of others.
• • For research purposes in limited circumstances and provided that they have taken appropriate measures to protect your privacy.
• • To a coroner, medical examiner, or funeral director.

Additional restrictions on use and disclosure for specific types of information:

Some federal and state laws may restrict the use and disclosure of certain sensitive health information such as:

Substance Use Disorder ("SUD") subject to 42 CFR Part 2 ("Part 2") records; Biometric Information; Child or Adult Abuse or Neglect including Sexual Assault; Communicable Diseases; Genetic Information; HIV/AIDS; Mental Health; Reproductive Health; and Sexually Transmitted Diseases

If we receive SUD Part 2 records, we will not use or disclose such records, or provide testimony relaying the content of such records, in any civil, criminal, administrative, or legislative proceeding against you unless such disclosure is based on your written consent (separate from your consent for any other use or disclosure), or a court order after notice and an opportunity to be heard is provided to you, as provided by Part 2. A court order authorizing the use or disclosure of SUD Part 2 Records must be accompanied by a subpoena or other legal requirement compelling disclosure before the requested record is used or disclosed.

We use the information gathered via our website to:

• Verify your insurance eligibility.
• Match you with the right professional caregiver.
• Provide information on disease process management.
• Improve the functionality of Heedhhc.com.

Will we use your information for purposes not described in this notice?

We will not use or disclose your information for any reason that is not described in this notice, without your written permission. You may cancel your permission at any time by notifying us in writing.

The following uses and disclosures will require your written permission:

• Most uses and disclosures of psychotherapy notes and SUD counseling notes
• Marketing purposes
• Sale of personal and health information

Medical information that is disclosed pursuant to this Notice to an entity that is not a HIPAA-covered entity or business associate, may be subject to disclosure by the recipient and may no longer be protected by federal or state privacy laws (such as HIPAA).

What do we do with your information when you are no longer a client?

Your information may continue to be used for purposes described in this notice. After the required legal retention period, we destroy the information following strict procedures to maintain the confidentiality.

Third-Party Links & Managed Care

Our website may reference partners like CareSource or Aetna Better Health. Please note that once you leave our site to visit an insurance portal, their own privacy policies apply.

Data Security

We implement industry-standard security measures to protect your information from unauthorized access. Whether you are seeking assistance with mobility or wound care, your digital "home" with us is kept secure.

Internal Security Procedures

Information that you share on the website is kept strictly confidential and fully secure. Your encrypted (encoded) sensitive information is protected using "Secure Socket Layers (SSL)" as it passes between your browser and this website. We follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and once we receive it.

No method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Only authorized persons are permitted to access your Personal Information. All authorized persons must abide by security, privacy, and confidentiality agreements.

Children's Privacy

We do not knowingly collect, use, or disclose Personal Information about persons under 13 years of age. Users under the age of 13 should not submit any Personal Information to us. If you believe we have collected Personal Information from your child in error or have questions or concerns about our practices relating to children, please notify us using the details in the "Contact Us" section below. We will take prompt steps to remove the Personal Information from our systems.

What are my rights concerning my information?

We are committed to responding to your rights request in a timely manner.

• Access You have the right to review and obtain a copy of your information that may be used to make decisions about you. You also may receive a summary of this health information. As required under applicable law, we will make this personal information available to you or to your designated representative.
• Alternate Communications To avoid a life-threatening situation, you have the right to receive your information in a different manner or at a different place. We will accommodate your request if it is reasonable.
• Amendment You have the right to request correction of any of this personal information through amendment or deletion. Within 60 business days of receipt of your written request, we will notify you of our amendment or deletion of the information in dispute, or of our refusal to make such correction after further investigation.
• Disclosure You have the right to receive a listing of instances in which we or our business associates have disclosed your information. This does not apply to treatment, payment, health plan operations, and certain other activities. We maintain this information and make it available to you for six years. If you request this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee.
• Notice You have the right to request and receive a written copy of this notice any time.
• Restriction You have the right to ask to limit how your information is used or disclosed. We are not required to agree to the limit, but if we do, we will abide by our agreement. You also have the right to agree to or terminate a previously submitted limitation.

If I believe that my privacy has been violated, what should I do?

If you believe that your privacy has been violated, you may file a complaint with us by contacting us.

You may also submit a written complaint to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). We will give you the appropriate OCR regional address on request. You can also email your complaint to OCRComplaint@hhs.gov. If you elect to file a complaint, your benefits will not be affected, and we will not punish or retaliate against you in any way.

We support your right to protect the privacy of your personal and health information.

Our Responsibilities

• • We are required by law to maintain the privacy and security of your protected health information.
• • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
• • We must follow the duties and privacy practices described in this notice and give you a copy of it.
• • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.