K&H In-Home Care and Assistance Privacy Statement
K&H In-Home Care and Assistance is committed to protecting your privacy. Your privacy is important to us. This privacy statement explains what personal data K&H In-Home Care and Assistance collects from you, through our interactions with you and through our services, and how we use that data.
K&H In-Home Care and Assistance collects data to operate effectively and provide you the best experiences with our services. You provide some of this data directly, such as when you create a K&H In-Home Care and Assistance account, administer your account, register for a K&H In-Home Care and Assistance event, or contact us for support.
K&H In-Home Care and Assistance uses the data we collect to operate our business and provide you the services we offer, which includes using data to improve our services and personalize your experiences. We also may use the data to communicate with you, for example, informing you about your account, security updates and service information.
We do share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorized. We do share data with government entities and with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; and to protect the rights or property of K&H In-home Care and Assistance.
You can always choose whether you wish to receive promotional email, SMS messages, telephone calls and postal mail from K&H In-home Care and Assistance. You can also opt out from receiving interest-based advertising from K&H In-home Care and Assistance by contacting us.
With a K&H In-Home Care and Assistance account, you can sign into K&H In-Home Care and Assistance services. Signing into your account enables improved personalization, provides seamless and consistent experiences across services, permits you to access and use the Family Room, allows you to make payments using payment instruments stored in your K&H In-Home Care and Assistance account.
When you sign into your account to access your services, we create a record of that sign in.
We protect the privacy and security of protected health information (PHI).
A Definition of HIPAA Compliance.
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
Protected Health Information.
The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”
Individually identifiable health information is information, including demographic data, that relates to: the individual’s past, present or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
General Principle for Uses and Disclosures
Basic Principle. A major purpose of the Privacy Rule is to define and limit the circumstances in which an individual’s protected heath information may be used or disclosed by covered entities. A covered entity may not use or disclose protected health information, except either: (1) as the Privacy Rule permits or requires; or (2) as the individual who is the subject of the information (or the individual’s personal representative) authorizes in writing.
Required Disclosures. A covered entity must disclose protected health information in only two situations: (a) to individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosures of, their protected health information; and (b) to HHS when it is undertaking a compliance investigation or review or enforcement action.
Permitted Uses and Disclosures
A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) Opportunity to Agree or Object; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities; and (6) Limited Data Set for the purposes of research, public health or health care operations. Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make.
(1) To the Individual. A covered entity may disclose protected health information to the individual who is the subject of the information.
(2) Treatment, Payment, Health Care Operations. A covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities. A covered entity also may disclose protected health information for the treatment activities of any health care provider, the payment activities of another covered entity and of any health care provider, or the health care operations of another covered entity involving either quality or competency assurance activities or fraud and abuse detection and compliance activities, if both covered entities have or had a relationship with the individual and the protected health information pertains to the relationship.
Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another.
Payment encompasses activities of a health plan to obtain premiums, determine or fulfill responsibilities for coverage and provision of benefits, and furnish or obtain reimbursement for health care delivered to an individual and activities of a health care provider to obtain payment or be reimbursed for the provision of health care to an individual.
Health care operations are any of the following activities: (a) quality assessment and improvement activities, including case management and care coordination; (b) competency assurance activities, including provider or health plan performance evaluation, credentialing, and accreditation; (c) conducting or arranging for medical reviews, audits, or legal services, including fraud and abuse detection and compliance programs; (d) specified insurance functions, such as underwriting, risk rating, and reinsuring risk; (e) business planning, development, management, and administration; and (f) business management and general administrative activities of the entity, including but not limited to: de-identifying protected health information, creating a limited data set, and certain fundraising for the benefit of the covered entity.
Most uses and disclosures of psychotherapy notes for treatment, payment, and health care operations purposes require an authorization as described below.
Obtaining “consent” (written permission from individuals to use and disclose their protected health information for treatment, payment, and health care operations) is optional under the Privacy Rule for all covered entities. The content of a consent form, and the process for obtaining consent, are at the discretion of the covered entity electing to seek consent.