HIPAA Compliance Statement

1. Overview

CareConnect is committed to protecting the privacy and security of health information. This document explains our position regarding the Health Insurance Portability and Accountability Act (HIPAA) and how we handle sensitive information on our platform.

2. HIPAA Applicability to CareConnect

2.1 Not a Covered Entity

CareConnect is not a Covered Entity under HIPAA. Covered Entities include:

• Healthcare providers who transmit health information electronically
• Health plans
• Healthcare clearinghouses

CareConnect operates as a marketplace platform that connects parties but does not provide healthcare services, process claims, or transmit Protected Health Information (PHI) on behalf of covered entities.

2.2 Not a Business Associate

CareConnect is not a Business Associate under HIPAA because:

• We do not create, receive, maintain, or transmit PHI on behalf of a covered entity
• We do not have access to medical records, treatment information, or health status data
• We do not perform services that involve the use or disclosure of PHI

3. How CareConnect Functions

3.1 Connection Facilitation

CareConnect serves as a directory and connection platform where:

• Families, case managers, social workers, and discharge planners can search for licensed 245D care providers
• Care providers maintain their business profiles and availability
• Initial contact and booking requests can be made through our secure messaging system
• Parties are connected for further discussion outside the platform

3.2 Information We Handle

The information processed through CareConnect includes:

• Contact Information: Names, email addresses, phone numbers
• Service Needs: General service type requirements (e.g., FRS services, CADI waiver)
• Location Preferences: City, zip code, distance preferences
• Provider Information: Business details, license numbers, capacity

This information does not constitute PHI as it does not contain medical records, diagnoses, treatment information, or other individually identifiable health information.

4. User Responsibilities Regarding PHI

4.1 What NOT to Share on CareConnect

Do not share the following through our platform:

• Medical records or health history
• Diagnoses or medical conditions
• Treatment plans or prescriptions
• Mental health information
• Insurance claim information
• Social Security numbers
• Medical Record Numbers (MRNs)
• Any other individually identifiable health information

4.2 Appropriate Information to Share

Information appropriate for CareConnect includes:

• General service needs (e.g., looking for residential care services)
• Waiver type (e.g., CADI waiver, DD waiver)
• Preferred location and timeline
• Contact information for follow-up
• General questions about services offered

4.3 Direct Communication

Detailed health information and care arrangements should be discussed directly between the care seeker (or their representative) and the care provider through secure, HIPAA-compliant channels outside of the CareConnect platform.

5. Security Measures

While CareConnect is not subject to HIPAA regulations, we implement industry-standard security measures to protect all user information:

• Encryption: Data is encrypted in transit using SSL/TLS and at rest in our database
• Access Controls: Strict authentication and authorization controls limit data access
• Secure Infrastructure: Our platform is hosted on secure, enterprise-grade cloud infrastructure
• Regular Updates: We perform regular security updates and monitoring
• Data Minimization: We collect only the information necessary to provide our services
• Audit Logging: We maintain logs of system access and changes

6. Care Provider HIPAA Obligations

Licensed care providers who use CareConnect may be Covered Entities under HIPAA. These providers remain independently responsible for:

• Complying with all HIPAA requirements in their operations
• Maintaining appropriate Business Associate Agreements with their service providers
• Implementing required safeguards for PHI in their care facilities
• Training staff on HIPAA compliance
• Handling patient information according to HIPAA Privacy and Security Rules

CareConnect does not assume any HIPAA obligations on behalf of providers. Once connected through our platform, all care relationships and information exchanges are the responsibility of the provider and the individual receiving care (or their representative).

7. Responsibilities of Case Managers and Social Workers

Case managers, social workers, and discharge planners using CareConnect should:

• Use CareConnect only for initial provider searches and connections
• Not share client PHI through the platform
• Follow their organizations HIPAA policies when working with clients
• Use appropriate secure channels for sharing detailed health information with providers
• Obtain necessary consents and authorizations from clients before sharing information
• Document their use of CareConnect in accordance with their professional requirements

8. How We Handle User Data

8.1 Data Collection

We collect only the information necessary to facilitate connections and operate our platform. See our Privacy Policy for details.

8.2 Data Retention

We retain user information only as long as necessary for our business purposes and legal obligations. Users may request deletion of their accounts and associated data.

8.3 Data Sharing

We do not sell user data. Information is shared only:

• With providers when you initiate contact
• With service providers who help operate our platform (under strict confidentiality)
• When required by law

9. Reporting Privacy Concerns

If you believe that PHI has been inappropriately shared through CareConnect or if you have privacy concerns:

• Contact us immediately at careconnectmkting@gmail.com
• We will investigate and take appropriate action
• For HIPAA violations by covered entities, you may also file complaints with the U.S. Department of Health and Human Services Office for Civil Rights

10. Additional Resources

For more information about HIPAA:

• U.S. Department of Health and Human Services: www.hhs.gov/hipaa
• Minnesota Department of Human Services: mn.gov/dhs

11. Updates to This Statement

We may update this HIPAA Compliance Statement from time to time. We will notify users of material changes through email or platform notifications.

12. Contact Us

For questions about this HIPAA Compliance Statement or privacy concerns: