Privacy Policy

Privacy Policy for KidneyCare Dialysis, Inc.*

Effective Date: April 1, 2024

KidneyCare Dialysis, Inc. (“KidneyCare,” “we,” “our,” or “us”) is committed to safeguarding the privacy and security of our patients’ protected health information (PHI) and personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information, in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable privacy laws, including California-specific privacy laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

1. Collection of Information

KidneyCare collects certain information necessary to provide healthcare services, facilitate payment, and ensure quality care. This information includes:

Personally Identifiable Information (PII): Such as your name, address, date of birth, Social Security number, phone number, email address, and emergency contact information.
Protected Health Information (PHI): Includes your medical history, diagnosis, treatment plans, test results, medications, and other health-related information.
Financial Information: Billing information, insurance policy details, and other financial records related to payment and healthcare services.
Internet or Other Electronic Network Activity: Information regarding your interaction with our website or online services, such as IP addresses, browsing history, and usage statistics (collected for technical and security purposes only).

We collect this information through various means, including intake forms, electronic health records, online portals, and interactions with healthcare providers. Some information may be collected automatically via cookies or similar technologies on our website.

2. Use of Information

KidneyCare uses your information solely for purposes that are directly related to your healthcare and our business operations. These purposes include:

Treatment: We may use your PHI to coordinate, manage, and facilitate your medical treatment and care, including sharing necessary information with healthcare providers involved in your treatment.
Payment: We use and disclose your information to bill and receive payment from you, your insurance provider, or a third-party payer for healthcare services provided.
Healthcare Operations: Information may be used for internal operations, such as quality assessment, staff training, regulatory compliance, medical reviews, and improving service delivery.
Legal and Regulatory Compliance: To comply with federal, state, and local laws, regulations, and court orders, including compliance with the Centers for Medicare and Medicaid Services (CMS), the Department of Health and Human Services (HHS), and other regulatory bodies.
Quality Assurance and Improvement: For conducting patient satisfaction surveys, analyzing service quality, and implementing necessary improvements.

3. Disclosure of Information

KidneyCare Dialysis, Inc. is committed to handling your information responsibly and disclosing it only when necessary. Disclosures may include:

For Treatment and Healthcare Operations: We may disclose PHI to your healthcare providers, specialists, pharmacists, or other medical personnel as needed to facilitate treatment and improve healthcare services.
For Payment Processing: To insurance companies, billing services, and financial entities necessary to process claims, secure reimbursement, or manage payment disputes.
Third-Party Service Providers: Such as IT support providers, medical software platforms, and data storage solutions that help us operate and secure our services.
Legal and Regulatory Entities: We may disclose information if required by law, including responses to subpoenas, court orders, or regulatory investigations, and for public health and safety purposes.

We do not sell personal information, nor do we disclose it to third parties for marketing or other unrelated purposes without your consent.

4. Your Rights Under HIPAA

As a patient of KidneyCare, you have the following rights under HIPAA regarding your PHI:

Right to Access: You can request and obtain a copy of your health records.
Right to Amend: If you believe your health information is inaccurate or incomplete, you may request amendments.
Right to an Accounting of Disclosures: You may request a list of certain disclosures of your PHI made by KidneyCare.
Right to Request Restrictions: You may request that we limit the use or disclosure of your information; however, we may not be able to accommodate all requests.
Right to Confidential Communications: You may request that we communicate with you by alternative means or at alternative locations (e.g., only via phone or mail).

5. Required Notices for California Residents

If you are a California resident, you have additional privacy rights under the CCPA and CPRA, in addition to those provided under HIPAA. These rights apply specifically to the handling of your personal information, which may overlap with PHI but also includes other categories of data.

5.1 Categories of Personal Information Collected

In addition to PHI, KidneyCare collects, uses, and may disclose the following categories of personal information for California residents:

Identifiers: Such as name, address, Social Security number, email address, and other contact information.
Protected Classification Characteristics: Such as age, gender, ethnicity, disability status, and other classifications that are protected under California law.
Professional or Employment Information: Such as job title or employer information, if relevant to insurance or billing.
Internet or Other Network Activity Information: Such as IP addresses and browsing information when interacting with our online services.
Geolocation Data: When required for specific services, such as identifying nearby healthcare providers or for security purposes.

5.2 Your Privacy Rights Under California Law

As a California resident, you have certain rights regarding your personal information:

Right to Know: You have the right to request the categories and specific pieces of personal information we have collected, the sources of that information, the purposes for collection, and the categories of third parties with whom we share the information.
Right to Access: You have the right to request a copy of the personal information we hold about you.
Right to Delete: You may request that we delete your personal information, subject to certain legal exceptions.
Right to Correct: You may request corrections to your personal information if it is inaccurate.
Right to Limit Use of Sensitive Personal Information: You can request that we limit the use of your sensitive personal information, such as PHI or financial data, to only essential functions.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights, such as by denying services or providing a different level of service.

5.3 Exercising Your California Privacy Rights

To exercise any of your California privacy rights, please contact us at:

KidneyCare Dialysis, Inc.
[Insert Address]
[Insert Phone Number]
[Insert Email Address]

You may also designate an authorized agent to submit requests on your behalf. For verification, we may request additional information or documentation.

KidneyCare Dialysis, Inc. does not sell personal information under the CCPA’s definitions. We implement industry-standard security measures, including encryption, access controls, and regular monitoring, to protect personal information against unauthorized access, disclosure, or misuse.

6. Data Security

KidneyCare Dialysis, Inc. takes your privacy and data security seriously. We employ administrative, technical, and physical safeguards designed to protect your information from unauthorized access or disclosure. Our staff is trained on privacy and security practices, and we conduct regular audits and updates to maintain compliance with HIPAA and California privacy laws.

7. Changes to This Privacy Policy

KidneyCare reserves the right to update or change this Privacy Policy as needed to reflect legal or operational changes. We will post any updated policy on our website and inform patients of any significant changes in accordance with applicable law.