🔒 HIPAA Notice of Privacy Practices

1. Our Commitment to Your Privacy

CareSwaps (Careswaps LLC) is a care transition coordination service. In the course of providing services, we may receive, create, or transmit Protected Health Information (PHI) on behalf of you or your loved one. We are committed to maintaining the privacy of that information in accordance with the Health Insurance Portability and Accountability Act (HIPAA).

2. How We Use and Disclose PHI

We use and disclose PHI only as permitted or required by law. The primary purposes include:

For Treatment Coordination

We may share PHI with receiving care facilities, medical transport providers, and healthcare professionals involved in coordinating your loved one's care transition. This includes medical records transfers, care team introductions, and medication reconciliation.

For Healthcare Operations

We may use PHI internally to manage your care coordination case, train staff, and improve our services. We do not sell PHI for marketing purposes.

As Required by Law

We may disclose PHI when required by federal, state, or local law, including to public health authorities or law enforcement as legally mandated.

We Will NOT:

• Sell your PHI to any third party
• Use your PHI for marketing without your written authorization
• Share your PHI with facilities for commission-based referral purposes
• Disclose PHI to anyone not involved in your care coordination without your written consent

3. Your Rights Regarding PHI

You have the following rights with respect to your PHI:

• Right to Access: You may request a copy of your PHI that we hold.
• Right to Amend: You may request corrections to inaccurate PHI.
• Right to an Accounting of Disclosures: You may request a list of disclosures we have made.
• Right to Restrict: You may request restrictions on certain uses or disclosures.
• Right to Confidential Communications: You may request we communicate with you in a specific way.
• Right to a Paper Copy: You may request a paper copy of this notice at any time.

4. Technical Safeguards

CareSwaps implements the following technical safeguards to protect PHI:

• Email: Business email ([email protected]) is operated through Google Workspace under a signed Business Associate Agreement (BAA). PHI received at this address is protected at rest.
• Encryption: PHI is encrypted using AES-256 encryption at rest and in transit.
• Access Controls: PHI is accessible only to authorized personnel on a need-to-know basis.
• Paubox: Outbound HIPAA-compliant email communications to clients are delivered via Paubox, with a signed BAA effective March 10, 2026.
• Form Submissions: Assessment form data is transmitted via TLS-encrypted HTTPS and processed transiently through Google Apps Script before delivery to our HIPAA-compliant inbox. No PHI is stored in transit systems.

5. Business Associates

We may share PHI with business associates who perform services on our behalf. We require all business associates to protect your PHI under written agreements (Business Associate Agreements) that comply with HIPAA requirements. Current BAAs are in place with:

• Google LLC (Google Workspace — business email)
• Paubox, Inc. (HIPAA-compliant email delivery)

6. Changes to This Notice

We reserve the right to change this notice and make the revised notice effective for PHI we already have, as well as any PHI we receive in the future. We will post the current notice on our website at careswaps.com/hipaa-notice/ and provide a copy upon request.

7. Complaints

If you believe your privacy rights have been violated, you may file a complaint with CareSwaps or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.