About Our HIPAA Role

CareSwaps is a HIPAA Business Associate, not a Covered Entity. For information about general website, account, and billing data, see our Privacy Policy.

Our role under HIPAA

CareSwaps, LLC ("Company," "we," "us," or "our") operates as a HIPAA Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the HITECH Act and the regulations at 45 C.F.R. Parts 160 and 164.

CareSwaps is not a Covered Entity. We do not deliver healthcare, we do not maintain patient medical records as a healthcare provider, and we do not make clinical decisions. We provide algorithmic bed-matching and transfer-matching software to senior care facilities.

What a Business Associate is

When CareSwaps performs services on behalf of a healthcare facility (a Covered Entity under HIPAA), and those services involve Protected Health Information (PHI), CareSwaps acts as that facility's Business Associate. The handling of PHI between the facility and CareSwaps is governed by a written Business Associate Agreement (BAA) executed between the facility and CareSwaps before any PHI is exchanged.

How patient information is handled

CareSwaps uses PHI only to provide the matching and transfer services authorized by the facility. PHI is:

Encrypted at rest (AES-256) and in transit (TLS 1.3 or higher)
Access-controlled and audit-logged
Stored in systems operated by sub-business associates who have executed BAAs with CareSwaps, including Google Workspace, Jotform (HIPAA Gold), and Paubox
Retained in accordance with HIPAA record-retention requirements

CareSwaps does not use PHI for marketing, research, advertising, or any purpose outside the services authorized by the facility.

Exercising HIPAA individual rights

Under HIPAA, individuals have rights with respect to their PHI, including the right to access, amend, request an accounting of disclosures, and request restrictions. These rights are exercised through the healthcare facility that holds the patient relationship — the Covered Entity. CareSwaps, as a Business Associate, does not respond directly to individual HIPAA rights requests. If you are a patient or authorized representative and wish to exercise an individual HIPAA right, please contact the facility's privacy officer or medical records department.

Questions about our Business Associate role

For questions about how CareSwaps operates as a Business Associate, our security practices, or our BAA terms with facilities, contact hello@careswaps.com.

For questions about how your information is handled on careswaps.com itself (cookies, account data, marketing communications), see our Privacy Policy.

Filing a complaint

If you believe your HIPAA rights have been violated, you may file a complaint with the HHS Office for Civil Rights at ocrmail@hhs.gov or 1-800-368-1019.

Technology Platform Disclaimer: CareSwaps is a healthcare technology platform providing algorithmic bed-matching and transfer-matching software. CareSwaps is not a healthcare provider, patient broker, placement service, medical advisor, or care coordinator. Transfer decisions are made independently by licensed clinical staff at the healthcare facility.