Privacy Policy

Last updated: February 3, 2025

KGP Healthcare ("we," "us," or "our") is committed to protecting your privacy and the security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our home health medical record system and related services.

Information We Collect

We collect information you provide directly to us, as well as information automatically collected through your use of our services:

  • Account Information: Name, email address, professional credentials, organization affiliation, and login credentials.
  • Patient Data: As a covered entity under HIPAA, we process Protected Health Information (PHI) including patient demographics, medical history, diagnoses, treatment plans, and clinical notes.
  • Usage Data: Information about how you interact with our services, including access logs, features used, and session duration.
  • Device Information: Device type, operating system, browser type, and IP address for security and optimization purposes.

HIPAA Compliance

As a healthcare technology provider, KGP Healthcare operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We maintain strict compliance with:

  • HIPAA Privacy Rule: We limit the use and disclosure of PHI to the minimum necessary for treatment, payment, and healthcare operations.
  • HIPAA Security Rule: We implement administrative, physical, and technical safeguards to protect electronic PHI (ePHI).
  • HITECH Act: We comply with breach notification requirements and enhanced privacy protections.
  • Business Associate Agreements: We execute BAAs with all covered entities and maintain appropriate agreements with our subcontractors.

Our workforce members receive regular HIPAA training, and we conduct periodic risk assessments to ensure ongoing compliance.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our healthcare software services
  • Process and complete healthcare transactions and documentation
  • Support care coordination between healthcare providers
  • Generate required regulatory reports (OASIS, claims, etc.)
  • Send service-related communications and updates
  • Detect, investigate, and prevent security incidents
  • Comply with legal obligations and regulatory requirements

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Access Controls: Role-based access controls ensure users only access information necessary for their duties.
  • Audit Logging: Comprehensive audit trails track all access to PHI.
  • Infrastructure Security: Secure cloud hosting with regular security assessments and penetration testing.
  • Incident Response: Established procedures for detecting, responding to, and reporting security incidents.

Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

  • With Your Consent: When you have given explicit permission for specific disclosures.
  • For Treatment: To healthcare providers involved in patient care.
  • Service Providers: With vendors who assist in operating our services, bound by confidentiality agreements.
  • Legal Requirements: When required by law, subpoena, or government request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate protections.

Data Retention

We retain personal and health information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Medical records are retained in accordance with applicable state and federal regulations, which typically require retention for a minimum of seven years from the date of last service.

Your Rights

Depending on your location and applicable laws, you may have the following rights:

  • Access and receive a copy of your personal information
  • Request correction of inaccurate information
  • Request deletion of your information (subject to legal retention requirements)
  • Restrict or object to certain processing activities
  • Receive an accounting of disclosures of your PHI
  • File a complaint with the HHS Office for Civil Rights

To exercise these rights, please contact us using the information provided below.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your rights, please contact us:

Privacy Officer
KGP Healthcare
123 Healthcare Drive, Suite 400
Medical City, MC 12345

Email: privacy@kgphealthcare.com

Phone: (555) 123-4567

For general inquiries, please visit our Contact page.