Contact Us

Privacy Policy

Last Updated: September 30, 2025
 

Information We Collect

Types of Information Gathered

Protected Health Information (PHI)

We collect health information necessary to provide you with medical services:

  • Medical history and current health status
  • Diagnosis and treatment information
  • Laboratory and test results
  • Prescription and medication records
  • Insurance and billing information
  • Demographic information (name, date of birth, address)
  • Contact information (phone, email)
  • Emergency contact details

Additional Information Collected

  • Location Data: Your service address for home visits
  • Device Information: When using our patient portal or mobile app
  • Communication Records: Phone calls, emails, and messages with our team
  • Visit Documentation: Clinical notes and assessment records
  • Payment Information: Credit card or payment details for services
  • Website Analytics: Non-identifiable usage data for website improvement

Information from Third Parties

We may receive information from:

  • Other healthcare providers involved in your care
  • Insurance companies and Medicare
  • Laboratories and diagnostic centers
  • Skilled nursing and assisted living facilities
  • Family members or caregivers (with your authorization)
  • Pharmacy systems for medication history
 

How We Use Your Information

Purposes of Information Use

Treatment Purposes

  • Providing medical care and services
  • Coordinating care with other providers
  • Prescribing medications
  • Ordering and interpreting tests
  • Creating treatment plans
  • Emergency medical treatment

Payment Purposes

  • Billing insurance companies and Medicare
  • Processing payments
  • Verifying insurance eligibility
  • Collecting outstanding balances
  • Coordinating benefits with other insurers

Healthcare Operations

  • Quality assessment and improvement
  • Provider training and education
  • Credentialing and licensing
  • Patient satisfaction surveys
  • Healthcare planning and management
  • Legal compliance and auditing

Additional Uses

  • Appointment Reminders: Contacting you about upcoming visits
  • Treatment Alternatives: Informing you about health services
  • Facility Operations: Coordinating with your care facility
  • Emergency Situations: Sharing information for emergency treatment
  • Public Health: Required disease reporting to health authorities
  • Legal Requirements: Court orders, subpoenas (as required by law)
 

How We Share Your Information

Information Disclosure Practices

With Your Authorization

We share your health information with your written authorization for:

  • Family members or friends involved in your care
  • Third parties you designate
  • Marketing purposes (rare and only with explicit consent)
  • Research studies (with appropriate consent)

Without Your Authorization (As Permitted by Law)

  • Other Healthcare Providers: For treatment coordination
  • Insurance Companies: For payment and coverage verification
  • Business Associates: Companies that help us operate (all sign agreements to protect your information)
  • Care Facilities: When you’re a resident receiving our services
  • Public Health Authorities: Disease reporting, FDA requirements
  • Health Oversight: Audits, investigations, inspections
  • Law Enforcement: When required by law or court order
  • Coroners/Medical Examiners: As required by law
  • Organ Procurement: For donation purposes
  • Workers’ Compensation: For work-related injuries/illnesses
  • Military/Veterans: If you’re a member of armed forces
  • National Security: As required by authorized federal officials

We Never

  • Sell your health information
  • Share information for marketing without permission
  • Use genetic information for underwriting
  • Disclose psychotherapy notes without authorization
 

Your Privacy Rights

H2: Rights Under HIPAA and Utah Law

Right to Access

You have the right to inspect and obtain copies of your medical records. Requests must be made in writing to: records@grabhc.com. We will provide records within 30 days. Reasonable fees may apply for copies.

Right to Amend

If you believe your medical record contains incorrect information, you may request an amendment. Submit requests in writing explaining what should be changed and why.

Right to Accounting of Disclosures

You can request a list of certain disclosures we’ve made of your health information for the past six years. The first request each year is free.

Right to Request Restrictions

You may request restrictions on how we use or disclose your information. While we’ll consider all requests, we’re not required to agree to all restrictions except in certain circumstances.

Right to Confidential Communications

You can request we contact you in a specific way or at a certain location. For example, only calling your cell phone or sending mail to a work address.

Right to Notice of Breach

We will notify you if there’s a breach of your unsecured protected health information as required by law.

Right to Paper Copy

You have the right to receive a paper copy of this privacy policy at any time.

Right to Choose Someone to Act for You

If you’ve given someone medical power of attorney or have a legal guardian, that person can exercise your rights.

Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

GrabHC Privacy Officer
privacy@grabhc.com
(555) 123-4567 ext. 100

U.S. Department of Health & Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
(877) 696-6775
www.hhs.gov/ocr/privacy/hipaa/complaints

You will not be retaliated against for filing a complaint.

 

Data Security

H2: How We Protect Your Information

Administrative Safeguards

  • Employee training on HIPAA and privacy
  • Access controls limiting who sees your information
  • Workforce sanctions for privacy violations
  • Regular risk assessments and audits
  • Business Associate Agreements with all partners

Physical Safeguards

  • Locked storage for paper records
  • Secure facilities with controlled access
  • Device and media controls
  • Secure disposal of records
  • Equipment security for mobile devices

Technical Safeguards

  • Encryption of electronic health information
  • Secure patient portal with multi-factor authentication
  • Audit logs tracking access to records
  • Automatic logoff from systems
  • Secure transmission of electronic data
  • Regular security updates and patches
  • Firewall and antivirus protection

Mobile Service Security

  • Encrypted tablets and devices used during visits
  • Secure vehicle storage of medical equipment
  • No patient information left in vehicles
  • Immediate upload and deletion of local data
  • GPS tracking of company devices
 

Special Protections

Enhanced Privacy for Sensitive Information

Mental Health and Substance Abuse Records

Records related to mental health and substance abuse treatment receive additional protection under federal and state law. These require specific authorization for most disclosures.

HIV/AIDS Information

Information about HIV/AIDS testing and treatment has special protections under Utah law and requires specific written consent for disclosure.

Minors’ Information

Parents/guardians generally have access to minor children’s records, except where law provides minors with confidential treatment rights (certain reproductive health, mental health, and substance abuse services).

Genetic Information

We comply with the Genetic Information Nondiscrimination Act (GINA) and don’t use genetic information for eligibility or underwriting decisions.

Data Retention

How Long We Keep Your Information

Medical Records
Utah law requires we maintain medical records for:

  • Adults: Minimum of 7 years from last treatment
  • Minors: 7 years from last treatment or age 22, whichever is longer
  • Medicare patients: 10 years per CMS requirements

Other Records

  • Billing records: 7 years
  • Employment records: Per state and federal requirements
  • Business records: As required by law

Disposal When retention periods expire, we securely destroy records through:

  • Shredding of paper documents
  • Secure electronic data destruction
  • Certificate of destruction documentation
 

Your Choices

Controlling Your Information

Marketing Communications

You may opt-out of:

  • Health service newsletters
  • Appointment reminders via text/email
  • Promotional materials
  • Educational communications

Contact preferences@grabhc.com or call (555) 123-4567 to update preferences.

Fundraising

If we conduct fundraising, you have the right to opt-out of receiving fundraising communications.

Directory Listing

If you’re in a facility we serve, you may choose to opt-out of facility directory listings.