Restore Home Health is committed to protecting your privacy and safeguarding protected health information (PHI) and medical information under HIPAA and California’s Confidentiality of Medical Information Act (CMIA). This Privacy Policy details how we collect, use, disclose, and secure your data as a covered healthcare provider in San Diego County, with stricter CMIA standards and 2026 updates like AB 45/SB 81. Patients receive a Notice of Privacy Practices (NPP) at intake outlining rights and practices.

Information We Collect

We gather PHI and medical information essential for treatment, payment, and operations—such as medical history, diagnoses, medications, and contact details—from patients, referrals (past clients, hospital discharge planners, SNFs, hospices, geriatric managers), and physicians. Website forms collect inquiries and demographics securely, without third-party cookies or non-essential tracking. No geofencing occurs within 1,850 feet of healthcare facilities.

How We Use and Disclose Information

PHI/medical info supports treatment (e.g., sharing with therapists), payment (Medicare billing), and operations (quality reviews). Disclosures require authorization except for required uses (public health, legal compliance) or permitted TPO; Part 2 SUD records need explicit consent post-Feb 2026. Minimum necessary rule applies; no immigration status or birthplace shared absent mandate. Business associates sign BAAs; CCPA/CPRA opt-outs available for non-PHI data like inquiries.

Your Rights Under HIPAA, CMIA, and CCPA

• Access/Amend: View or correct records within 30 days (CMIA: $1,000+ penalties for denials).
• Accounting/Restrictions: Track disclosures over six years; request limits (not always granted).
• Confidential Communication: Specify secure methods (portal preferred).
• CCPA Opt-Out: Decline sensitive data sales/sharing; annual privacy audits conducted.
• Immigration: Staff trained to restrict nonpublic area access and verify warrants.

Security Safeguards

Administrative (staff training, access logs), physical (locked servers/facilities), and technical (encryption, HTTPS, firewalls) measures protect data. Breach notifications follow HIPAA/CMIA timelines (15–60 days); no AI/location data sales near sensitive sites. Designated California Privacy Officer oversees compliance.

Complaints and Contact

Contact Privacy Officer at 619 694 5450 or office@restorehh.com for concerns, NPP requests, or opt-outs—no retaliation. File with HHS OCR or California AG; CMIA claims via civil suit. Policy effective January 2026; updates posted here. San Diego County referrals trust our compliant practices.