Jabez Home Care is committed to safeguarding the privacy and security of every client's protected health information. This notice explains your rights, our obligations, and the standards all personnel are required to uphold.
What This Notice Covers
All information maintained by Jabez Home Care — including medical records, care plans, personal identifiers, billing details, and communications — is classified as Protected Health Information (PHI) and is safeguarded under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), applicable state privacy laws, and our internal confidentiality policy. This notice applies to all employees, contracted caregivers, volunteers, students, and any third party acting on behalf of Jabez Home Care.
Restricted Access
PHI is accessible only to personnel who require it to perform their assigned duties. Access is role-based, logged, and reviewed regularly.
Consent-First Disclosure
Client information is never shared without explicit written consent — except where legally required by court order, public health authorities, or emergency services.
Caregiver Compliance
Every caregiver on our registry is bound by HIPAA and our internal confidentiality standards as a condition of placement and ongoing engagement.
Under HIPAA and applicable state law, every client of Jabez Home Care holds a defined set of rights with respect to their protected health information. We are committed to honoring these rights fully and promptly. You have the right to:
Jabez Home Care discloses PHI only in the circumstances outlined below. We apply the principle of minimum necessary — sharing only the information required to fulfill each specific purpose.
With Your Written Consent
We share PHI with family members, legal representatives, or third-party providers only upon receiving a signed, dated authorization that specifies who may receive the information and for what purpose.
Treatment & Care Coordination
Information may be shared with physicians, therapists, pharmacists, and other providers directly involved in your care plan to ensure continuity and quality of services.
Payment & Billing
We may use or disclose PHI to obtain payment for services — including submitting claims to Medicare, Medicaid, private insurers, or other payers — and to resolve billing disputes.
Legal or Regulatory Requirement
PHI may be disclosed without consent in response to a valid court order, subpoena, law enforcement request, or mandatory public health reporting obligation — but only to the extent required by law.
Emergency Situations
In life-threatening emergencies, we may disclose necessary information to emergency responders or treating clinicians to protect your health and safety.
Business Associates
Contracted vendors (e.g., billing companies, IT providers) who access PHI on our behalf are required to sign Business Associate Agreements (BAAs) and are held to the same HIPAA standards.
Access to PHI is strictly governed by a role-based access control (RBAC) framework. No individual may access, view, copy, or discuss a client's information unless they have been explicitly authorized for that client's file.
All access events are logged in our secure audit system. Logs are reviewed regularly by our Privacy Officer, and any anomalous or unauthorized access triggers an immediate investigation. Personnel who access PHI beyond their assigned scope — even accidentally — are required to report this to the Privacy Officer within 24 hours.
Workstations, mobile devices, and cloud platforms that store or process PHI must be encrypted and password-protected. Unattended screens must be locked. Paper records containing PHI must be stored in locked, access-restricted cabinets and shredded when no longer needed.
All caregivers placed through Jabez Home Care — whether employed directly or engaged as independent contractors — are required to comply fully with HIPAA and our confidentiality policy as a condition of registry membership. Specific obligations include:
Client information — including name, diagnosis, medications, or care needs — must never be discussed with family, friends, or colleagues not involved in that client's care.
Posting, sharing, or referencing any client detail on social media — including indirect identifiers — is strictly prohibited and constitutes a serious HIPAA violation.
Personal devices used to access scheduling apps or communicate about client care must be PIN/biometric-locked. Unsecured messaging apps must not be used to transmit PHI.
All caregivers must complete HIPAA orientation before their first placement and annual refresher training. Records of training completion are kept in the caregiver's personnel file.
Each caregiver must sign a Confidentiality and HIPAA Compliance Agreement prior to any client assignment. This agreement remains in force even after the caregiver leaves the registry.
Any suspected or confirmed privacy breach — including lost devices, overheard conversations, or accidental disclosures — must be reported to the Privacy Officer within 24 hours of discovery.
Jabez Home Care employs administrative, physical, and technical safeguards to protect PHI against unauthorized access, use, modification, or destruction. These include, but are not limited to:
Client health records are retained for a minimum of 7 years from the date of last service (or until a minor client reaches age 21, whichever is longer), in accordance with applicable state law. After the retention period, records are destroyed in a manner that renders PHI unrecoverable.
In the event of a confirmed breach of unsecured PHI, Jabez Home Care will comply fully with the HIPAA Breach Notification Rule and applicable state law. Our breach response timeline is:
24
Hours
Internal incident report submitted to the Privacy Officer and management team upon discovery.
60
Days
Affected individuals receive written notification with a description of the breach and steps taken to mitigate harm.
60
Days (HHS)
Breaches affecting 500+ individuals are reported to the HHS Secretary within 60 days; smaller breaches annually.
Non-Compliance Warning
Consequences of Confidentiality Violations
Failure to comply with HIPAA or Jabez Home Care's confidentiality policy is taken extremely seriously. Consequences depend on the severity and intent of the violation and may include: immediate removal from the caregiver registry, termination of employment or contract, mandatory retraining, referral to the appropriate state licensing board, civil liability for damages, and referral to federal authorities for criminal prosecution under HIPAA's criminal penalty provisions (fines up to $250,000 and imprisonment of up to 10 years for willful violations). Jabez Home Care has a zero-tolerance policy for deliberate misuse of client information.
If you have questions about this notice, wish to exercise your rights, or believe your privacy has been violated, please contact our Privacy Officer. You also have the right to file a complaint with the U.S. Department of Health & Human Services Office for Civil Rights (OCR) — we will not retaliate against you for doing so.