Privacy and Data

Privacy Notice

1. Introduction

Within Reach Senior Services, LLC (“WRSS”) is a home- and community-based care organization dedicated to providing high-quality, person-centered support for seniors and adults with disabilities. In the course of our work, we collect and process personal and health information from our clients, employees, caregivers, vendors, and partners.

We are committed to protecting your privacy and handling your information in compliance with applicable U.S. data protection and health privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), relevant state privacy laws, and applicable consumer protection regulations.

This Privacy Notice explains how WRSS collects, uses, discloses, and safeguards personal information. Please review this Notice carefully to understand how we manage and protect your data.

2. Information We Collect

We collect personal information necessary to provide our care and administrative services. The categories of information we may collect include:

  • Identity Data
  • Contact Information
  • Health and Medical Information
  • Financial and Insurance Information
  • Employment and Background Data
  • Technical and Usage Data
  • Emergency and Beneficiary Information

3. How We Collect Information

We collect information through the following methods:

  • Direct Interactions: When you apply for services, complete intake forms, contact us by phone or email, or communicate with our staff and caregivers.
  • Automated Technologies: Through cookies and analytics tools when you visit our website.
  • Third-Party Sources: From healthcare providers, insurers, state agencies, background check services, and referral partners (where legally permitted).

4. How We Use Personal Information

We use your personal information for lawful and legitimate purposes, including:

  • Service Delivery: To provide, coordinate, and manage your care and support services.
  • Compliance: To meet legal, regulatory, and contractual obligations (including those under HIPAA and state licensing requirements).
  • Communication: To contact you or your authorized representatives regarding care, billing, and administrative matters.
  • Human Resources: For recruitment, onboarding, payroll, and workforce management.
  • Quality Improvement: To monitor, evaluate, and enhance our services and client experience.
  • Technology Operations: To maintain and secure our systems and website functionality.
  • Research and Analytics: To analyze service trends in compliance with de-identification and privacy standards.

5. How We Share Information

WRSS does not sell personal data.
We may share information only as necessary and lawful, including with:

  • Authorized Third Parties: Vendors and business associates providing administrative, technical, or clinical support services (subject to signed Business Associate Agreements (BAAs)).
  • Healthcare and Insurance Entities: Providers, payers, and other covered entities involved in care coordination or payment.
  • Regulators and Legal Authorities: As required to comply with laws, regulations, or lawful requests.
  • Family Members or Legal Representatives: When authorized by the client or permitted under HIPAA and state laws.

All third parties are contractually required to protect your information and use it only for authorized purposes.

6. International Transfers

WRSS operates primarily within the United States. We do not routinely transfer personal information outside the U.S. Should such transfers become necessary (e.g., for data hosting), we will ensure that equivalent safeguards are in place.

7. Data Retention and Destruction

We retain personal and health information only as long as necessary to:

  • Fulfill the purposes outlined in this Notice,
  • Comply with legal and contractual obligations, or
  • Maintain business and medical records as required by law.

When data is no longer needed, we securely destroy it in accordance with HIPAA-compliant disposal standards.

8. Legal Basis for Processing (U.S. Context)

WRSS processes personal information under one or more lawful bases, including:

  • Consent: When you voluntarily provide information or authorize disclosure.
  • Contractual Necessity: To deliver services or perform agreements.
  • Legal Obligation: To comply with federal or state regulations (e.g., Medicaid documentation).
  • Legitimate Interests: To manage operations and improve care quality.
  • Vital Interests: To protect your life or safety in emergencies.

9. Your Privacy Rights

You may have rights under HIPAA and applicable state laws, including:

  • Access: Request copies of your personal or health information.
  • Correction: Request that we amend inaccurate or incomplete information.
  • Restriction: Request limits on how your information is used or disclosed.
  • Confidential Communication: Request that we contact you via specific means.
  • Accounting of Disclosures: Request a record of certain disclosures we have made.
  • Withdrawal of Consent: Revoke consent for optional data uses, such as marketing communications.

To exercise these rights, please contact us as outlined below.

10. Safeguards and Security Measures

WRSS implements physical, technical, and administrative safeguards to protect personal data from unauthorized access, loss, or misuse. These include:

  • Secure networks, firewalls, and encryption protocols.
  • Multi-factor authentication and role-based access controls.
  • Routine vulnerability and malware scanning.
  • Regular staff training on HIPAA and privacy compliance.
  • Incident response and breach notification procedures.

Data Breaches

In the event of a data breach that could impact your rights, WRSS will notify you promptly in accordance with HIPAA Breach Notification Rules and applicable state laws.

11. Updates to This Privacy Notice

WRSS may update this Privacy Notice periodically to reflect changes in laws, technology, or our practices. Updates will be posted on our website with an updated effective date. Continued use of our services indicates your acknowledgment of the revised Notice.

12. Contact Information

If you have questions, concerns, or complaints regarding this Privacy Notice or your personal information, please contact:

Privacy Office

Within Reach Senior Services, LLC

Email: privacy@withinreachss.com 

 

 

 

 

Scroll to Top