Care Connect, LLC
Notice of Privacy Practices

This Privacy Policy governs your use of the CareConnect℠ software application (the “App”) for mobile devices and browser use that was created by Care Connect, LLC (“Care Connect”).

Care Connect has developed CareConnect, a cloud-based mobile and web application that includes advanced shift targeting, distribution, and communication features enabling health care providers to gain efficiencies coordinating and communicating with their caregivers employees and clients. CareConnect works as a stand-alone application or integrated with third-party applications that allow for the exchange of caregiver and client data.

We understand that certain caregiver and client data is personal. Care Connect is committed to protecting all personal information collected and maintained by the App. This Notice applies to all of the information we receive and maintain.

What is Information is Collected?
In order to provide our services, we collect certain personal information about our users including name, address, email, phone number, date of birth, social security number, personal preferences, skills, certifications, schedule and service information. This information is used to enable the App to connect caregivers and other employees with health care providers with whom they already have a relationship and have invited to use our services.

During your use of our App, we may collect certain additional information automatically about how our services are accessed and used including, but not limited to, your browser type, the type of mobile device you use, your mobile devices unique device ID, your IP address, your operating system, the type of mobile Internet browsers you use, and information about the way you use the Application in order to enhance our services.

We also may collect information through the use of “cookies”, tracking pixels, and similar technologies to understand how you navigate through the App and interact with advertisements, to learn what content is popular, and to save your preferences. Cookies are small text files that web servers place on your device; they are designed to store basic information and to help websites and apps recognize your browser. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be accessed every time you use the App. You should consult your web browser(s) to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may be missing out on certain features of the services we provide.

How We Use the Information We Collect
We use the information we collect from all users to:
  • Connect health care providers with their employees;
  • Enable health care providers to distribute available shifts or other work to caregivers with whom they have a relationship and meet certain criteria determined by the health care provider
  • Enable caregivers to see basic information about an available shift such as time and location
  • Allow two-way communications between health care providers and their remote caregivers and other employees
  • Provide, improve, expand, and promote the App and other services we provide;
  • Analyze how our end users use the App;
  • Communicate with you, either directly or through one of our partners, including for marketing and promotional purposes;
  • Send you text messages and push notifications;
  • Provide you with customer support;
  • Work with third party service providers to provide additional services on our behalf
We may also disclose information in special cases when we have a good faith belief that such disclosure is necessary to: (a) comply with legal requirements; (b) defend and protect company property; (c) enforce our terms and conditions; or (d) protect the interests of our users or others.

Information for Children Under 13
Our App is not intended for children under 13 years of age. We do not knowingly collect information from children under 13. If you think we have collected information from a child under the age of 13, please contact us.

Security
The security of your information is very important to us. We use physical, electronic and administrative safeguards to protect your personal information, however, no security measures can be 100% secure, and we cannot guarantee the security of your data.

Consent
By using our Apps, you consent to the terms of this Privacy Policy as it relates to information you submit to us.


-------------------------------------------------------------


This HIPAA Business Associate Agreement
This HIPAA Business Associate Agreement (“Agreement”) is a legally binding contract between Care Connect, LLC, a New York limited liability company (“Business Associate”) and the “Covered Entity” as identified in any Sales Order entered into by the Covered Entity for Business Associate’s Products and Services. These terms can be found at www.careconnectmobile.com/baa. The Business Associate and the Covered Entity are hereinafter individually referred to as “Party” or collectively as “Parties.” Capitalized terms used herein and not otherwise defined shall have the meaning set forth in the Subscription Agreement between Business Associate and Covered Entity.
RECITALS
WHEREAS, Covered Entity has contracted with Business Associate to provide Products and Services to the Covered Entity and the Covered Entity is required by law to enter into this Agreement with Business Associate; and

WHEREAS, the Parties wish to disclose to each other certain information pursuant to the terms of the Subscription Agreement, some of which may constitute Protected Health Information; and

WHEREAS, the purpose of this Agreement is to satisfy certain obligations under the Federal Health Insurance Portability and Accountability Act of 1996 and its related regulations (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009 and related regulations promulgated by the Secretary (the “HITECH Act”). These provisions of the HITECH Act and the regulations applicable to Business Associate are collectively referred to as the "HITECH BA Provisions."

NOW, THEREFORE, in consideration of the mutual promises below, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree as follows:

1. Interpretation of this Agreement. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits the Parties to comply with HIPAA.

2. Definitions. All capitalized terms used herein and not further defined below shall have the meanings set forth in the HIPAA Regulations (as such term is defined below).

  • (a) Administrative Safeguards. “Administrative Safeguards” shall have the same meaning as the term “administrative safeguards” in 45 C.F.R. § 164.304.

    (b) Electronic Protected Health Information (EPHI). “Electronic Protected Health Information” shall have the same meaning as the term “electronic protected health information” in 45 C.F.R. § 160.103, limited to the information created, received, maintained or transmitted by Business Associate on behalf of Covered Entity pursuant to the Subscription Agreement.

    (c) HIPAA Regulations. “HIPAA Regulations” are those regulations codified under Parts 160, 162 and-164 of Title 45 of the Code of Federal Regulations (C.F.R.) relating to privacy and security of PHI, including specifically the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. part 160 and part 164, subparts A and E (the “Privacy Rule”) and the Health Insurance Reform: Security Standards at 45 C.F.R. parts 160, 162, and 164 (the “Security Rule”) without limitation any amendments or successor statutes, rules or regulations to the Privacy Rule and Security Rule.

    (d) Individual. “Individual” shall mean the person who is the subject of the PHI, and has the same meaning as the term “individual” as defined by 45 C.F.R. 164.501 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. 164.502(g).

    (e) Minimum Necessary. “Minimum Necessary” shall mean the principle that PHI should only be used and disclosed to the extent needed for the purpose of the Use or Disclosure in accordance with 45 C.F.R. 164.502(b).
    (f) Protected Health Information (PHI) “Protected Health Information” shall have the same meaning as the term "protected health information" in 45 CFR § 160.103, limited to, but only to the extent such regulatory definition includes, the information created, received, and/or retained by Business Associate from or on behalf of Covered Entity pursuant to the Subscription Agreement.

    (g) Physical Safeguards. “Physical Safeguards” shall have the same meaning as the term “physical safeguards” in 45 C.F.R. § 164.304.

    (h) Security Incident. “Security Incident” shall have the same meaning as the term “security incident” in 45 C.F.R. § 164.304.

    (i) Technical Safeguards. “Technical Safeguards” shall have the same meaning as the term “technical safeguards” in 45 C.F.R. § 164.304.

    (j) Treatment, Payment, and Health Care Operations. “Treatment,” “Payment” and “Health Care Operations” shall have the same meanings given under 45 CFR Section 164.501

3. Obligations of Covered Entity

  • (a) Covered Entity shall provide the Business Associate with any changes in, or revocation of, permission by the individual to use or disclose PHI, if such changes affect Business Associate’s permitted or required uses and disclosures.
    (b) Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that the Covered Entity has agreed to in accordance with 45 CFR §164.522.

    (c) Covered Entity shall not request Business Associate to Use or Disclose PHI in any manner that would not be permissible under 45 CFR §164.520 if done by Covered Entity, except for those Uses or Disclosures for Data Aggregation or management and administrative activities of Business Associate.

    (d) Covered Entity shall use reasonable and appropriate safeguards to maintain and ensure the confidentiality, privacy and security of the PHI transmitted to or received from the Business Associate.

    (e) Covered Entity shall provide the Business Associate with the Notice of Privacy Practices it produces in accordance with 45 CFR §164.520, as well as any material changes to such notice.

    (f) Covered Entity shall notify Business Associate of any limitation(s) in the Notice of Privacy Practices of Covered Entity under 45 CFR §164.520, to the extent such limitation may affect Business Associate’s use or disclosure of PHI.

4. Obligations of Business Associate

  • (a) Business Associate will establish and maintain appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent any Use or Disclosure of PHI, other than as provided for by this Agreement or as required by law. In accordance with 45 CFR §164.502 (e)(1)(ii) and 164.308(b)(2), if applicable Business Associate shall ensure that any subcontractors that create, receive, maintain or transmit protected health information on behalf of the Business Associate agree in writing to the same terms, conditions, restrictions and requirements that apply to Business Associate with respect to such information.

    (b) Covered Entity shall not delegate to Business Associate the determination and processing of an Individual member’s request for amendments to his or her PHI in a Designated Record Set. Business Associate shall promptly forward all requests for amendments to PHI to Covered Entity upon receipt. Covered Entity will make the final determination to grant or deny amendments and complete all required processing. Business Associate hereby agrees to make amendments to PHI in a Designated Record Set as and when approved by Covered Entity so as to permit Covered Entity to timely comply with the requirements of 45 C.F.R. 164.526.

    (c) Covered Entity shall not delegate to Business Associate the determination and processing of Individual member requests for an accounting of Disclosures of PHI. Business Associate shall promptly forward all requests for an accounting of Disclosures of PHI to Covered Entity upon receipt. Covered Entity will complete all required processing in connection with such request. Business Associate hereby agrees to promptly make available information collected relating to applicable accountings of PHI Disclosures to Covered Entity, so as to permit Covered Entity to timely respond to a request by an Individual for an accounting of Disclosures of Protected Health in accordance with 45 C.F.R. 164.528

    (d) Covered Entity shall not delegate to Business Associate the determination and processing of an Individual’s request for access to his or her PHI in a Designated Record Set. Business Associate shall promptly forward all requests for access to PHI to Covered Entity upon receipt. Covered Entity will make the final determination to grant or deny access to PHI in a Designated Record Set and complete all required processing in connection with such access. Business Associate hereby agrees to promptly make available PHI in a Designated Record Set to Covered Entity so as to permit Covered Entity to timely comply with the requirements of 45 C.F.R. 164.524.

    (e) Business Associate agrees to make available to the Secretary (i) Business Associate’s internal practices, books and records relating to the Use and Disclosure of PHI for the purposes of determining Covered Entity’s compliance with the Privacy Rule; and (ii) Business Associate’s policies, procedures and documentation relating to the safeguards described herein, for the purposes of determining Covered Entity’s compliance with the Security Rule.

    (f) To the extent the Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s).

    (g) Business Associate shall have procedures in place for mitigating any injurious or harmful effect from the Use or Disclosure of PHI in a manner contrary to this Appendix.

    (h) Business Associate agrees that it will:

    • (1) Implement Administrative Safeguards, Physical Safeguards, and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI;

      (2) Ensure that any agent, including a subcontractor, to whom it provides such information agrees to implement reasonable and appropriate safeguards to protect it; and

      (3) Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information as required by 45 CFR §164.410 and any Security Incident of which it becomes aware.

5. Permitted Uses and Disclosures by Business Associate

  • (a) Minimum Necessary. Business Associate and its agents and subcontractors shall only request, Use and Disclose the minimum amount of PHI necessary to accomplish the purpose of the request, Use or Disclosure.

    (b) Limits on Use and Disclosure of Information. Business Associate hereby agrees that the PHI shall not be further Used or Disclosed other than as permitted or required by this Appendix, or as Required by Law.

    (c) Stated Purpose for Use and Disclosure. Except as otherwise limited in this Agreement, Business Associate may Use and Disclose PHI to perform the functions, activities, obligations and services required to be performed as specified in the Subscription Agreement. Subject to section 5(b) above, Business Associate is permitted to disclose PHI received from Covered Entity for purposes of Treatment, Payment, and Health Care Operations relating to members.

    (d) Data Aggregation Services. Business Associate is permitted to Use or Disclose PHI to provide “data aggregation services," as that term is defined by 45 C.F.R. 164.501 relating to the Health Care Operations of Covered Entity.

    (e) Management and Administration of Business Associate. Except as otherwise limited in this Agreement, Business Associate may use and/or disclose PHI for the proper management and administration of the Business Associate, or as required by Law.

6. HITECH Act Compliance

The HITECH BA Provisions shall apply commencing on February 17, 2010, or such other date as may be specified in the applicable regulations, whichever is later (“Applicable Effective Date”). Business Associate hereby acknowledges and agrees that, to the extent it is functioning as a Business Associate of Covered Entity, it will comply with the HITECH BA Provisions and with the obligations of a Business Associate as prescribed by HIPAA and the HITECH Act commencing on the Applicable Effective Date of each such provision. Business Associate and Covered Entity further agree that the provisions of HIPAA and the HITECH Act that apply to business associates and that are required to be incorporated by reference in a business associate agreement are incorporated into this Agreement between Business Associate and Covered Entity as if set forth in this Agreement in their entirety and are effective as of the Applicable Effective Date.

7. Term and Termination

  • (a) Term. The Term of this Agreement shall be effective as of the Effective Date, and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is not feasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions in this Section.

    (b) Termination for Cause By Covered Entity. Upon the Covered Entity’s knowledge of a material breach by Business Associate of this Agreement, the Covered Entity shall have the right to immediately terminate this Agreement.

    (c) Automatic Termination. This Agreement will automatically terminate without any further action by the Parties upon the termination or expiration of the Subscription Agreement between the Parties.

    (d) Effect of Termination

    • (1) Except as provided in paragraph (2) of this Section 7(d), upon termination of this Agreement for any reason, the Business Associate shall return or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. Business Associate shall retain no copies of the PHI except as required by any applicable statute of limitations applicable to data retention.

      (2) In the event that Business Associate determines that returning or destroying the PHI is not feasible, the Business Associate shall provide in writing to Covered Entity notification of the conditions that make return or destruction infeasible. Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.


8. Regulatory References. A reference in this Agreement to a section in the Privacy Rule means the section as in effect or as amended, and for which compliance is required.

9. Automatic Amendment. Upon the Applicable Effective Date of any amendment to the regulations promulgated by Health and Human Services (HHS) with respect to PHI, this Agreement shall automatically amend such that the obligations imposed on Business Associate as a Business Associate remain in compliance with such regulations.

10. Survival. The respective rights and obligations of Business Associate and Covered Entity under this Agreement shall survive the termination of this Agreement.

11. Choice of Law. This Agreement shall be governed and construed under the laws of the State of New York, without regard to choice of law rules.

12. Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes all prior oral or written agreements, commitments or understandings with respect thereto. In the event of a conflict between the terms of this Agreement and the Subscription Agreement, the terms of this Agreement shall control. The Parties understand that no provisions of the Agreement shall apply to this Agreement unless expressly referred to herein.

13. Assignment. Either Party shall be permitted to assign its rights and interests under this Agreement to an entity that purchases the assets of the Company or merges with the company, so long as (i) the assignee agrees to be bound by all of the terms and conditions of this Agreement and (ii) the assignee operates the business as a continuation of that Party’s business.

14. State Law Preemption. Pursuant to 45 CFR Section 160.203, certain provisions of state laws relating to the privacy of PHI may supersede the applicable similar provision(s) within the HIPAA Regulations (hereinafter referred to each as a “State Law”). Business Associate shall comply with provisions of such State Laws applicable to Business Associate.

15. Notice. Any notice called for under this Agreement shall be given in accordance with the Subscription Agreement.

End of HIPAA Business Associate Agreement


Changes to this Privacy Policy and HIPAA Business Associate Agreement
We may change this Privacy Policy and HIPAA Business Associate Agreement. If we do so, we will update the Privacy Policy and and HIPAA Business Associate Agreement modification date below. You are responsible for regularly reviewing the terms of this Policy and HIPAA Business Associate Agreement to stay informed of changes or modifications of this Policy and HIPAA Business Associate Agreement. Policy and HIPAA Business Associate Agreement changes will apply only to information collected after the date of the change.

Contact Us
If you have any questions regarding this Privacy Policy, please send us an email at [email protected].

Effective Dates
  • Privacy Policy: The effective date of this policy is April 3, 2018.
  • HIPAA Business Associate Agreement: The effective date of this policy is April 1, 2020.

-------------------------------------------------------------


Accessibility Statement
Updated: December 2019

General
careconnectmobile.com strives to ensure that its services are accessible to people with disabilities. Careconnectmobile.com has invested a significant amount of resources to help ensure that its website is made easier to use and more accessible for people with disabilities, with the strong belief that every person has the right to live with dignity, equality, comfort and independence.

Accessibility on careconnectmobile.com
careconnectmobile.com makes available the UserWay Website Accessibility Widget that is powered by a dedicated accessibility server. The software allows careconnectmobile.com to improve its compliance with the Web Content Accessibility Guidelines (WCAG 2.1).

Enabling the Accessibility Menu
The careconnectmobile.com accessibility menu can be enabled by clicking the accessibility menu icon that appears on the corner of the page. After triggering the accessibility menu, please wait a moment for the accessibility menu to load in its entirety.

Disclaimer
careconnectmobile.com continues its efforts to constantly improve the accessibility of its site and services in the belief that it is our collective moral obligation to allow seamless, accessible and unhindered use also for those of us with disabilities.

Despite our efforts to make all pages and content on careconnectmobile.com fully accessible, some content may not have yet been fully adapted to the strictest accessibility standards. This may be a result of not having found or identified the most appropriate technological solution.

Here For You
If you are experiencing difficulty with any content on careconnectmobile.com or require assistance with any part of our site, please contact us during normal business hours as detailed below and we will be happy to assist.

Contact Us
If you wish to report an accessibility issue, have any questions or need assistance, please contact careconnectmobile.com Customer Support as follows:

Email: [email protected]
1