Your trust, in writing.

Margaret Home Health Inc. (“Margaret Home Health,” “we,” “us,” or “our”) is a licensed California home health agency serving Los Angeles, Orange, and Ventura counties. We are required by federal law (the Health Insurance Portability and Accountability Act, or “HIPAA”) and state law to maintain the privacy of your Protected Health Information (“PHI”), provide you with this Notice of our legal duties and privacy practices, and follow the terms of the Notice currently in effect.

This policy also explains how we handle information you provide through our website,margarethomehealth.com, and through any forms, calls, or emails you send us.

To provide compassionate, safe, and effective care, we collect:

• Identifying information — name, address, phone, email, date of birth, emergency contacts, and the names of family members involved in your care.
• Protected Health Information (PHI) — medical history, current conditions, medications, allergies, physician and specialist information, care plans, progress notes, and other clinical records.
• Insurance and payment information — Medicare/Medi-Cal numbers, private insurance details, and billing records.
• Caregiver-recorded observations — vital signs, mobility notes, mental status, and incident reports from in-home visits.
• Website information — pages visited, approximate location, device and browser type, and information you voluntarily submit through contact forms.

Under HIPAA, we are permitted to use and disclose your PHI without your written authorization for the following purposes:

• Treatment — coordinating care among your nurses, therapists, aides, physicians, and specialists; sharing relevant information so each provider can deliver safe and informed care.
• Payment — verifying insurance coverage, submitting claims to Medicare, Medi-Cal, or private insurers, and collecting payment for services rendered.
• Healthcare operations — quality assessment, caregiver training and credentialing, internal audits, accreditation activities, and improving the services we provide.

We may also contact you with appointment reminders, follow-up calls about your care, information about related services we offer, or community resources we believe may benefit you.

We share information only in ways that support your care or are required by law:

• Care team — our employed and contracted nurses, therapists, aides, and supervising physicians.
• Trusted partners — when specialized services such as hospice, palliative, or podiatry care are needed, we coordinate with our partner organizations. These partners are bound by their own HIPAA obligations.
• Family members and caregivers you designate — only those you have specifically authorized to receive information about your care.
• Business associates — vendors who help us operate (such as billing services, electronic health record providers, IT vendors). All are bound by HIPAA Business Associate Agreements.
• Public health and legal authorities — when required to prevent serious harm, report abuse or neglect, respond to court orders, or comply with FDA, CDPH, or law-enforcement requests.
• For research or fundraising — only with your specific written authorization, or under limited de-identified circumstances permitted by law.

We never sell your information. We never use your PHI for marketing without your express, written authorization.

You have the following rights regarding your PHI:

• Right to inspect and copy your medical records, in paper or electronic form. We may charge a reasonable fee for copies.
• Right to request an amendment if you believe information in your record is incorrect or incomplete.
• Right to an accounting of disclosures we have made of your PHI, with certain exceptions, for the prior six years.
• Right to request restrictions on how we use or share your PHI. We will accommodate reasonable requests when possible.
• Right to confidential communications — for example, asking us to contact you only at a specific phone number or address.
• Right to a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
• Right to be notified of a breach involving your unsecured PHI.

To exercise any of these rights, please contact our Privacy Officer using the information in the final section of this Notice.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides additional rights:

• The right to know what categories of personal information we collect and the purposes for which we use it.
• The right to request deletion of personal information we have collected, subject to certain healthcare-related exceptions.
• The right to correct inaccurate personal information.
• The right to opt out of any sale or sharing of personal information (we do not sell or share your information for advertising).
• The right to non-discrimination for exercising your privacy rights.

Most PHI is exempt from CCPA because it is governed by HIPAA and California’s Confidentiality of Medical Information Act (CMIA), which provide equivalent or stronger protections.

We maintain physical, administrative, and technical safeguards designed to meet or exceed the HIPAA Security Rule’s standards for protecting the confidentiality, integrity, and availability of your PHI.

Technical safeguards

• All data in transit between your device and our website, electronic health record (EHR) system, and care-team applications is encrypted using TLS 1.2 or higher.
• PHI at rest in our EHR and backups is encrypted using AES-256 or equivalent.
• Our website enforces HTTPS, HSTS preload, a strict Content Security Policy, and modern security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy).
• Multi-factor authentication is required for every staff account that can access PHI.
• Role-based access controls — staff can only see the information needed to do their job.
• Automatic session timeouts and logging of every access to PHI for audit review.

Administrative safeguards

• HIPAA training for every employee and contractor upon hire and annually thereafter.
• Background-checked, drug-tested, and bonded caregivers.
• Signed Business Associate Agreements (BAAs) with every vendor that handles PHI — including our hosting provider, EHR, billing system, and email vendor.
• A designated Privacy Officer and Security Officer with documented responsibilities.
• Written incident-response and breach-notification procedures aligned with the HIPAA Breach Notification Rule.
• Regular internal audits and third-party security assessments.

Physical safeguards

• Locked file storage for any paper records, with strict chain-of-custody for in-home documentation.
• Secure off-site backups for disaster recovery and continuity of care.
• Devices issued to staff are encrypted, password-protected, and remotely wipeable.

No method of transmission or storage is 100% secure. While we work continuously to protect your information using practices that meet or exceed industry standards, we cannot guarantee absolute security. In the event of any breach affecting your unsecured PHI, we will notify you in accordance with the HIPAA Breach Notification Rule.

Our website uses cookies and similar technologies only as needed to operate the site, remember your preferences, and understand how visitors find and use the pages. We do not place advertising cookies or sell visitor information.

Forms you submit on our website (such as the “Schedule a free care visit” form) are transmitted securely and stored in systems protected under HIPAA Business Associate Agreements.

We may update this Notice from time to time. We will post the updated Notice on this page with a revised “Last updated” date. For changes that materially affect how we use or disclose PHI, we will also provide notice through our normal channels of communication with you.

If you have questions about this Notice, wish to exercise your rights, or believe your privacy has been violated, please contact:

You also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at hhs.gov/ocr. We will not retaliate against you for filing a complaint.