Effective Date: December 17, 2025

This Privacy Policy describes how Encore Home Health Services, LLC dba Encore Care ("Agency," "we," "us," or "our") collects, uses, and discloses information when you visit our website, use our services, or otherwise interact with us. This policy applies to all personal information collected through our website, patient portal, and related services.

Information We Collect

Protected Health Information (PHI)

As a HIPAA-covered entity, we collect protected health information as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This includes demographic information, medical history, test and laboratory results, insurance information, and other data that we collect to identify you and provide healthcare services.

PHI includes information that:

1. Is created or received by a health care provider, health plan, employer, or health care clearinghouse

2. Relates to (1) the past, present, or future physical or mental health or condition of an individual; (2) the provision of health care to an individual; or (3) the past, present, or future payment for the provision of health care to an individual

3. Identifies or could reasonably be used to identify the individual

Other Personal Information We may collect:

1. Contact information (name, email address, phone number, mailing address)

2. Demographic information (date of birth, gender, etc.)

3. Insurance and billing information

4. Information you provide in web forms, surveys, or correspondence

5. Technical information about your device and internet connection

6. Login credentials for our patient portal (if applicable)

7. Family medical history (when relevant to your care)

8. Emergency contact information

Automatically Collected Information When you visit our website, we automatically collect:

1. IP address

2. Browser type and version

3. Operating system

4. Referring website

5. Pages visited and time spent

6. Date and time of visits

7. Click patterns

8. Geographic location (city/state level)

9. Device type and settings

How We Use Your Information Protected Health Information

We use and disclose PHI only as permitted by HIPAA and as described in our Notice of Privacy Practices. Please refer to our Notice of Privacy Practices for detailed information about how we handle your PHI.

Specifically, we may use your PHI for:

• Treatment purposes (providing, coordinating, or managing your healthcare)
• Payment activities (billing, claims management, and insurance verification)
• Healthcare operations (quality assessment, business planning, and staff training)
• Other purposes as permitted or required by law

Other Personal Information We may use non-PHI personal information to:

• Respond to your inquiries and provide requested information
• Process applications for services
• Improve our website and services
• Send communications about our services
• Comply with legal obligations
• Protect against fraud and unauthorized transactions
• Analyze website usage and trends
• Personalize your experience on our website
• Communicate with you about appointments, services, or other health-related benefits
• Conduct internal research and analysis to improve our services
• Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience and collect information about how you use our site.

Types of Cookies We Use

• Essential cookies: Required for the website to function properly, such as enabling secure login to patient portals or remembering items in online forms
• Analytical/performance cookies: Help us understand how visitors interact with our website, including which pages are visited most frequently and how users navigate through the site
• Functionality cookies: Remember your preferences and settings to enhance your experience when returning to our site
• Targeting cookies: Record your visit, pages visited, and links followed to help us deliver more relevant content and advertisements

Your Cookie Choices

Most web browsers allow you to control cookies through browser settings. You can set your browser to refuse all cookies or indicate when a cookie is being sent. However, some website features may not function properly without cookies.

To manage your cookie preferences:

1. Access your browser settings

2. Look for the cookie or privacy settings

3. Select your preferred level of cookie acceptance

Please note that disabling certain cookies may limit your ability to use some features of our website, including our patient portal.

Information Sharing and Disclosure HIPAA-Regulated Disclosures

We share PHI only as permitted by HIPAA and as described in our Notice of Privacy Practices. This includes sharing information:

• With healthcare providers involved in your care
• With your health insurance plan for payment purposes
• With our business associates who perform services on our behalf
• As required by law or for public health and safety purposes

Other Disclosures We may share non-PHI personal information with:

• Service providers who help us operate our website and services, such as hosting providers, analytics services, and customer support tools
• Business partners with your consent, such as referral services or complementary healthcare providers
• Legal authorities when required by law, such as in response to a court order, subpoena, or other legal process
• Entities involved in business transfers (mergers, acquisitions, or sale of assets)

We do not sell your personal information to third parties for marketing purposes or monetary compensation.

Business Associates

We may share PHI with our business associates who perform functions on our behalf, such as:

• Billing and claims processing services
• Electronic health record systems
• Data analysis and quality assurance
• Legal, accounting, and consulting services

All business associates are required to enter into a Business Associate Agreement that obligates them to:

• Use appropriate safeguards to protect your PHI
• Report any unauthorized use or disclosure of PHI
• Ensure their subcontractors agree to the same restrictions
• Return or destroy PHI when the business relationship ends (if feasible)
• Data Security

We implement appropriate technical, administrative, and physical safeguards to protect your information, including PHI, in compliance with HIPAA Security Rule requirements. These measures include:

• Encryption of electronic PHI during transmission and storage
• Access controls and authentication mechanisms to ensure only authorized personnel can access PHI
• Regular security assessments and vulnerability testing
• Staff training on privacy and security policies and procedures
• Physical safeguards for our facilities and systems, including locked storage areas and restricted access zones
• Automatic timeout features on systems containing PHI
• Audit controls that record and examine activity in information systems containing PHI
• Integrity controls to ensure PHI is not improperly altered or destroyed
• Transmission security measures to guard against unauthorized access during electronic transmission

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing reasonable and appropriate measures to protect your information.

Your Rights and Choices HIPAA Rights

For PHI, you have rights as described in our Notice of Privacy Practices, including rights to:

• Access and obtain copies of your health information
• Request amendments to your health information if you believe it is incorrect or incomplete
• Request restrictions on certain uses and disclosures of your PHI
• Receive an accounting of certain disclosures of your PHI
• Request confidential communications through alternative means or at alternative locations
• Receive notification of a breach of your unsecured PHI
• File a complaint if you believe your privacy rights have been violated

Other Privacy Rights

Depending on your location, you may have additional rights under applicable privacy laws (such as CCPA, GDPR). These may include:

• Right to know what personal information we collect and how it is used
• Right to request deletion of personal information
• Right to opt-out of certain data sharing
• Right to non-discrimination for exercising these rights
• Right to access and portability of your personal information
• Right to correct inaccurate personal information

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

Children's Privacy

Our website is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13 without appropriate parental consent. If you believe we have inadvertently collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.

For minors who are patients, we collect and use PHI in accordance with HIPAA regulations and with appropriate authorization from a parent or legal guardian.

Third-Party Links

Our website may contain links to third-party websites, such as healthcare resources, partner organizations, or social media platforms. We are not responsible for the privacy practices or content of these sites. We encourage you to review the privacy policies of any third-party sites you visit.
These third-party websites may collect information about you when you visit them. This Privacy Policy does not cover the information practices of those third-party websites.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will post the revised policy on our website with an updated effective date. For significant changes, we may also provide a more prominent notice, such as an email notification or a banner on our website.
We encourage you to review this policy regularly to stay informed about how we are protecting your information. Your continued use of our website after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact:
Privacy Officer:

Phone: +1-800-395-9420

Email: info@encorecare.org
Address:

For matters specifically related to your PHI or to exercise your HIPAA rights, please contact our Privacy Officer using the information above.

Compliance with Laws

We comply with applicable federal and state privacy laws, including HIPAA, the HITECH Act, and state privacy laws. In the event of a conflict between this Privacy Policy and applicable law, the law will prevail.

HIPAA Compliance

As a covered entity under HIPAA, we are required to:

• Maintain the privacy and security of your PHI
• Provide you with notice of our legal duties and privacy practices
• Notify affected individuals following a breach of unsecured PHI
• Follow the terms of our Notice of Privacy Practices

State Law Compliance

In addition to federal laws, we comply with applicable state privacy laws that may provide additional protections for certain types of health information, such as mental health records, substance use disorder treatment information, or HIV/AIDS-related information.

Breach Notification

In the event of a breach of unsecured PHI, we will:

o Notify affected individuals without unreasonable delay and no later than 60 days after discovery
o Include in the notification a description of the breach, the types of information involved, steps individuals should take to protect themselves, what we are doing to investigate and mitigate the breach, and contact information for questions
o Notify the Secretary of the Department of Health and Human Services as required by law
o Notify prominent media outlets in the event of a breach affecting more than 500 residents of a state or jurisdiction

International Data Transfers

If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using our website, you consent to the transfer of your information to the United States and understand that your information may be subject to U.S. law, which may provide different privacy protections than the laws of your country.

Date Retention Policy

We retain PHI in accordance with applicable law, including HIPAA requirements. Generally, we maintain medical records for seven (7) years from your last date of service or as required by state law, whichever is longer.Website analytics data is retained for fourteen (14) months to help us improve our services.”

By using our website, you acknowledge that you have read and understand this Privacy Policy.