1. Our Commitment to HIPAA Compliance

Forward Home Health (“we,” “our,” or “us”) is fully committed to protecting the confidentiality, integrity, and availability of your health information. We comply with:

• The Health Insurance Portability and Accountability Act of 1996 (HIPAA).

• The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act).

• The HIPAA Omnibus Final Rule of 2013.

• All applicable state privacy, security, and patient rights laws.

We ensure that your Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) are handled with the highest standards of privacy and security. Our staff, contractors, and business associates receive mandatory HIPAA training, and compliance is enforced through internal audits, access controls, and disciplinary measures where necessary.

2. Key Definitions

• Protected Health Information (PHI): Individually identifiable health information in any form (oral, paper, or electronic).

• Electronic Protected Health Information (ePHI): PHI transmitted or stored electronically.

• Business Associates: External vendors or partners who may handle PHI on our behalf (e.g., billing companies, IT providers, cloud services). All business associates sign legally binding Business Associate Agreements (BAAs) requiring HIPAA compliance.

• Minimum Necessary Rule: We access, use, and disclose only the minimum amount of PHI needed to accomplish the intended purpose.

3. Permitted Uses and Disclosures of PHI

A. Core Functions

1. Treatment – Coordinating, managing, and delivering home health services (e.g., sharing information with physicians, pharmacies, labs, or caregivers).

2. Payment – Submitting claims, verifying insurance, billing, and collections.

3. Health Care Operations – Case management, staff training, internal audits, accreditation, licensing, and quality assurance.

B. Public Interest & Legal Exceptions

1. Public Health Activities – Reporting certain diseases, injuries, or conditions to health departments.

2. Law Enforcement – When required by court orders, subpoenas, or to prevent a serious threat to health/safety.

3. National Security – For authorized intelligence, protective, or military purposes.

4. Workers’ Compensation – As permitted by state law.

5. Health Oversight Agencies – For audits, inspections, investigations, or compliance reviews.

6. Organ & Tissue Donation – Assisting authorized organizations in organ procurement.

7. Research – Only when approved by an Institutional Review Board (IRB) or Privacy Board with strict safeguards.

C. Emergencies & Special Situations

• To protect your life or safety in urgent medical situations.

• To inform family members or caregivers involved in your treatment (unless you object).

D. Uses Requiring Authorization
Any other use/disclosure of PHI requires your written authorization (e.g., marketing, sale of PHI, use for fundraising). You may revoke your authorization at any time.

4. Patient Rights Under HIPAA

As a patient of Forward Home Health, you have the following rights:

• Right to Access: Obtain a copy of your medical record (paper or electronic). We will provide it within 30 days of your request.

• Right to Amend: Request corrections to inaccurate or incomplete PHI.

• Right to Restrict Use/Disclosure: Ask us not to share your PHI with certain parties (e.g., excluding insurance when paying out-of-pocket).

• Right to Confidential Communications: Request alternative communication methods (e.g., mail sent to a P.O. Box).

• Right to Accounting of Disclosures: Receive a list of certain disclosures we have made of your PHI for up to six years.

• Right to Receive a Paper Copy: You may request a physical copy of this Compliance Statement or our Notice of Privacy Practices (NPP).

• Right to Breach Notification: You will be notified in the event of a breach of your unsecured PHI.

• Right to File a Complaint: You can file complaints without fear of retaliation.

5. Safeguards We Implement

We apply a defense-in-depth approach to PHI and ePHI protection:

Administrative Safeguards

• Annual HIPAA compliance audits.

• Workforce HIPAA training and certification.

• Role-based access controls (only staff with a legitimate need may access PHI).

• Sanction policies for violations.

Physical Safeguards

• Restricted office access and visitor logs.

• Secure document shredding and disposal.

• Locked filing cabinets for paper records.

• Surveillance and alarm systems at facilities.

Technical Safeguards

• Encrypted electronic health records (EHR).

• Secure servers and firewalls.

• Multi-factor authentication for system access.

• Automatic logoff and session timeouts.

• Continuous intrusion detection and monitoring.

6. Breach Notification Rule

In the event of a data breach involving unsecured PHI:

• Affected patients will be notified within 60 days of discovery.

• Notifications will include a description of the breach, types of PHI involved, steps taken to protect individuals, and recommended actions for patients.

• Breaches affecting 500 or more individuals will also be reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and, when required, to the media.

7. Accountability and Enforcement

• All employees, contractors, and business associates are required to comply with this HIPAA Compliance Statement.

• Non-compliance may result in disciplinary action, up to and including termination of employment or contracts.

• Regular audits and monitoring ensure ongoing compliance.

8. Filing Complaints or Exercising Rights

You may contact us directly with privacy concerns or requests:

• Email: forwardhomehealth@gmail.com

• Phone: 213-660-3078

• Address: 16600 Woodruff Ave., Suite 201 Bellflower, CA 90706

You may also file a complaint with the:
U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)

• Address: 200 Independence Avenue, S.W. Washington, D.C. 20201

• Phone: 1-800-368-1019 | TDD: 1-800-537-7697

• Website: www.hhs.gov/ocr/privacy/hipaa/complaints

We will not retaliate against you for filing a complaint.

9. Updates to This HIPAA Compliance Statement

This statement may be updated to reflect:

• Changes in law or regulation.

• Updates to our privacy and security practices.

• Advances in technology or systems.

The most current version will always be posted on our website and made available upon request.