Privacy Policy

1. Who We Are

Zionist Home Care ("Company," "we," "us," or "our") is a state-licensed in-home aide care agency headquartered in Locust, North Carolina. We provide personal care, companion care, and in-home aide services to individuals requiring assistance with activities of daily living (ADLs) across Stanly, Cabarrus, Union, Rowan, and surrounding counties in North Carolina.

• Business Name: Zionist Home Care
• Business Type: North Carolina Licensed In-Home Aide Agency
• License Authority: NC DHHS – Division of Health Service Regulation (DHSR)
• Principal Address: 132 Flame Azalea CT, Locust, NC 28097
• Phone: (980) 410-2209
• Email: support@zionisthealthcare.com

2. Scope of This Policy

This Privacy Policy applies to:

• All information collected through our website at zionist-homecare.com and any subdomains
• Information collected in connection with care request inquiries and care services
• Information submitted by referral sources (physicians, hospitals, social workers, discharge planners)
• Information provided by prospective and current caregivers, employees, and contractors
• Information submitted through online forms, email, telephone, or in-person interactions
• Client Protected Health Information (PHI) handled in connection with the delivery of in-home aide services

This Policy does not apply to third-party websites, services, or applications linked to or from our website. Those parties have their own privacy policies which we encourage you to review.

3. Information We Collect

3.1 Personal Identification Information

• Full legal name, date of birth, gender
• Home address, mailing address, city, state, ZIP code
• Phone number(s) and email address(es)
• Emergency contact names and relationships
• Social Security Number (SSN) — collected only for billing, insurance, or employment purposes
• Government-issued ID information where required by law

3.2 Protected Health Information (PHI)

As a licensed in-home aide agency, we may collect and maintain the following health-related information under HIPAA regulations:

• Medical diagnoses, conditions, and health history
• Physician orders and care plan information
• Medication lists and administration records
• Functional assessment data (ADL abilities, mobility, cognitive status)
• Nursing notes, aide visit records, and care documentation
• Insurance information (Medicare, Medicaid, private insurance, policy numbers)
• Authorization for release of information documents

3.3 Care Request & Referral Information

• Information submitted through our "Request Care" form
• Referral source details (hospital, physician, facility name, contact person)
• Service type requested (personal care, companion care, respite care)
• Preferred start date and schedule preferences
• Care recipient living situation and family contact information

3.4 Employment & Caregiver Information

• Resume/CV, work history, and references
• Professional certifications (CNA, HHA, PCA credentials)
• Background check authorization and results (required under NC law)
• NC Health Care Personnel Registry (HCPR) verification
• Employment eligibility documents (I-9, E-Verify)
• Direct deposit and payroll information
• Ongoing training records and competency evaluations

3.5 Website Usage Information

• IP address and approximate geographic location
• Browser type, version, and operating system
• Pages visited, time spent on pages, and referring URLs
• Device identifiers and session data
• Cookie and tracking data (see Section 10)

4. How We Collect Information

We collect information through the following methods:

• Online Forms: Care request, referral submission, contact, newsletter signup, and job application forms on our website
• Telephone & In-Person: When you call our office or meet with our care coordinators
• Email Correspondence: Messages sent to our contact email addresses
• Intake Assessments: In-home assessments conducted by our care coordinators prior to service initiation
• Third-Party Referral Sources: Hospitals, physician offices, assisted living facilities, and social workers who refer clients to us
• Government Databases: NC Health Care Personnel Registry and background check services for employment verification
• Automated Website Technologies: Cookies, log files, and similar technologies

5. How We Use Your Information

5.1 For Care Services

• Conducting intake assessments and developing individualized care plans
• Matching and assigning qualified caregivers to clients
• Coordinating care with physicians, hospitals, and other healthcare providers
• Documenting and monitoring care delivery and client progress
• Scheduling shifts and managing caregiver assignments
• Billing Medicaid, Medicare, private insurance, and private-pay clients
• Maintaining client records as required by NC DHHS and DHSR regulations

5.2 For Communications

• Responding to inquiries submitted through our website or by phone
• Sending appointment reminders, schedule notifications, and care updates
• Notifying families of changes in their loved one's care
• Sending newsletters and service updates (only with your explicit consent)

5.3 For Employment Purposes

• Processing and evaluating job applications
• Conducting background checks as required by North Carolina General Statute § 131E-256
• Verifying credentials, licensure, and registry status
• Onboarding, training, payroll, and HR management

5.4 For Legal & Regulatory Compliance

• Meeting reporting obligations to NC DHHS, DHSR, and other regulatory authorities
• Responding to lawful subpoenas, court orders, or government investigations
• Reporting abuse, neglect, or exploitation as mandated under NC law
• Maintaining records for the legally required retention periods

5.5 For Business Operations

• Improving our website, services, and internal processes
• Analyzing website traffic and user behavior (aggregate, non-identifiable data)
• Preventing fraud and ensuring the security of our systems

6. Legal Basis for Collecting and Using Your Information

We collect and use your personal information on the following legal grounds:

Legal Basis	Examples
Consent	Newsletter signup, marketing communications, optional cookies
Contractual Necessity	Service agreements with clients, caregiver employment contracts
Legal Obligation	HIPAA compliance, NC DHSR licensing requirements, mandatory reporting
Legitimate Interest	Website security, fraud prevention, service improvement
Vital Interest	Emergency situations involving risk to life or safety of a client

7. HIPAA Compliance & Protected Health Information (PHI)

Zionist Home Care is a HIPAA-covered entity as a licensed health care provider. We are required by law to:

• Maintain the privacy and security of your Protected Health Information (PHI)
• Provide you with a Notice of Privacy Practices (NPP) describing how we may use and disclose your PHI
• Follow the terms of our Notice of Privacy Practices currently in effect
• Notify you in the event of a breach of your unsecured PHI

7.1 Permitted Uses & Disclosures of PHI

Under HIPAA, we may use or disclose your PHI without your specific authorization for the following purposes:

• Treatment: Sharing relevant health information with physicians, nurses, therapists, and other caregivers involved in your care
• Payment: Submitting claims and billing information to Medicare, Medicaid, or private insurance carriers
• Healthcare Operations: Quality improvement activities, staff training, and accreditation processes
• Legal Requirements: Responding to court orders, subpoenas, or government inspections
• Public Health: Reporting communicable diseases to NC DHHS as required by law
• Abuse & Neglect Reporting: Reporting suspected abuse, neglect, or exploitation to appropriate authorities as required under North Carolina law (NCGS § 108A-102)
• Emergency Situations: Disclosures necessary to prevent serious threats to health or safety

7.2 Authorization Required

For any use or disclosure of your PHI not described above, we will obtain your written authorization before releasing your information. You have the right to revoke an authorization in writing at any time, subject to uses or disclosures already made in reliance on that authorization.

7.3 Minimum Necessary Standard

We make reasonable efforts to limit the use, disclosure, and requests for PHI to the minimum amount necessary to accomplish the intended purpose. Our staff are trained to access only the health information they need to perform their job duties.

8. Sharing and Disclosure of Your Information

We do not sell, rent, or trade your personal information or PHI to third parties for marketing or commercial purposes. We may share your information only in the following circumstances:

8.1 With Healthcare Partners

• Referring physicians, hospitals, home health agencies, and discharge planners involved in your care coordination
• Specialists, therapists, and ancillary providers listed in your care plan
• Pharmacies managing your medication regimen

8.2 With Business Associates

We may share limited information with vendors and service providers ("Business Associates" under HIPAA) who assist us in operating our business, including:

• Electronic health record (EHR) software providers
• Billing and claims processing services
• IT and cybersecurity providers
• Background check and credentialing services
• Payroll and HR management platforms

All Business Associates are required to sign a Business Associate Agreement (BAA) obligating them to protect your PHI in accordance with HIPAA.

8.3 With Family Members & Authorized Representatives

We may share care-related information with family members, guardians, or legally authorized representatives who are directly involved in your care, as permitted by HIPAA and with your consent where required.

8.4 With Regulatory & Government Agencies

• NC Department of Health and Human Services (NC DHHS)
• Division of Health Service Regulation (DHSR)
• NC Division of Medical Assistance (Medicaid)
• Centers for Medicare & Medicaid Services (CMS)
• Adult Protective Services (APS) — for mandatory abuse/neglect reports
• Law enforcement — when required by law or court order

8.5 In Emergency Situations

If you are in a life-threatening emergency, we may disclose limited PHI to emergency responders, hospitals, or family members as necessary to protect your life or the lives of others.

9. How We Protect Your Information

We implement comprehensive administrative, technical, and physical safeguards consistent with HIPAA Security Rule requirements and industry best practices:

9.1 Administrative Safeguards

• Designation of a HIPAA Privacy Officer and Security Officer
• Annual staff HIPAA training and privacy awareness programs
• Written privacy and security policies and procedures
• Workforce access controls — staff may only access PHI necessary for their role
• Business Associate Agreements with all relevant vendors
• Sanction policies for workforce members who violate privacy policies

9.2 Technical Safeguards

• Encrypted data transmission using SSL/TLS (HTTPS) for all website communications
• Password-protected access to electronic records with unique user credentials
• Automatic session timeouts for inactive users
• Regular security audits and vulnerability assessments
• Secure, encrypted storage of electronic PHI (ePHI)
• Firewall protection and intrusion detection systems

9.3 Physical Safeguards

• Locked storage for paper records containing PHI
• Restricted physical access to areas where PHI is stored or processed
• Secure disposal of paper records containing PHI (shredding)
• Device and media controls for computers, drives, and portable devices

10. Cookies and Website Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience:

10.1 Types of Cookies We Use

• Essential Cookies: Required for core website functionality (e.g., session management, form security tokens). These cannot be disabled.
• Analytics Cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). Data is aggregated and anonymized.
• Preference Cookies: Remember your settings and preferences for future visits.

10.2 Managing Cookies

You may disable non-essential cookies at any time through your browser settings. Please note that disabling cookies may affect the functionality of certain parts of our website. We do not use cookies to collect or store sensitive health information (PHI).

11. Data Retention

We retain personal information and PHI for the periods required by applicable law and sound business practice:

Record Type	Retention Period	Authority
Client care records / PHI	Minimum 7 years from last service date; 7 years after a minor turns 18	NC DHSR / HIPAA
Employee/caregiver records	7 years after termination	NC DOL / NCGS
Billing and payment records	7 years (Medicaid/Medicare: 10 years)	CMS / IRS
Job applications (not hired)	2 years	EEOC Guidelines
Website contact form submissions	3 years	Internal Policy
Newsletter subscriber data	Until unsubscribed + 1 year	Internal Policy

After the applicable retention period, personal information is securely deleted, destroyed, or de-identified.

12. Children's Privacy

Our website is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verified parental consent. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at support@zionisthealthcare.com and we will promptly delete such information.

For minor clients under 18 who receive in-home care services, all required consents are obtained from a parent or legal guardian. Records for minor clients are retained for 7 years after the minor reaches the age of 18, as required by North Carolina law.

13. Your Rights Under HIPAA and North Carolina Law

As a client or prospective client, you have the following rights regarding your personal information and PHI:

13.1 Right to Access

You have the right to inspect and receive a copy of your PHI held in our designated record set. We will respond to your written request within 30 days (with a possible 30-day extension with notice). A reasonable cost-based fee may apply for copies.

13.2 Right to Amend

If you believe information in your record is incorrect or incomplete, you may submit a written request for amendment. We will respond within 60 days. If we deny your request, we will provide a written explanation and allow you to submit a statement of disagreement.

13.3 Right to an Accounting of Disclosures

You may request a list of disclosures of your PHI made by us (other than disclosures for treatment, payment, and operations) for the past 6 years.

13.4 Right to Request Restrictions

You may request that we restrict certain uses or disclosures of your PHI. We are not required to agree to all restrictions, except we must agree to restrict disclosure of PHI to a health plan for services you have paid for in full out-of-pocket.

13.5 Right to Request Confidential Communications

You may request that we communicate your PHI by alternative means or to an alternative location (e.g., "contact me only at my work number, not at home"). We will accommodate reasonable requests.

13.6 Right to a Paper Copy of Our Notice of Privacy Practices

You have the right to receive a paper copy of our Notice of Privacy Practices at any time, even if you have agreed to receive it electronically. Please contact our office to request a copy.

13.7 Right to Opt Out of Marketing

You may opt out of receiving marketing emails and newsletters at any time by:

• Clicking the "Unsubscribe" link in any marketing email we send
• Emailing us at support@zionisthealthcare.com with the subject line "Unsubscribe"
• Calling our office at (980) 410-2209

13.8 Right to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with:

• Zionist Home Care Privacy Officer: support@zionisthealthcare.com | (980) 410-2209
• U.S. Department of Health & Human Services (HHS) Office for Civil Rights:
  Website: www.hhs.gov/ocr/privacy/hipaa/complaints
  Phone: 1-800-368-1019 (TDD: 1-800-537-7697)
• NC Attorney General's Office — Consumer Protection:
  Website: ncdoj.gov
  Phone: 1-877-5-NO-SCAM (1-877-566-7226)

We will not retaliate against you for filing a complaint.

14. North Carolina-Specific Provisions

14.1 NC Identity Theft Protection Act (NCITPA)

We comply with the North Carolina Identity Theft Protection Act (NCGS § 75-60 et seq.). In the event of a security breach involving your personal information (name + SSN, driver's license number, financial account, or payment card information), we will notify affected individuals in the most expedient time possible and without unreasonable delay, as required by North Carolina law. We will also notify the NC Attorney General if the breach affects more than 1,000 North Carolina residents.

14.2 Mandatory Reporting Obligations

As a licensed in-home aide agency, our caregivers and staff are mandatory reporters under North Carolina law. We are required to report suspected abuse, neglect, or exploitation of an adult (NCGS § 108A-102) or child (NCGS § 7B-301) to the appropriate county Department of Social Services (DSS). Such reports may involve disclosure of limited PHI without your consent as permitted by HIPAA.

14.3 NC Health Care Personnel Registry

We are required to report substantiated findings of abuse, neglect, or misappropriation of property by in-home aide personnel to the NC Health Care Personnel Registry (HCPR), maintained by NC DHSR. This is a legal obligation and does not require client authorization.

14.4 NC DHSR Licensing Requirements

Our agency is subject to periodic inspections and audits by the NC Division of Health Service Regulation. Client records may be reviewed by DHSR surveyors as part of licensure surveys. You will be notified of such inspections where practicable and legally permissible.

15. Employee and Caregiver Privacy

Personal information collected from current and prospective employees and caregivers is used solely for employment-related purposes, including:

• Pre-employment background checks as required by NCGS § 131E-256 and the NC Health Care Personnel Registry Act
• Verification of certifications, licensure, and training records
• Payroll processing, benefits administration, and HR management
• Compliance with state and federal employment laws

Employee records are kept strictly confidential and accessible only to authorized management and HR personnel. We do not disclose employee personal information to third parties except as required by law or in connection with employment functions.

16. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or integrated services (including Google Maps and scheduling tools). Zionist Home Care is not responsible for the privacy practices, content, or security of these third-party sites. We encourage you to review the privacy policies of any third-party website you visit through a link on our website.

17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting on this page with a revised "Last Updated" date. We will provide prominent notice of material changes, including notification by email where we have your email address on file, or by a notice posted on our homepage for at least 30 days.

Your continued use of our website or services following the posting of changes constitutes your acknowledgment of and agreement to the updated Privacy Policy. We encourage you to review this Policy periodically.