Northeast Family CareBack to Home

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Effective Date: February 1, 2026

Our Pledge Regarding Your Health Information

Northeast Family Care ("the Practice") is committed to protecting the privacy of your health information. We are required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) to:

  • Maintain the privacy and security of your protected health information (PHI)
  • Provide you with this Notice of our legal duties and privacy practices with respect to your PHI
  • Abide by the terms of this Notice currently in effect
  • Notify you following a breach of your unsecured PHI

This Notice applies to all records of your care generated or maintained by Northeast Family Care, regardless of how those Services are delivered.

How We May Use and Disclose Your Health Information

Treatment

We may use and disclose your PHI to provide, coordinate, or manage your healthcare and any related services. This includes consultations with other healthcare providers involved in your care, electronic prescribing to pharmacies, lab order transmissions to diagnostic laboratories, and referrals to specialists. For example, a provider reviewing your intake may share relevant medical history with a specialist to whom you are referred.

Payment

We may use and disclose your PHI to bill and collect payment for your healthcare services. This includes submitting claims to insurance companies (if applicable), processing credit card payments through our payment processor (Stripe), and providing superbills for your personal insurance reimbursement. We do not send your clinical information to Stripe — only the minimum necessary transaction data.

Healthcare Operations

We may use and disclose your PHI for our healthcare operations, which include quality assessment and improvement, reviewing the competence of our providers, conducting training programs, business planning, customer service, accreditation, certification, licensing, and credentialing activities.

Other Permitted Uses and Disclosures

We may also use or disclose your PHI without your authorization for the following purposes:

  • As Required by Law: To comply with federal, state, or local laws that mandate disclosure.
  • Public Health Activities: To report disease, injury, vital events, and conduct public health surveillance, investigations, and interventions as authorized by law.
  • Abuse or Neglect: To report suspected abuse, neglect, or domestic violence to government authorities, including social services or protective agencies.
  • Health Oversight Activities: To federal and state agencies that oversee the healthcare system, government benefit programs, and civil rights laws.
  • Judicial and Administrative Proceedings: In response to a court order, subpoena, discovery request, or other lawful process.
  • Law Enforcement: For law enforcement purposes as required or permitted by law, such as reporting certain types of wounds or injuries.
  • Coroners, Funeral Directors, and Organ Donation: To coroners, medical examiners, funeral directors, and organ procurement organizations as permitted by law.
  • Research: Under specific conditions approved by an Institutional Review Board or privacy board.
  • Serious Threat to Health or Safety: To prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
  • Workers' Compensation: To comply with workers' compensation or similar programs.
  • Inmates and Individuals in Custody: To correctional institutions or law enforcement when the patient is in lawful custody.
  • Appointment Reminders and Health-Related Communications: To contact you about appointments, lab results, prescription updates, and other service-related information via our secure portal, email, or SMS (if you have opted in).

Uses Requiring Your Written Authorization

We will not use or disclose your PHI without your written authorization for purposes other than those described in this Notice. Specifically, we will obtain your written authorization before:

  • Selling your health information
  • Using your health information for marketing purposes (except for face-to-face communications and promotional gifts of nominal value)
  • Disclosing psychotherapy notes (if applicable)
  • Any other uses and disclosures not described in this Notice

You may revoke your authorization in writing at any time, except to the extent we have already acted in reliance on it.

Your Rights Regarding Your Health Information

You have the following rights with respect to your PHI:

Right to Access

You have the right to inspect and obtain a copy of your PHI that is maintained in a designated record set. Your request must be in writing. We may charge a reasonable, cost-based fee for copies. We must respond within 30 days (with one 30-day extension if needed).

Right to Request Amendment

You have the right to request that we amend your PHI if you believe it is inaccurate or incomplete. Your request must be in writing and must explain why the amendment is needed. We may deny the request in certain circumstances and, if denied, will provide you with a written explanation.

Right to an Accounting of Disclosures

You have the right to receive a list of certain disclosures we have made of your PHI for up to six years prior to the date of your request (excluding disclosures for treatment, payment, healthcare operations, and certain other exceptions).

Right to Request Restrictions

You have the right to request restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request unless you ask us not to disclose PHI to your health plan for services you paid for entirely out-of-pocket — in that case, we must honor your request.

Right to Request Confidential Communications

You have the right to request that we communicate with you about your health information by alternative means or at alternative locations. We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice upon request, even if you agreed to receive it electronically.

Right to Be Notified of a Breach

You have the right to be notified if a breach of your unsecured PHI occurs. We will notify you as required under the HITECH Act and applicable state law.

Our Security Practices

We implement the following safeguards to protect your PHI:

  • Encryption: All PHI is encrypted at rest using AES-256 encryption and in transit using TLS 1.3
  • Access Controls: Role-based access control (RBAC) ensures only authorized personnel can view your records
  • Audit Trails: All access to PHI is logged and monitored
  • Secure Infrastructure: Our platform is hosted on HIPAA-compliant cloud infrastructure (Microsoft Azure) with enterprise-grade security
  • Authentication: Multi-factor authentication and secure session management protect your account
  • Automatic Redaction: Our logging systems automatically redact PHI from operational logs
  • Regular Assessments: We conduct ongoing security risk assessments and staff training

Changes to This Notice

We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI we maintain. If we make a material change to this Notice, we will post the revised Notice on our website and make it available upon request. The revised Notice will apply to PHI we already hold, as well as new PHI created or received after the revision date.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

File a Complaint with Northeast Family Care:

Email: contact@northeastfamilycare.com
Phone: (774) 225-0216

File a Complaint with the U.S. Department of Health and Human Services:

Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W., Room 509F, HHH Building
Washington, D.C. 20201
Phone: (877) 696-6775
Website: www.hhs.gov/hipaa/filing-a-complaint

Privacy Officer Contact Information

For questions about this Notice, to exercise any of your rights, or to file a complaint, please contact our Privacy Officer:

Privacy Officer: Northeast Family Care Compliance Department

Email: contact@northeastfamilycare.com

Phone: (774) 225-0216

Website: https://northeastfamilycare.com