Your Privacy Rights and Protections
PatientSwaps LLC ("we," "us," "our," or "PatientSwaps") is committed to protecting the privacy and security of your health information. This Notice of Privacy Practices describes how we collect, use, and safeguard Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable privacy regulations.
This notice applies to all individuals whose health information we receive, use, or maintain in connection with our care facility swap coordination services.
Important: Effective Date
This Notice of Privacy Practices is effective as of March 22, 2026, and may be updated periodically. We will notify you of any material changes to our privacy practices.
1. Information We Collect and Maintain
In the course of coordinating care facility swaps, we collect the following types of Protected Health Information:
- Personal identifying information: Name, date of birth, contact information (phone, email, address)
- Health information: Current living situation, primary care needs, health conditions, functional abilities, insurance information
- Care timeline information: Preferred transfer date, anticipated length of stay, special accommodations
- Applicant/Responsible party information: Name, relationship to resident, contact details, power of attorney status
- Compliance and coordination information: Medical documentation, facility agreements, transfer logistics
2. How We Use and Disclose Your Health Information
Primary Uses
We use your Protected Health Information for the following purposes:
- Swap Coordination: To identify matched facilities and coordinate the timing of patient exchanges
- Eligibility and Matching: To assess whether your needs align with available facilities in our network
- Compliance and Regulatory Reporting: To maintain records required by state and federal healthcare regulations
- Quality Improvement: To monitor and improve our services and patient outcomes
- Customer Communication: To send you updates, confirmations, and important information about your swap
- Transportation Coordination: To connect you with vetted, independent transportation partners (see Section 3 below)
Permitted Disclosures
We may disclose your Protected Health Information to the following parties without your written authorization:
- Facility Partners: We share relevant health information with the receiving and sending care facilities to facilitate the swap
- Independent Transportation Partners: When you request transportation services, we may share swap logistics (date, time, pickup location, facility name, and your name and condition) with your chosen independent NEMT or medical transport company to coordinate pickup and delivery
- Responsible Party/Power of Attorney: We disclose information to your designated power of attorney or legally authorized representative
- Business Associates: We may share de-identified operational information with authorized service providers who assist with our administrative, IT, and compliance functions
- As Required by Law: We disclose information when required by court order, subpoena, or other legal authority
- Public Health and Safety: We may disclose information to protect public health or safety, or to prevent a serious threat to health or safety
3. Transportation Partner Communications
Important Disclosure: PatientSwaps is not a transportation provider. We coordinate swap timing between facilities and connect you with independent, vetted transportation partners. You contract directly with the transportation company of your choice and pay them directly for services.
When we coordinate transportation for your swap, we may need to share the following information with your chosen NEMT or medical transport partner:
- Pickup and delivery dates/times
- Facility names and addresses
- Your name and contact information
- Your health condition and any medical needs relevant to transport safety (e.g., mobility assistance, oxygen requirements)
These communications are necessary so the transportation company can safely execute the transfer. We will always notify you before sharing your health information with a transportation partner.
Transportation Partner Options:
- Option A: Vetted NEMT (Non-Emergency Medical Transportation) partner for stable patients
- Option B: Vetted medical transport partner with EMTs/paramedics for patients requiring medical monitoring
- Option C: Family or self-transport (you arrange transportation independently)
4. How We Protect Your Information
Technical Safeguards
- Encryption of all data in transit and at rest
- Secure, HIPAA-compliant data storage systems (Google Workspace with signed Business Associate Agreement)
- Regular security audits and vulnerability assessments
- Access controls limiting employee access to minimum necessary information
Administrative Safeguards
- Comprehensive workforce privacy and security training
- Documented policies and procedures for handling Protected Health Information
- Background checks and screening of all personnel with PHI access
- Incident response and breach notification protocols
Physical Safeguards
- Secure data centers with restricted physical access
- Data destruction protocols for end-of-life records
Our HIPAA-Compliant Architecture
Your Protected Health Information is stored exclusively in services with signed Business Associate Agreements:
- Jotform (HIPAA-enabled): Secure intake form submission
- Google Workspace (BAA-signed): Master patient database, email, document storage, and secure automations
- Paubox (BAA-signed): Encrypted email for sensitive PHI communications
De-identified operational data (facility names, swap IDs, status) is stored separately in systems without direct PHI access.
5. Your Individual Rights
You have the following rights regarding your Protected Health Information:
Right to Access
You have the right to inspect and obtain a copy of your Protected Health Information. To request access, contact our Privacy Officer at privacy@patientswaps.com. We will provide your information within 30 days of your request.
Right to Amendment
You have the right to request correction of any inaccurate or incomplete health information. Submit amendment requests to our Privacy Officer. We will review your request and notify you of approval or denial within 60 days.
Right to Restriction of Use
You may request that we limit how we use or disclose your Protected Health Information. While we cannot guarantee approval of all restriction requests, we will consider your request and notify you of our decision.
Right to Accounting of Disclosures
You have the right to request an accounting of all disclosures of your Protected Health Information made by PatientSwaps. You are entitled to one free accounting request per 12-month period. Additional requests may be subject to a reasonable fee.
Right to Receive This Notice
You have the right to receive this Notice of Privacy Practices in paper form upon request.
Right to Confidential Communications
You may request that we communicate with you by alternate means or at alternate addresses. Please submit such requests in writing to our Privacy Officer.
Right to Revoke Authorization
If you have authorized us to use or disclose your Protected Health Information, you may revoke that authorization in writing at any time. Revocation does not apply to disclosures already made in reliance on your authorization.
6. PatientSwaps' Duties
PatientSwaps is required by law to:
- Maintain the privacy and security of your Protected Health Information
- Provide you with this Notice of Privacy Practices
- Honor your privacy preferences and restrictions
- Notify you of any unauthorized access to or use of your Protected Health Information
- Comply with applicable HIPAA regulations and state privacy laws
We reserve the right to modify this Notice and to apply changes to all Protected Health Information we maintain. If we make material changes to our privacy practices, we will notify you by posting the revised Notice on our website and providing written notice upon request.
7. Complaints and Inquiries
Complaints to PatientSwaps
If you believe your privacy rights have been violated, you may file a complaint with PatientSwaps:
We will investigate your complaint and respond within 30 days of receipt. Complaints must include your name, contact information, and a description of the alleged privacy violation.
Complaints to the U.S. Department of Health & Human Services
You also have the right to file a complaint with the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR). You may file a complaint online, by mail, or by phone:
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
You will not be penalized for filing a complaint with HHS OCR.
8. Contact Information
For questions about this Notice of Privacy Practices or to exercise your privacy rights, please contact:
9. Acknowledgment of Receipt
We request that you sign an acknowledgment confirming receipt of this Notice of Privacy Practices when you complete our intake form. If you do not sign an acknowledgment, we will still honor all your privacy rights under this Notice.
Questions? If you have any questions about how PatientSwaps uses your Protected Health Information or would like to exercise your privacy rights, please contact our Privacy Officer immediately at privacy@patientswaps.com. We are committed to working with you to address any privacy concerns.