Company: True Touch Home Health Care LLC

Address: 1560 East Southlake Blvd, Suite 100, Southlake, TX, 76092

Website: truetouchhomehealth.com

Contact: Info@truetouchhomehealth.com

Administrators: Annie Bista and Lachi Rimal

Effective Date: August 19, 2025

Overview

This Privacy Policy explains how True Touch Home Health Care LLC (“we,” “us,” or “our”) collects, uses, discloses, and protects information through the Site and in connection with our home health care services. This policy incorporates our Notice of Privacy Practices under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

HIPAA Compliance Statement

We are a HIPAA-covered entity and are committed to protecting Protected Health Information (PHI). We maintain administrative, physical, and technical safeguards designed to ensure the confidentiality, integrity, and availability of PHI, and we require Business Associate Agreements (BAAs) with vendors that handle PHI on our behalf.

Information We Collect

Depending on how you interact with us, we may collect:

• Identifiers: name, postal address, email address, phone number, date of birth, demographic information,and emergency contacts.
• Health & Treatment Information (PHI): medical history, diagnoses, medications, allergies, lab results,provider notes, care plans, and other information provided by you or your providers.
• Insurance & Billing: policy numbers, claims information, guarantor details, and payment information(processed through secure third-party processors).
• Technical/Usage Data: IP address, device identifiers, browser type, pages viewed, referring/exit pages,and timestamps.
• Communications: messages or forms you submit, call recordings where permitted by law, and feedback.

How We Use Information

We use information to:

• Deliver care and related services, coordinate treatment, and manage care plans.
• Process payments, claims, billing, and reimbursements.
• Conduct healthcare operations (e.g., quality assessment, training, credentialing, auditing, andcompliance).
• Communicate with you about appointments, care, and administrative matters; send legally requirednotices.
• Operate, maintain, improve, and secure the Site and our services; analyze usage; prevent fraud andabuse.
• Comply with legal obligations and respond to lawful requests and court orders.

Notice of Privacy Practices (HIPAA)

Permitted Uses & Disclosures of PHI Without Authorization:

• Treatment: sharing PHI with your providers, caregivers, and pharmacies to coordinate your care.
• Payment: using and disclosing PHI to obtain payment, determine eligibility, and process claims.
• Healthcare Operations: using PHI for quality improvement, accreditation, audits, and compliance.
• Public Health & Safety: reporting as required by law, including to public health authorities, forabuse/neglect reporting, or to avert a serious threat.
• Legal & Administrative: responding to court orders, subpoenas, law enforcement requests, and otherlawful processes.
• Business Associates: disclosing PHI to service providers under BAAs who must safeguard PHI.
• As Required by Law: other disclosures mandated by federal or state law.

Uses & Disclosures Requiring Authorization:

We will obtain your written authorization before using or disclosing PHI for marketing purposes (other than face-to-face communications or nominal promotional gifts), sale of PHI, or sharing psychotherapy notes (where applicable), except as permitted by law. You may revoke an authorization at any time in writing, except to the extent we have already taken action in reliance on it.

Your HIPAA Rights

Subject to limited exceptions under HIPAA, you have the right to:

• Access: receive a copy of your PHI in paper or electronic format.
• Amend: request corrections to your PHI if you believe it is inaccurate or incomplete.
• Restrictions: request restrictions on certain uses and disclosures of PHI.
• Confidential Communications: request we communicate with you by alternative means or at alternatelocations.
• Accounting: receive a list of certain disclosures of your PHI we have made.
• Paper Copy: receive a paper copy of this Notice upon request.

To exercise your rights, contact us at the email or mailing address listed above. We will respond within the timeframes required by HIPAA.

Data Security

We implement safeguards designed to protect information, including:

• Administrative: workforce training, role-based access, policies and procedures, vendor management,and incident response planning.
• Physical: secure facilities, locked storage, device safeguards, and disposal/destruction protocols.
• Technical: encryption in transit, firewalls, intrusion detection, multi-factor authentication for systemscontaining PHI, and access logging.

No method of transmission or storage is 100% secure. We continuously improve our security program and monitor for vulnerabilities.

Breach Notification

If a breach of unsecured PHI occurs, we will investigate, mitigate potential harm, and provide notifications without unreasonable delay and no later than 60 days after discovery, consistent with HIPAA’s Breach Notification Rule and applicable state laws.

Retention

We retain records and PHI for the periods required by applicable federal and Texas law and payer rules, and otherwise only as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements.

Children’s Privacy

The Site is not directed to children under 13. We do not knowingly collect personal information from children under 13 online without appropriate parental consent as required by law.

Cookies & Online Tracking

We use cookies and similar technologies to operate and improve the Site, analyze usage, and remember preferences. See our Cookie Policy for details. Do Not Track (DNT) signals may not be recognized by our Site. Where legally required and technically feasible, we will endeavor to honor Global Privacy Control (GPC) signals for applicable jurisdictions.

Third-Party Services

We may share limited information with third-party service providers who perform services for us (e.g., hosting, analytics, communications, payment processing). We require such providers to protect information and use it only to provide contracted services; where PHI is involved, a BAA is required.

International Visitors

We operate in the United States and the Site is intended for U.S. residents. If you access the Site from outside the U.S., you understand that information may be transferred to, stored in, and processed in the United States, where laws may differ from those in your jurisdiction.

Your Choices

You may update contact preferences, opt out of certain non-essential communications, and manage cookies as described in the Cookie Policy. Some communications (e.g., appointment reminders, billing) may be required for care or operations.

Changes to this Policy/Notice

We may update this Privacy Policy and HIPAA Notice from time to time. If we make material changes, we will post the updated version with a new effective date. Your continued use of the Site or our services after changes become effective constitutes acceptance.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us at the contact information above, or with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). We will not retaliate against you for filing a complaint.

Mobile Privacy

• No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

• All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

• You can opt out at any time by replying STOP.

• Message and data rates may apply.

NOTICE: This Privacy Policy and HIPAA Notice are provided for general informational purposes. Please consult legal counsel to tailor these documents to your operations and to confirm compliance with federal and Texas laws.