HIPAA – Ensign Health

HIPAA Notice

Introduction

Ensign Health is committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy and security of protected health information (PHI) handled in connection with our services for long-term care facilities. This HIPAA Policy outlines our practices for safeguarding PHI related to our medical services, remote monitoring, chronic illness management, and data-driven solutions.

Scope

This policy applies to all PHI collected, used, or disclosed by Ensign Health in the course of providing services to nursing homes, including data from in-bed monitoring devices and analytics for our solutions.

HIPAA Compliance Practices

• Safeguarding PHI: We use administrative, technical, and physical safeguards, such as encryption, secure servers, and access controls, to protect PHI from unauthorized access, use, or disclosure.
• Business Associate Agreements: When working with long-term care facilities, we enter into HIPAA-compliant Business Associate Agreements (BAAs) to ensure PHI is handled in accordance with federal regulations.
• Limited Use and Disclosure: PHI is only used or disclosed as permitted by HIPAA, such as for providing medical services, remote monitoring, chronic illness management, or generating solutions for nursing home administrators. Disclosures are limited to the minimum necessary to achieve the intended purpose.
• Staff Training: Our personnel are trained on HIPAA requirements to ensure compliance in all interactions involving PHI.
• Data from Monitoring Devices: Data collected from discreet, in-bed monitoring devices is encrypted and securely transmitted to our systems, where it is used solely for delivering services and generating solutions.
• Breach Notification: In the unlikely event of a data breach, we will notify affected facilities and individuals as required by HIPAA and applicable laws.

Your Rights Under HIPAA

As a business associate of covered entities (e.g., long term care facilities), we support your facility’s obligations to provide individuals with rights to their PHI, including:
• Access to or copies of their PHI.
• Requests to amend or restrict the use of their PHI.
• An accounting of disclosures.

Contact your facility’s HIPAA compliance officer or Ensign Health at [email protected] to exercise these rights.

Website Data

Information collected through our website (e.g., contact form submissions) is not considered PHI unless explicitly provided for service-related purposes. See our Privacy Policy for details on website data handling.

Changes to This Policy

We may update this HIPAA Policy periodically to reflect changes in our practices or legal requirements. Updates will be posted on this page with an updated “Last Updated” date.

Contact Us

For questions about our HIPAA compliance or this policy, contact:

Email: [email protected]
Phone: (385) 340-3130
Mailing Address: 41 N. 400 W. Box #332 Logan, UT 84321