top of page

Privacy Policy

Kyleen Care Agency — Privacy Policy

 

Effective date: September 12, 2025

 

Who we are. Kyleen Care Agency (“we”, “our”, “us”) provides in-home caregiving and related services to clients in Dallas, Texas and surrounding areas.

Purpose of this policy. This Privacy Policy explains how Kyleen Care Agency collects, uses, discloses, safeguards, and retains personal information and protected health information (PHI) collected in the course of providing caregiving services, and the rights of individuals whose information we hold.

 

 

1. Scope — why this matters

 

Many of the records we create or receive when providing home-care services qualify as protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). As a health-care provider, we follow the HIPAA Privacy, Security, and Breach Notification Rules and applicable Texas laws governing medical records and data breach notifications. (HHS.gov)

2. Information we collect

 

We collect and maintain two types of information:

A. Personal and administrative information

  • Client name, birthdate, contact details, emergency contacts, billing and insurance information, demographic details, next of kin, and caregiver assignment details.

 

B. Health information / PHI

  • Medical history, diagnoses, medication lists, treatment notes, functional status, care plans, progress notes, incident reports, and any other health information created or received in connection with care.

 

3. How we use information

 

We use personal information and PHI to:

  • Provide, coordinate, and manage care and services.

  • Communicate with clients, families, and authorized representatives.

  • Bill and collect payment from clients, insurers, or other payers.

  • Comply with legal, regulatory, and quality-assurance requirements.

  • Improve our services, train staff, and conduct internal audits.

 

These uses are permitted under HIPAA for treatment, payment, and health-care operations unless we state otherwise, and clients have rights over certain disclosures of their PHI. (HHS.gov)

 

4. When we may disclose information

We will not sell PHI. We may disclose PHI or personal information to:

  • Health care providers, hospitals, and pharmacies for coordination of care.

  • Payers and billing agents for insurance claims and payment.

  • Business associates (vendors) who perform services for us under written contracts that require HIPAA protections (e.g., electronic health record vendors, billing companies).

  • Public health or legal authorities when required by law (e.g., reporting communicable diseases, court orders).

  • In emergencies or to prevent a serious and imminent threat to health or safety, where permitted by law.

  • When the client has signed a valid authorization permitting disclosure (e.g., for marketing, third-party requests outside normal care).

 

If a disclosure requires the client’s written authorization under HIPAA (for example most marketing uses or most uses of psychotherapy notes), we will obtain that authorization before disclosure. (HHS.gov)

5. Business associates and third parties

We use vendors (business associates) to support our operations. All vendors with access to PHI must sign a HIPAA Business Associate Agreement (BAA) requiring appropriate safeguards and breach reporting. If a business associate experiences a breach affecting PHI, they are required to notify us so we can meet our legal obligations. (HHS.gov)

6. Data security and safeguards

 

We maintain administrative, physical, and technical safeguards designed to protect PHI against unauthorized access, disclosure, alteration, and destruction. Safeguards include staff training, access controls, password protections, encryption where feasible for electronic records, secure storage of paper records, and routine risk assessments. While we use reasonable safeguards, no method of transmission or electronic storage is 100% secure.

7. Retention and destruction

We retain records as required by applicable federal and Texas law and by professional standards. When records are no longer required to be kept, we securely destroy or de-identify them in a manner consistent with legal and regulatory requirements.

8. Individuals’ rights (access, amendment, accounting)

Under HIPAA, individuals have certain rights regarding their PHI, including:

  • Right to access and obtain a copy of their PHI (subject to limited exceptions).

  • Right to request amendment of inaccurate or incomplete PHI.

  • Right to request an accounting of certain disclosures of PHI.

  • Right to request restrictions on certain uses and disclosures (we are not always required to agree, but we will consider reasonable requests).

  • Right to request confidential communications by alternative means or at alternative locations.

 

To exercise these rights, contact our Privacy Officer (see contact section). We will respond within the timeframes required by law. (HHS.gov)

9. Breach notification

If there is an unauthorized acquisition, access, use, or disclosure of unsecured PHI that constitutes a breach, we will follow the HIPAA Breach Notification Rule and applicable Texas breach notification laws. This generally requires:

  • Notifying affected individuals without unreasonable delay and as required by law.

  • Filing notification with the U.S. Department of Health & Human Services (HHS) (breaches affecting 500+ individuals must be reported promptly and publicized; smaller breaches are reported to HHS annually). (HHS.gov)

 

Under Texas law (e.g., the Texas Identity Theft Enforcement and Protection Act and Business & Commerce Code Chapter 521), businesses that maintain sensitive personal information must notify affected Texas residents and report the breach to the Texas Attorney General’s office when required. Civil penalties and other enforcement may apply for failures to comply. (law.justia.com)

10. Special Texas protections & state law interaction

Texas has state statutes and authorities (including the Texas Medical Records Privacy Act/Health & Safety Code Chapter 181 and the Texas Attorney General’s consumer-privacy resources) that complement federal protections. Where state law provides greater protection or narrower disclosure rules than federal law, we will comply with the stricter requirement. You may file complaints with the Texas Attorney General or with HHS OCR if you believe your rights have been violated. (statutes.capitol.texas.gov)

11. Minors and guardians

For clients who are minors or have a legal guardian, PHI access and authorization procedures may involve parents, guardians, or appointed surrogates as allowed by law and our licensing/consent policies.

12. Marketing, fundraising, and research

  • Marketing: We will obtain written authorization before using PHI for marketing when required by law.

  • Fundraising and research: We may use de-identified data or seek required authorizations or waivers for research; any fundraising communications will include an opt-out method.

 

13. Cookies, website & electronic communications

If you interact with our website, we may collect technical and usage information (IP address, device type, pages visited). We do not knowingly collect PHI via our public website. Any electronic communications (email, SMS) containing health details require secure channels; we will not transmit sensitive PHI via unsecured email/SMS unless the client consents and we document the risks.

14. Complaints, questions, and contact

 

If you have questions, want to exercise your HIPAA rights, or wish to file a complaint, contact:

Privacy Officer

Kyleen Care Agency

4815 Westgrove Drive, Addison, Texas 75001, USA

Phone: +1 (918) 882-5770

Email: info@kyleencare.com

You may also file a complaint with:

  • U.S. Department of Health & Human Services, Office for Civil Rights (OCR). (HHS.gov)

  • Texas Attorney General’s Consumer Protection Division. (texasattorneygeneral.gov)

 

We will not retaliate against anyone for filing a complaint.

15. Changes to this policy

We may update this Privacy Policy to reflect changes in law, technology, or our business practices. If we make material changes, we will post the revised policy and the effective date. For significant changes affecting patient rights, we will notify affected individuals as required by law.

16. A short summary for clients

Kyleen Care Agency protects your privacy: we collect the information needed to provide safe, high-quality in-home care, limit access to authorized staff and vendors, follow HIPAA and Texas law, and promptly notify you if your information is compromised. (HHS.gov)

Selected legal references (authoritative sources)

  1. HHS — Summary of the HIPAA Privacy Rule and HIPAA home page. (HHS.gov)

  2. HHS — HIPAA Breach Notification Rule and HITECH guidance. (HHS.gov)

  3. Texas Business & Commerce Code, Chapter 521 (data breach notification). (law.justia.com)

  4. Texas Attorney General — Patient Privacy & Data Breach reporting guidance. (texasattorneygeneral.gov)

bottom of page