HIPAA & PRIVACY POLICY

Valbona Concierge Nursing

1. PURPOSE

Valbona Concierge Nursing is a HIPAA-covered health care provider and is committed to protecting the privacy and confidentiality of patient health information in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and applicable Florida laws, including Florida Statutes §456.057 and the Florida Information Protection Act (FIPA).

This policy establishes standards for the collection, use, storage, protection, and disclosure of Protected Health Information (PHI) and other personal information handled by Valbona Concierge Nursing.

2. SCOPE

This policy applies to:

    •    The business owner

    •    Any contracted or employed nurses

    •    Administrative staff

    •    Any individual, vendor, or business associate with authorized access to patient information

All individuals within the scope of this policy must comply with HIPAA, applicable Florida laws, and this policy when handling PHI.

3. DEFINITION OF PROTECTED HEALTH INFORMATION (PHI)

Protected Health Information (PHI) is individually identifiable health information in any form (electronic, paper, or oral) that relates to:

    •    A patient’s past, present, or future physical or mental health or condition

    •    The provision of health care

    •    Payment for health care

PHI includes, but is not limited to:

    •    Name, date of birth, address, phone number, email, and other identifiers

    •    Medical history, diagnoses, medications, allergies, treatment plans, and clinical notes

    •    Laboratory and diagnostic test results

    •    Insurance, payment, and billing information

4. COLLECTION OF PHI

Valbona Concierge Nursing collects PHI only as necessary to provide safe, high-quality patient care and to operate the practice.

PHI may be collected through:

    •    Patient intake and registration forms

    •    Consent and authorization forms

    •    Virtual or in-person consultations and home visits

    •    Secure electronic communications and telehealth platforms

    •    Provider-authorized documentation and care coordination tools

The minimum necessary standard applies to all collection of PHI.

5. USE AND DISCLOSURE OF PHI

5.1 Permitted Uses and Disclosures Without Authorization

PHI may be used or disclosed without written authorization, as permitted or required by law, for:

    •    Treatment: Providing, coordinating, or managing health care and related services

    •    Payment: Billing, claims management, and payment activities, if applicable

    •    Health Care Operations: Quality improvement, auditing, credentialing, training, and administrative activities

PHI may also be disclosed without authorization as permitted or required by law, including:

    •    Public health reporting

    •    Reporting abuse, neglect, or domestic violence

    •    Health oversight activities

    •    Court orders, subpoenas, or lawful requests

    •    Preventing or lessening a serious and imminent threat to health or safety

5.2 Florida Confidentiality Requirements
Under Florida law, patient medical records are confidential and generally may not be disclosed without the patient’s written authorization, except as permitted or required by law.

Marketing or solicitation using patient information is prohibited unless the patient provides specific written authorization.

5.3 Uses and Disclosures Requiring Written Authorization

Written authorization is required for:

    •    Uses or disclosures of psychotherapy notes (if applicable)

    •    Marketing uses not otherwise permitted by law

    •    Sale of PHI

    •    Any use or disclosure not otherwise permitted or required by law

Patients may revoke authorization in writing at any time, except where action has already been taken in reliance on the authorization.

5.4 Minimum Necessary

Except for treatment purposes or where required by law, Valbona Concierge Nursing makes reasonable efforts to use or disclose only the minimum PHI necessary to accomplish the intended purpose.

6. NOTICE OF PRIVACY PRACTICES (NPP)

Valbona Concierge Nursing provides each patient with a Notice of Privacy Practices that explains how PHI may be used and disclosed and outlines patient rights under HIPAA and Florida law.

The NPP is provided at or before the first service encounter when feasible and is available in paper or electronic form upon request.

7. STORAGE AND SECURITY OF PHI

Valbona Concierge Nursing protects PHI through administrative, physical, and technical safeguards appropriate to a concierge nursing and home-care environment, including:

    •    Secure electronic systems with role-based access

    •    Password-protected and encrypted devices where feasible

    •    HIPAA-compliant platforms for documentation, scheduling, messaging, and telehealth

    •    Business Associate Agreements with vendors as required

    •    Secure handling and storage of paper records

    •    Proper disposal or shredding of records when no longer required

Access to PHI is limited to authorized individuals only.

8. PATIENT RIGHTS

Patients have the following rights under HIPAA and Florida law:

    1.    Right of Access – To inspect and obtain copies of their health information

    2.    Right to Request Amendment – To request corrections to their records

    3.    Right to Request Restrictions – On certain uses or disclosures

    4.    Right to Confidential Communications – By alternative means or locations

    5.    Right to an Accounting of Disclosures – As permitted by law

    6.    Right to a Copy of the Notice of Privacy Practices

Requests must be submitted in writing. Responses will be provided within legally required timeframes (generally within 30 days, with one allowable extension).

9. BREACH NOTIFICATION

A breach is an impermissible use or disclosure of unsecured PHI that compromises privacy or security.

In the event of a suspected or confirmed breach:

    •    Immediate steps will be taken to contain and mitigate harm

    •    A risk assessment will be performed

    •    Affected individuals will be notified without unreasonable delay and no later than 60 days

    •    Required notifications will be made to HHS and applicable Florida authorities

All breaches will be documented in accordance with law.

10. TRAINING, VENDORS & COMPLIANCE

All individuals with access to PHI must:

    •    Review this policy and the Notice of Privacy Practices

    •    Complete HIPAA training upon onboarding and periodically thereafter

    •    Report any suspected privacy or security incident immediately

Valbona Concierge Nursing will:

    •    Maintain required Business Associate Agreements

    •    Enforce sanctions for non-compliance, which may include retraining, discipline, termination, or reporting to licensing authorities

11. POLICY REVIEW AND ADMINISTRATION

This policy is administered by the practice owner or designated Privacy Officer and is reviewed at least annually and updated as needed to reflect changes in law or practice operations.

12. CONTACT INFORMATION

For questions, privacy requests, or concerns:

Valbona Concierge Nursing

Saint Johns County, Florida

📧 info@conciergenursingfl.com

📞 904-649-3688

Patients may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, or appropriate Florida authorities. No retaliation will occur for exercising privacy rights.

 Effective Date:  December 14, 2025

Last Review Date: December 14, 2025

Approved By: Valbona Concierge Nursing