Effective Date: February 11, 2025
SmartAutomations.Care ("Company", "we", "our", or "us") is committed to safeguarding the privacy of visitors to our website
(https://www.smartautomations.care) and users of our services. This Privacy Policy outlines how we collect, use, and protect your personal data, including Protected Health Information (PHI), ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA), current data protection regulations, and best practices.
By using our website or services, you consent to the practices described in this Privacy Policy.
1. Information Collection
We collect both personal and non-personal information to provide and improve our services.
Personal Information
• Name
• Email address
• Phone number
• Other information submitted via website forms
Protected Health Information (PHI)
As a HIPAA Business Associate, we may receive, create, maintain, or transmit PHI on behalf of Covered Entities (healthcare providers, health plans, and healthcare clearinghouses).
PHI includes:
• Individually identifiable health information relating to past, present, or future
physical or mental health conditions
• Healthcare services provided to an individual
• Payment information for healthcare services
• Information that identifies an individual or could reasonably be used to identify them (names, dates of birth, Social Security numbers, medical record numbers)
Non-Personal Information
• Browser type
• Device information
• IP address
• Cookies and tracking technologies
How Data is Collected
• Contact forms and service applications
• Business Associate Agreements with Covered Entities
• Cookies and analytics tools
2. Use of Collected Information
We use collected information for the following purposes:
General Use
• Providing Services: To manage and deliver client services
• Customer Support: To respond to inquiries and provide assistance
• Communications: To send updates, newsletters, and promotional materials (you may opt-out at any time)
• Website Improvement: To enhance user experience and functionality
• Legal Compliance: To meet legal and regulatory obligations HIPAA-Compliant Use of PHI
We use and disclose PHI only as permitted by our Business Associate Agreements and HIPAA regulations:
• To perform services on behalf of Covered Entities as specified in Business Associate Agreements
• For proper management and administration of our business, when permitted by our agreements
• As required by law
• To the individual who is the subject of the PHI
• With proper authorization from the individual
We adhere to the "minimum necessary" standard, limiting PHI use and disclosure to the minimum amount needed to accomplish the intended purpose.
3. Data Sharing and Disclosure
We do not sell or rent your information. We may share your data only in the following circumstances:
Service Providers and Subcontractors
We may share information with trusted vendors who provide services on our behalf (IT services, marketing, cloud storage). All such providers who handle PHI enter into Business Associate Agreements and are required to maintain the same level of privacy and security protection.
Covered Entities
We share PHI with the Covered Entities we serve as required to perform our contracted services and as specified in our Business Associate Agreements. Legal Requirements We may disclose information when required by law, court order, or to comply with legal processes, or when necessary to protect the rights, property, or safety of SmartAutomations.Care, our clients, or others.
4. HIPAA Compliance and Business Associate Responsibilities
As a HIPAA Business Associate, we are contractually and legally obligated to:
• Implement appropriate administrative, technical, and physical safeguards to protect PHI
• Report any breaches of unsecured PHI to Covered Entities without unreasonable delay and no later than 60 days after discovery
• Ensure that any subcontractors who handle PHI agree to the same restrictions and safeguards
• Make PHI available to individuals upon request and allow for amendments as required by HIPAA
• Maintain and provide information necessary for Covered Entities to fulfill their accounting of disclosures obligations
• Make our internal practices, records, and policies available to the U.S. Department of Health and Human Services (HHS) for compliance reviews
• Return or destroy PHI upon termination of our agreements with Covered Entities, when feasible
5. Individual Rights Under HIPAA
If you are an individual whose PHI we maintain on behalf of a Covered Entity, you have the following rights:
Right to Access
You have the right to inspect and obtain copies of your PHI maintained in our designated record sets. Requests must be submitted in writing.
Right to Amendment
You may request that we amend your PHI if you believe it is inaccurate or incomplete. We will coordinate with the applicable Covered Entity to process amendment requests.
Right to Accounting of Disclosures
You have the right to receive an accounting of certain disclosures of your PHI made by us in the six years prior to your request.
Right to Request Restrictions
You may request restrictions on how we use or disclose your PHI. While we will consider all requests, we are not required to agree to all restrictions.
How to Exercise Your Rights
To exercise any of these rights regarding PHI, please contact us using the contact information provided at the end of this policy. In most cases, you should also contact your healthcare provider or health plan (the Covered Entity) directly, as they are primarily responsible for responding to these requests.
6. Data Storage and Security
We implement comprehensive administrative, technical, and physical safeguards to protect all personal information, including PHI:
Technical Safeguards
• Encryption: Secure protocols (SSL/TLS) for data transmission and encryption for data at rest
• Access Controls: Authentication mechanisms and role-based access restrictions
• Audit Controls: Logging and monitoring of system activity
• Automatic Logoff: Timeout mechanisms for inactive sessions Physical Safeguards
• Secure Servers: Restricted and protected data storage facilities
• Facility Access Controls: Limited physical access to areas containing PHI
• Workstation Security: Policies governing use and security of workstations
• Device and Media Controls: Secure disposal and reuse of electronic media Administrative Safeguards
• Privacy Official: Designated privacy officer responsible for policy development and implementation
• Workforce Training: Regular HIPAA training for all personnel with access to PHI
• Risk Assessment: Regular security risk assessments and mitigation plans
• Sanctions: Disciplinary policies for workforce members who violate privacy policies
• Incident Response: Procedures for responding to security incidents and breaches
While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but maintain ongoing efforts to protect your information.
7. Breach Notification
In the event of a breach of unsecured PHI, we will:
• Notify the affected Covered Entity without unreasonable delay and no later than 60 calendar days after discovery
• Provide identification of each individual whose PHI has been, or is reasonably believed to have been, accessed, acquired, used, or disclosed
• Provide all information required for the Covered Entity to meet its own breach notification obligations
• Take appropriate steps to mitigate harmful effects and prevent future occurrences
8. Cookies and Tracking Technologies
Our website uses cookies for functionality and analytics:
• Essential Cookies: Required for core website functionality
• Analytical Cookies: Help us understand usage patterns and improve performance
You can manage cookie preferences through your browser settings. Disabling certain cookies may impact website usability. Cookies do not contain PHI.
9. User Rights (General Information)
For non-PHI personal information, you have the following rights:
• Access & Update: Request and amend your personal data
• Deletion: Request removal of your data, subject to legal and contractual limitations
• Withdraw Consent: Revoke consent for specific data processing activities
• Opt-Out: Unsubscribe from marketing communications via email links or by contacting us
10. Third-Party Links
Our website may contain links to external sites that are not governed by this Privacy Policy. We are not responsible for the privacy practices of third-party websites. Please review their privacy policies independently.
11. Data Retention
We retain personal information and PHI for as long as necessary to:
• Fulfill the purposes described in this Privacy Policy
• Comply with our Business Associate Agreements
• Meet legal, regulatory, and compliance requirements (HIPAA requires retention of documentation for at least 6 years)
• Resolve disputes and enforce our agreements
12. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it promptly.
13. Changes to This Privacy Policy
We may revise this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will update the "Effective Date" at the top of this policy when changes are made. Material changes will be communicated through appropriate channels. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
14. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Website: https://smartautomations.care/contact
Email: Available through our contact page
---
Additional Resources:
• For more information about HIPAA: www.hhs.gov/hipaa
• For our Terms of Service: https://smartautomations.care/terms-of-service
• For our Trust Center: https://trust.smartautomations.care
External sites are not governed by this policy. Please review their policies independently.
