Skip to main content

HIPAA Privacy Policy

Updated

CareCar is dedicated to protecting the privacy and security of your Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy laws. This HIPAA Privacy Policy explains how we collect, use, store, and disclose your health information when you use our services.

This policy applies to all users of the CareCar platform, including CareCar Members (patients), Care Partners (caregivers and transportation providers), and Coordinators. It explains how CareCar handles health-related data, including information collected via our app, website, and third-party integrations.

What Information We Collect

When you use CareCar’s services, we may collect the following types of Protected Health Information (PHI):

  • Personal Information: Name, date of birth, contact details (email, phone number, address).
  • Health Information: Medical conditions, mobility needs, and special care requirements related to transportation.
  • Trip & Service Details: Pickup/drop-off locations, ride history, and service preferences.
  • Payment & Insurance Information: Payment details, Medicaid/Medicare ID, or private insurance information for eligibility verification.
  • Device & Usage Data: IP address, device type, app interactions, and GPS data for ride tracking.

How We Use Your Health Information

We use PHI for the following purposes:

  • Providing and coordinating non-emergency medical transportation (NEMT) services.
  • Ensuring member safety by sharing relevant information with Care Partners.
  • Processing payments and verifying insurance eligibility.
  • Improving our services through analytics and user feedback.
  • Complying with legal and regulatory obligations.
  • Communicating with you about service updates, trip notifications, and support inquiries.

How We Share Your Health Information

We only share PHI as permitted or required by HIPAA, HITECH, and state law:

  • With your consent: We may share PHI with family members, caregivers, or other authorized representatives.
  • With Care Partners (transport providers): To provide you with safe and efficient transportation services.
  • With healthcare providers and payers: If needed for billing, insurance verification, or care coordination.
  • With legal authorities: If required by law, court order, or regulatory inquiry.
  • With third-party service providers: Who assist with IT security, payment processing, or analytics under strict privacy agreements.
  • For public health and safety: In case of emergencies, to prevent disease spread, or as required by government authorities.

We DO NOT sell, rent, or share your PHI for marketing purposes.

How We Protect Your Information

We use industry-standard HIPAA-compliant safeguards to protect your PHI, including:

  • Data Encryption: Protects PHI in transit and at rest.
  • Access Controls: Limits PHI access to authorized personnel only.
  • Secure Storage: Uses protected databases and firewalls to prevent unauthorized access.
  • Regular Security Audits: Ensures compliance with HIPAA and state privacy laws.

In the event of a security breach affecting PHI, we will notify affected individuals and relevant authorities as required by HIPAA’s Breach Notification Rule.

Your Rights Under HIPAA

Under HIPAA, you have the following rights regarding your PHI:

  • Right to Access: You can request a copy of your PHI.
  • Right to Amend: You can request corrections to inaccurate or incomplete PHI.
  • Right to Restrict Disclosures: You can request limitations on how we use or share your PHI.
  • Right to Request Confidential Communications: You can ask us to contact you in a specific manner.
  • Right to File a Complaint: If you believe your privacy rights have been violated, you can file a complaint with CareCar at legal@carecar.co or with the U.S. Department of Health & Human Services (HHS).

To exercise your rights, email us at legal@carecar.co.

Retention & Deletion of PHI

CareCar retains PHI only as long as required by law or for necessary business purposes. Once no longer needed, PHI is securely deleted or de-identified.

Changes to This Policy

CareCar may update this HIPAA Privacy Policy periodically. We will notify users of significant changes via email or app notifications.

Related to

Related articles