Introduction

At HSA Care, we are committed to protecting the personal and health information of our clients, employees, and partners. This Data Protection Policy outlines our approach to data security and privacy, ensuring compliance with applicable U.S. data protection laws, including HIPAA (Health Insurance Portability and Accountability Act) and other relevant regulations.

Scope

This policy applies to all personal data, whether electronic or paper-based, that HSA Care collects, stores, processes, and shares in the provision of home care services.

Data Protection Principles 

HSA Care adheres to the following key data protection principles:

• Lawfulness, Fairness, and Transparency – Data is processed lawfully, fairly, and transparently.
  Purpose Limitation – Data is collected only for specified and legitimate purposes.
  Data Minimization – We collect only the minimum necessary data required for care services.
  Accuracy – Personal data is kept accurate and up to date.
  Storage Limitation – Data is retained only as long as necessary for the purposes for which it was collected.
  Integrity and Confidentiality – Data is secured against unauthorized access, loss, or damage.

Data Subject Rights

Clients and employees have the right to:

• Access their personal data.
  Request corrections or deletions of inaccurate or outdated data.
  Restrict processing of their data in certain circumstances.
  Data portability, allowing data transfer in a structured format.
  Withdraw consent at any time, where applicable.
  Lodge a complaint regarding data handling.

Data Protection Measures

To ensure compliance, HSA Care implements the following security measures:

• Data Protection by Design & Default – Embedding data security into all IT systems and operations.
  Security Measures – Using encryption, access controls, firewalls, and secure storage for sensitive data.
  Data Protection Impact Assessments (DPIAs) – Conducting risk assessments before implementing new processing activities.
  Training & Awareness – Educating employees on data protection best practices.
  Data Breach Response Plan – Having a structured response procedure, including notifications to affected individuals and regulatory bodies if required.

Data Sharing and Transfers

Any sharing or transfer of personal data to third parties or external organizations will be conducted only in compliance with U.S. data protection laws, ensuring adequate security safeguards are in place.

Responsibilities

• Data Protection Officer (DPO) – Oversees data protection strategy, compliance, and implementation.
  Employees & Caregivers – Must adhere to all data protection policies and procedures.

Review and Updates

This policy will be reviewed annually and updated as necessary to reflect changes in legal requirements, best practices, or operational needs.

Contact Information

For any questions or concerns regarding data protection at HSA Care, please contact our Data Protection Officer at: