Privacy Policies and Procedures

---

Ubuntu Care, LLC 

92 Central Street, Unit #8, Lowell, MA 

Website: www.ubuntucarellc.com 

Phone: 978-455-8324

Ubuntu Care, LLC is committed to protecting the privacy and confidentiality of all clients, caregivers, and staff. This policy outlines our standards for handling, storing, and sharing personal and health-related information in compliance with Massachusetts state laws, HIPAA, and MassHealth regulations.

This policy applies to all staff, contractors, caregivers, and third parties who have access to Ubuntu Care, LLC’s client records and data.

• Ubuntu Care, LLC ensures the confidentiality, integrity, and security of all client information, including but not limited to:
   
  • Names, addresses, phone numbers, and emails
  • Medical records and diagnoses
  • Medication lists and treatment plans
  • Insurance and financial data
• Staff and caregivers must only access client records for approved care purposes.
   

• All client records are stored in locked filing cabinets (for physical records) or encrypted electronic systems (for digital records).
• Access to sensitive information is password-protected and restricted to authorized personnel only.
• Regular data audits are conducted to ensure compliance.

• Clients have the right to access their medical and personal records upon written request.
• Requests for amendments to records will be reviewed and addressed within 30 days.

• Client information will not be shared without written consent, except when required by law, court order, or MassHealth regulations.
• Caregivers and staff must obtain client consent before disclosing PHI to family members, guardians, or third-party providers.

• All employees receive annual HIPAA training to ensure understanding of privacy laws.
• Violations of privacy policies may result in disciplinary action, including termination.

• Any data breaches or unauthorized access to client records must be reported immediately to the Privacy Officer.
• Ubuntu Care, LLC will notify affected individuals within 60 days of a breach, as required by HIPAA.

• Vendors, partners, and subcontractors must sign confidentiality agreements before accessing any client data.
• Third-party services (e.g., billing, electronic medical records) must comply with HIPAA and state privacy laws.

• Clients have the right to file privacy-related complaints without fear of retaliation.
• Complaints can be submitted via email, phone, or in person and will be addressed within 10 business days.

• This policy is reviewed annually and updated as needed to align with state and federal regulations.