Learn how our new partnerships empower caregivers!
Learn how our new partnerships empower caregivers!

Notice of HIPAA Privacy Practices

Effective Date: February 3, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Entities and Individuals Covered by this Notice

This Notice describes the privacy practices of the following covered entities that provide health care services under the Abby Care name (each an "Abby Care Provider Entity" and together the “Abby Care Provider Entities”): 

- Elite Staffing Services Inc.
- First Choice Home Health Care Services LLC
- Innovative Care LLC
- Pinnacle Homecare Services LLC
- Artemis Home Care LLC
- Just CNA LLC
- High Priority Inc.

The Abby Care Provider Entities listed above participate in an Organized Health Care Arrangement (“OHCA”).  This means that we work together as an integrated healthcare delivery system to coordinate your care and manage our joint operations.  As a part of this OHCA, the Abby Care Provider Entities may share your protected health information with each other as necessary to carry out treatment, billing and payment, or healthcare operations relating to the OHCA. This joint arrangement allows us to provide you with coordinated, high-quality health care services across our system. 

Throughout this Notice, when we say "Abby Care," "we," "our," or "us," we are referring to the Abby Care Provider Entities listed above. Wellspring Care Inc. (doing business as Abby Care) provides services to support the Abby Care Provider Entities. These services include administrative support, information technology, compliance, billing, and other operational functions. Wellspring Care Inc. is a Business Associate of the Abby Care Provider Entities and is required by contract and federal law to protect your information in accordance with HIPAA regulations

Information Covered by This Notice

This Notice describes the information privacy practices that each of the following will follow: 

- Any health care professional who provides services to you through the Abby Care Provider Entities; 
- All departments and units of the Abby Care Provider Entities; 
- All employees, contractors, and volunteers of the Abby Care Provider Entities, including those at regional offices and service locations. 

These individuals and entities may share your health information with each other for treatment, payment, or health care operations purposes as described in this Notice. We also use and disclose your health information for other reasons as permitted or required by law. 

IMPORTANT: Your personal physician and other health care providers outside of the Abby Care Provider Entities have their own privacy practices and notices. This Notice does not apply to them.

If you have any questions about this Notice, you may contact us in any of the manners described at the end of this Notice. We are happy to explain this Notice to you or your family members.  A copy is always available at www.abbycare.org/hipaa or by request at any Abby Care service location.

When we receive information in connection with the health care services we provide that relates to your past, present, or future physical or mental health or condition, to the provision of health care to you, or to your past, present, or future payment for health care, that information is considered “protected health information” or “PHI” under HIPAA, and this Notice applies to that information. In other circumstances, the information that we receive from you may not relate to your health or health care. In those circumstances, we keep any personal information that we collect from you safe, private, and confidential under the terms of our Privacy Policy. In either situation, as further described in our Privacy Policy, we will not rent or sell your personal information or Protected Health Information, and we will not permit our business partners to rent or sell your personal information or Protected Health Information either.

Our Commitment to Your Privacy

We understand that health information about you is private and personal. We are dedicated to maintaining the privacy and integrity of the PHI that we receive from you as part of your application for or participation in our health care services.

We are required by law to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices related to that information. When we use or disclose your PHI, we are required to abide by the terms of this Notice (or any other Notice in effect at the time of the use or disclosure). We will let you know promptly in the event that a breach occurs that may have compromised the privacy or security of your PHI.

How We May Use and Disclose Protected Health Information About You

Below, we describe different ways that we may use your PHI amongst ourselves and ways we may disclose your PHI to other persons and entities. We have not listed every possible use or disclosure in the list below, but all of the ways that we may use and disclose PHI fall within one of the categories below. As we describe below, some uses and disclosures will require your specific authorization.

The list below includes examples of ways that we may disclose PHI about you without a written authorization from you.

- Treatment. We may use your PHI and disclose it to a physician or other health care provider to provide treatment and other services to you. For example, we may disclose your health information to your physician so that he or she may monitor your health information while receiving health care services through the Abby Care program.
- Payment. We may use and disclose your PHI to obtain payment for the services that we provide to you. For example, we may disclose certain PHI to claim and obtain payment from your health insurer, your HMO, or any other company that arranges for or pays the cost of your health care (“Your Payor”) or to verify that Your Payor will pay for that health care.
- Our Health Care Operations. We may use and disclose your PHI for our health care operations. Examples of our health care operations include training clinical personnel, improving the operation of the Abby Care Services, and other internal management functions such as legal and audit processes. 
- Health Care Operations of Other Covered Entities. We are also permitted to share PHI about you with other covered entities that have a relationship with you (including, in some circumstances, your employer’s health plan, your health insurer, or other health care providers) for their health care operations and to certain companies that provide those covered entities with services as their business associates. For example, we might share PHI about you with your physician’s office to enable the physician to demonstrate to the government that the physician referred you to a particular program and how that program is working for you. Other examples of another covered entity’s health care operations may include using PHI about you for quality assessment activities, for disease management programs, or to improve quality of care.
- Disclosure at Your Request. If you ask us to send PHI about you to a third party, such as a friend, family member, or health care provider, we will do so if we believe that your request is authentic. We may ask you to prove your identity before we honor this request. We may need up to 60 days to honor a request like this, depending on the data that you would like us to disclose, but in most cases, we can honor this request in 30 or fewer days.
- Business Associates. We provide some aspects of our health care services through contracts with business associates for whom we are legally responsible. Examples of our business associates include companies for secure cloud hosting, management consultants, quality assurance reviewers, accreditation agencies, and billing and collection services. We may disclose your PHI to our business associates so that they can perform the jobs that we have asked them to perform. To protect your PHI, we require our business associates to sign written agreements requiring that they appropriately safeguard your PHI and use it only as we permit.  

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

- Share information with your family, close friends, or others involved in your care
- Share information in a disaster relief situation

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest.  We may also share your information when needed to lessen a serious and imminent threat to health or safety.   

- Health Information Exchange. We may use and disclose your PHI as part of a Health Information Exchange (HIE) so that we can exchange additional PHI about you with other healthcare organizations for treatment, payment, and/or health care operations purposes.

Additional Special Situations That Do Not Require Your Authorization

The following categories describe some additional circumstances in which we may use or disclose your PHI without your authorization. For disclosures such as these, the information, once disclosed, may be used and redisclosed by the recipient and, accordingly, no longer protected by HIPAA.

- Public Health Activities. We can share health information about you for certain situations such as: 
   - Preventing disease 
    - Helping with product recalls 
    - Reporting adverse reactions to medications 
    - Reporting suspected abuse, neglect, or domestic violence
    - Preventing or reducing a serious threat to anyone’s health or safety
- Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities authorized by law. One example of a health oversight agency is a state health insurance regulator or Medicaid program. These oversight activities include, for example, audits, investigations, inspections, licensure, and other activities necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
- Lawsuits and Other Legal Disputes. We may use and disclose PHI in responding to a court or administrative order, a subpoena, or a discovery request. We may also use and disclose your PHI without your authorization to the extent permitted by law in any other way related to our legal disputes, such as to defend against a lawsuit or in arbitration.
- Law Enforcement Officials. We may disclose your PHI to the police or other law enforcement officials as required or permitted by law.
- Comply with Law.  We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law. 
- Coroners and Medical Examiners. We may disclose your PHI to a coroner or medical examiner as authorized by law.
- Organ and Tissue Donation. We may disclose your PHI to organizations that facilitate organ, eye, or tissue procurement, tissue banking, or transplantation.
- Research. We can use or share your information for health research. 
- Specialized Government Functions. We may use and disclose your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State, under certain circumstances. 
- Correctional Institutions. If you are or become an inmate of a correctional institution, we may disclose to the institution, or its agents, PHI necessary for your health and the health and safety of other individuals.
- Workers’ Compensation. We may disclose your PHI as authorized by and to the extent necessary to comply with state laws relating to workers’ compensation or other similar programs.

Restrictions on Certain Types of Information 

In some cases, state laws provide special protections for, and may restrict the use or disclosure of, certain kinds of PHI. For example, additional protections may apply in some states to genetic, mental health, biometric, minors, prescriptions, sexually transmitted disease and/or HIV/AIDS-related information. In these situations, we will comply with the more stringent applicable laws pertaining to such use or disclosure.

Some of your health information may be protected by federal law under 42 CFR Part 2, which provides additional privacy protections for records related to substance use disorder (SUD) treatment. These protections apply in addition to HIPAA. 

If you have provided your written consent to a treating provider, and we receive SUD records through that consent, we may use and disclose those records for treatment, payment, and health care operations consistent with your consent.  A single consent may authorize all future uses and disclosures for these purposes. 

We will not use or disclose your SUD records any civil, criminal, administrative, or legislative proceedings against you, unless you consent or we have an order of a court compelling the disclosure and you have been provided with notice of the order.

Situations That Do Require Your Authorization

If we need to use your PHI for reasons that have not been described in the sections above, we will obtain your written permission, which is referred to as a written “authorization.” If you authorize us to use or disclose PHI about you, you may revoke that authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose PHI about you for the reasons stated in that written authorization, except to the extent we have already acted in reliance on your authorization. Any revocation of an authorization applies only to what you or your representative had authorized and does not apply to the situations above where we are permitted to use or disclose PHI about you without an authorization. You understand that we are unable to take back any disclosures that we have already made with your permission and that we are required to retain our records of the care we provide to you. 

Your Rights Regarding Your PHI

You have the following rights regarding PHI that we maintain about you. You may contact us to obtain additional information and instructions for exercising these rights in any of the manners described at the end of this Notice.

- Right to Request Additional Restrictions. You may request restrictions on our use and disclosure of your PHI for treatment, payment, and health care operations. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction (except where you request that we not disclose PHI to a health plan, and the PHI relates solely to a health care item or service for which you personally have paid in full).
- Right to Receive Confidential Communications. You may request to receive your PHI by alternative means of communication or at alternative locations. For example, you can request that we only contact you at work or by mail. To request confidential communications, you must make your request in writing. We will not ask you for the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted. We note, however, that because our Health Care Services work best through an online digital platform, a request for alternative communications may negatively impact how you experience the Health Care Services.
- Copies of Your Records.  You have an absolute right to obtain copies of the PHI about you that we collect and use in the normal course of providing health care services to you. You do not have a right to obtain copies of PHI in research databases or in data sets that we use to study and improve the quality of our business, to train our employees, or to manage the legal and financial aspects of our business.
    - We require that you make any request to obtain a copy of PHI about you in a manner that we can reliably conclude is authentic. You may request a copy of PHI about you in writing on paper, via an email where we have the means to confirm your identity, or through contacting privacy@abbycare.org in a manner that allows our support team to confirm your identity. If you would like your attorney or other legal representative to request PHI about you on your behalf, he or she must request the copy in writing as we have not issued any digital identity credentials to your representatives. We reserve the right to reject an online request as inauthentic.
   - Once we receive your authentic request, we will determine if the information that you have requested is easily available to you through your account with us, and we may instruct you how to access it. If providing the requested information entails more work from us, we will have up to 30 days to complete that work, which we may extend by another 30 days if necessary to prepare the data.
    - Once we receive your authentic request, we also will discuss with you the form and format in which you would like to receive the information, among those that we offer. For example, we will discuss with you whether you would like the information printed or in a secure spreadsheet. We will also discuss with you how to deliver the information. We are obliged to send PHI securely, and we do not allow the copying of PHI onto mobile storage devices like thumb-drives in order to protect the security of our systems.
    - We will provide (or transmit at your request) one copy of your PHI per calendar year at no cost to you. If you request more than one copy per calendar year, we may charge you for copying and mailing/transmission, and we will supply you with an estimate before proceeding.
- Right to Amend Your Records. You have the right to request that we amend PHI that we maintain about you. If you desire to amend your records, you must submit your request in writing, which may include an email or a secure message that we believe is authentically from you. We will comply with your request unless we believe that the information that would be amended is already accurate and complete or other special circumstances apply. If we deny your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
- Right to Receive an Accounting of Disclosures. You can request that we provide you with an “accounting of disclosures,” which summarizes the people and organizations outside of Abby Care to whom we have disclosed PHI about you (other than other covered entities that have a relationship with you and that have received PHI for permitted purposes as described above in this Notice). You must request any accounting of disclosures in writing and not by phone to ensure that we have written records detailing your request. You may request an accounting of disclosures in writing on paper, via an email where we have the means to confirm your identity, or through contacting privacy@abbycare.org in a manner that allows our support team to confirm your identity. We reserve the right to reject an online request as inauthentic. By submitting a written request, you may obtain an accounting of certain disclosures of your PHI made by us during any period of time within the six years preceding the date of your request. Your written request should indicate in which form you would like to receive this list (e.g., on paper or electronically). We will provide (or transmit at your request) one accounting of disclosures per calendar year at no cost to you. If you request more than one accounting of disclosures per calendar year, we may charge you the costs of fulfilling your request, and we will supply you with an estimate before proceeding.
- Copy of this Notice. You are entitled to a copy of this Notice. You may obtain a copy of this Notice at our website: https://www.abbycare.org/hipaa. You may print out a paper copy of this Notice from our website at any time. You are also entitled to ask that we print this Notice and mail it to you. To receive a paper copy of this Notice from us, you may contact us in any of the manners described at the end of this Notice.

Changes to this Notice

This Notice describes how we may access health information about you in compliance with HIPAA and how that information may be used in compliance with HIPAA. We are required to abide by the terms of the Notice that are currently in effect. We may prospectively change the terms of this Notice from time to time, but we may not change this Notice in a way that would violate HIPAA. Changes will apply to PHI that we currently maintain as well as new PHI that we receive after the change occurs. If we make material changes to our privacy practices, we will post the new Notice on our website at https://www.abbycare.org/hipaa. To receive a paper copy of any revised Notice from us, you may contact us in any of the manners described at the end of this Notice.

Concerns or Complaints

If you desire further information about your privacy rights, if you are concerned that we have violated your privacy rights, or if you disagree with a decision that we made about access to your PHI, you may contact our Privacy Officer in any of the manners described at the end of this Notice. You also may send a written complaint to the U.S. Department of Health and Human Services, Office of Civil Rights (and we can provide you with the office’s current address) or your state board governing your treating health care provider. We will not take any action against you for filing a complaint.

How to Contact Us

If you would like more information about your privacy rights, please contact us by calling (855) 817-2229 and asking to speak with the Privacy Officer or by emailing privacy@abbycare.org. Please direct any written requests to Abby Care at:

Wellspring Care Inc. dba Abby Care
Attn: Privacy Officer
612 Howard Street, Suite 400
San Francisco, CA 94105

Version Effective: February 3, 2025

Sign up to learn more

Receive news, updates and marketing communications from Abby Care.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

By subscribing, you agree to receive promotional emails and newsletters from us. You can unsubscribe at any time. For details on how we use your information, see our Privacy Policy.

© Wellspring Care Inc. DBA Abby Care. All rights reserved.
Privacy Policy
Terms of Use
HIPAA Notice
Non-Discrimination Policy