Sweetheart Healthcare, LLC
HIPAA Notice of Privacy Practices
In compliance with HIPAA – The Health Insurance Portability and Accountability Act of 1996
If you are a client of Sweetheart Healthcare, this notice describes how your medical information may be used and disclosed and how you can get access to this information.
Effective Date of this amended Notice of Privacy Notice is March 4, 2026.
USES AND DISCLOSURES
Sweetheart Healthcare will not disclose your health information without your authorization, except as
described in this notice.
Plan of Care/Treatment. The Agency will use your health information for the plan of care/treatment; for
example, information obtained by a nurse/therapist will be recorded in your record and used to
determine the course of treatment. Your nurse/therapist and other health care professionals will
communicate with one another personally and through the case record to coordinate the care provided.
You may receive more than one service (program) during your treatment period with such information
shared between programs.
Payment. The Agency will use your health information for payment for services rendered. For example,
the Agency may be required by your health insurer to provide information regarding your health care
status so that the insurer will reimburse you or the Agency. The Agency may also need to obtain prior
approval from your insurer and may need to explain to the insurer your need for home care and the
services that will be provided to you.
Health Care Operations. The Agency will use your health information for health care operations. For
example, Agency therapist, nurse, field staff, supervisors and support staff may use information in your
case record to assess the care and outcomes of your case and others like it. This information will then be
used in an effort to continually improve the quality and effectiveness of the services we provide.
Regulatory and accrediting organizations may review your case record to ensure compliance with their
requirements.
Notification. In an emergency, the Agency may use or disclose health information to notify or assist in
notifying a family member, personal representative or another person responsible for your care, of your
location and general condition.
Public Health. As required by federal and state law, the Agency may disclose your health information to
public health or legal authorities charged with preventing or controlling disease, injury or disability.
Law Enforcement. As required by federal and state law, the Agency will notify authorities of alleged
abuse/neglect; and risk or threat of harm to self or others. We may disclose health information for law
enforcement purposes as required by law or in response to a valid subpoena.
Fundraising. The Agency may contact the patient to raise funds for the agency, or participation in
marketing and advertising events.
Charges against the Agency. In the event, you should file suit against Sweetheart Healthcare, we may
disclose health information necessary to defend such action.
Duty to Warn. When a patient communicates to the Agency a serious threat of physical violence against
himself/herself or a reasonably identifiable victim or victims, the Agency will notify the threatened
person(s) and/or law enforcement.
The Agency may also contact you about appointment reminders, treatment alternatives or for public
relations activities.
In any other situation, the Agency will require your written authorization before using or disclosing any
identifiable health information about you. If you choose to sign such an authorization to disclose
information, you can revoke that authorization to stop any future uses and disclosures.
In all cases, including those listed above, if we have substance use disorder patient records about you,
subject to42 CFR part 2, we cannot use or share information in those records in civil, criminal,
administrative, or legislative investigations or proceedings against you without (1) your consent or (2) a
court order and a subpoena.
INDIVIDUAL RIGHTS
You have the following right with respect to your protected health information:
1. You may request in writing that the Agency not use or disclose your information for treatment,
payment or administration purposes or to persons involved in your care except when specifically
authorized by you, when required by law, or in emergency situations. The Agency will consider your
request; however, the Agency is not legally required to accept it. You have the right to request that your
health information be communicated to you in a confidential manner such as sending mail to an address
other than your home.
2. Withing the limits of the statutes and regulations, you have the right to a copy of your medical record,
free of charge, upon request at the next home visit, or within 4 business days (whichever comes first).
3. If you believe that information in your record is incorrect or if important information is missing, you
have the right to submit a request to the Agency to amend your protected health information by
correcting the existing information or adding the missing information.
4. You have the right to receive an accounting of disclosures of your protected health information made
by the Agency for certain reasons, including reasons related to public purposes authorized by law and
certain research. The request for an accounting must be made in writing to the Privacy Officer. The
request should specify the time period for the accounting starting on or after April 14, 2003. Accounting
requests may not be made for periods of time in excess of six (6) years. The Agency would provide the
first accounting you request during any 12-month period without charge. Subsequent accounting
request may be subject to a reasonable cost-based fee.
5. You have the right to opt out of receiving fundraising & marketing communications.
6. You have the right to restrict disclosures of protected health information to a health plan where the
individual paid out of pocket in full. When patients pay by cash, they can instruct this agency not to
share information about their treatment with their health plan/insurance provider.
7. If this notice was sent to you electronically, you may obtain a paper copy of the notice upon request
to the Agency.
8. When patients pay by cash, they can instruct this agency not to share information about their
treatment with their health plan/insurance provider.
AGENCY’S DUTIES
1. The Agency is required by law to maintain the privacy of protected health information and to provide
individuals with notice of its legal duties and privacy practices with respect to protected health
information.
2. It is the duty of this agency to notify the patient of a breach of their protected health information.
This agency will notify the patient within 15 business days of discovery of any breach in the patient’s
protected health information. Notification will occur regardless of whether the breach was accidental or
if a business associate was the cause. A “breach” of PHI is any unauthorized access, use or disclosure of
unsecured PHI, unless a risk assessment is performed that indicates there is a low probability that the
PHI has been compromised. The risk assessment must be performed after both improper uses and
disclosures and include the nature and extent of the PHI involved, a list of unauthorized persons who
used or received the PHI, if the PHI was in fact acquired or viewed and the degree of mitigation. This
agency, and if any business associate was involved, must consider all the following factors in assessing
the probability of a breach:
- The nature and extent of the protected health information involved, including the types of
identifiers and the likelihood of re-identification. - The unauthorized person who used the protected health information or to whom the disclosure
was made. - Whether the protected health information was actually acquired or viewed; and
- The extent to which the risk to the protected health information has been mitigated.
“Unsecured” protected health information means protected health information that is not rendered
unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or
methodology.
3. If the breach is determined to have no or low probability of risk to the patient then the patient will
not be notified. Any other risk factor requires the agency to notify the patient in writing within 15
business days of the conclusion of the determination.
4. It is the duty of this agency to notify the patient of a breach of their protected health information.
This agency will notify the patient within 15 business days of discovery of any breach in the patient’s
protected health information. Notification will occur regardless of whether the breach was accidental or
if a business associate was the cause. A “breach” of PHI is any unauthorized access, use or disclosure of
unsecured PHI, unless a risk assessment is performed that indicates there is a low probability that the
PHI has been compromised. The risk assessment must be performed after both improper uses and
disclosures and include the nature and extent of the PHI involved, a list of unauthorized persons who
used or received the PHI, if the PHI was in fact acquired or viewed and the degree of mitigation. This agency, and if any business associate was involved, must consider all the following factors in assessing
the probability of a breach:
- The nature and extent of the protected health information involved, including the types of
identifiers and the likelihood of re-identification; - The unauthorized person who used the protected health information or to whom the disclosure
was made; - Whether the protected health information was actually acquired or viewed; and
- The extent to which the risk to the protected health information has been mitigated.
“Unsecured” protected health information means protected health information that is not rendered
unusable, unreadable or indecipherable to unauthorized individuals through the use of a technology or
methodology.
5. If the breach is determined to have no or low probability of risk to the patient, then the patient will
not be notified. Any other risk factor requires the agency to notify the patient in writing within 15
business days of the conclusion of the determination. The Agency reserves the right to change the terms
of this Notice and to make the new Notice provisions effective for all protected health information that
it maintains. Prior to making any significant changes to our policies, Agency will change its Notice and
provide you with a copy. You can also request a copy of our Notice at any time. For more information
about our privacy practices, please contact the office (480) 597-1963.
6. When patients pay by cash, they can instruct this agency not to share information about their
treatment with their health plan/insurance provider.
7. This agency will not disclose genetic information.
8. This agency will not use patient information for fundraising or marketing. This agency will not sale
patient health information.
COMPLAINTS
If you are concerned that the Agency has violated your privacy rights, or you disagree with a decision the
Agency made about access to your records, you may contact the office at (480) 597-1963. You may also
send a written complaint to the Federal Department of Health and Human Services. The Sweetheart
Healthcare office staff can provide you with the appropriate address upon request. Under no
circumstances will you be retaliated against for filing a complaint.
DIGITAL COMMUNICATION
We may offer digital communication methods such as email, text messaging, secure web portals, or
online forms to facilitate interaction with our patients.
- Security: While we take reasonable steps to protect your information, standard email and text
messaging may not be secure. You should avoid sharing sensitive personal health information through unsecured channels unless explicitly directed to do so via a secure method provided by us. - Consent: By providing your contact information and using these communication methods, you
consent to receive communications from us related to your care, appointments, billing, or other
healthcare matters. You may opt out at any time by contacting us directly. - Purpose of Use: Digital communications may be used for an initial welcome contact, home
health visit reminders, clinicians estimated time of arrival. We will not disclose your protected
health information (PHI) without your authorization except as permitted by HIPAA and
applicable laws. - Third-Party Tools: Some digital communications may involve third-party service providers. We
ensure that any third parties used to process or store your information comply with privacy and
security regulations as required by law.
TEXTING TERMS AND CONDITIONS
Text messages from Sweetheart Healthcare are informational and service-related messages related to
your home health care. These messages may include one-time or recurring texts that relate to:
Initial Welcome Contact
- Home Health Visit Reminders
- Clinician Estimated Time of Arrival
- Emergency Preparedness Communication
Message Frequency & Charges
Message frequency may vary depending on your services and care needs. Standard message and data
rates may apply per your mobile carrier agreement.
How to Opt Out
To stop receiving text messages, reply STOP at any time. This may unsubscribe you from all messages, or
we may follow up to confirm which messages you’d like to stop. To resume messages, you may re-enroll
at any time.
Privacy & Security
Text messages are not encrypted and may contain limited protected health information (PHI). While we
aim to protect your information, there is some risk that messages could be seen by others if your device is accessed without your permission. By opting in, you accept this risk. Please notify us immediately if your mobile number changes.
Our use of PHI through text messaging complies with applicable laws, including the Health Insurance
Portability and Accountability Act (HIPAA). For more details, refer to our full Notice of Privacy Practices.
Carrier Disclaimer
We are not responsible for delayed or undelivered messages. Factors such as network issues, coverage
area, or device limitations may affect delivery. Your mobile carrier is not liable for delayed or
undelivered messages.
CONTACT INFORMATION
The Agency is required by law to protect the privacy of your information, provide this Notice about our
information practices, and follow the information practices that are described in this Notice.
If you have any questions or complaints, please contact:
Agency Administrator: Heather Bello, RN
You may contact this person at:
Sweetheart Healthcare
525 W Chandler Blvd, Ste 125
Chandler, AZ 85225
Phone: (480) 597-1963
Complaints may also be directed to the State Licensing Authority without fear of retaliation.
Arizona Dept of Health Services,
https://app3.azdhs.gov/PROD/AZHSComplaint-UI