Silver Home Care Document Management & Data Protection Policies
Silver Home Care maintains a signed Business Associate Agreement (BAA) with Google. This agreement designates Google as a Business Associate under HIPAA and obligates Google to handle all protected health information (PHI) in compliance with federal regulations.
All patient documents are stored in a dedicated Google Drive environment. Google Drive utilizes AES 256-bit encryption for data at rest and TLS 1.3 for data in transit. Access is restricted to authorized Silver Home Care personnel only.
Prior to collecting any protected health information, Silver Home Care obtains written patient authorization via our standardized HIPAA consent form. This authorization specifies the permitted uses and disclosures of PHI in accordance with 45 CFR ยง 164.508.
All data transmitted through our online forms utilizes SSL/TLS 1.3 encryption (256-bit). This ensures that protected health information remains confidential during transmission between the patient's device and our secure servers. Our website is hosted on secure, SOC 2 compliant infrastructure.
Technical overview of our PHI handling procedures
Patient completes intake form on secure website. Data transmitted via TLS 1.3 (256-bit encryption) directly to our Google Apps Script processing engine. Handles all intake paperwork types.
Google Apps Script processes and stores data in two secure locations: (1) Google Sheets for records/search, (2) Dedicated HIPAA Drive folder. Each file named with patient initials + timestamp for full traceability.
Google Apps Script automatically generates formatted HTML documents from all submitted intake data. Documents include header with submission date, patient information tables, and all form fields submitted.
Google Drive folder set to "Restricted" - only silverhomecare.com domain users can access. External sharing disabled. All access logged in Google Drive audit trail. Files viewable/printable only by authorized staff.
In compliance with 45 CFR ยง 164.508, Silver Home Care obtains written patient authorization prior to any collection or disclosure of protected health information. Our HIPAA Authorization Form permits:
Policy for maintaining and securely disposing of protected health information
PHI retained for minimum 7 years per state and federal requirements, or longer if required for ongoing patient care. Google Sheets and Drive files maintained for duration of care plus statutory period.
Upon retention expiry, files permanently removed from Google Drive. Google automated sanitization applied. Documentation of disposal logged and maintained per audit requirements.
Procedures for responding to potential security incidents involving PHI
Any suspected breach reported to Privacy Officer within 24 hours of discovery. Google provides security incident notifications for BAA-covered services.
Immediate assessment of PHI involved, number of individuals affected, and potential for harm. Documentation initiated within required timeframe.
If breach determined, affected individuals notified within 60 days per HIPAA requirements. HHS and media notification for breaches affecting 500+ individuals.
Privacy Officer Contact: Kelly - [email protected]