Privacy Policy & Notice of Privacy Practices

Core Support Connection, LLC — Your privacy and the security of your health information are fundamental to our mission.

Effective January 1, 2025  ·  Last Updated May 2025
Contents
  1. HIPAA Notice of Privacy Practices
  2. Protected Health Information We Collect
  3. How We Use & Disclose Your Information
  4. Your Privacy Rights
  5. Website Privacy & Cookies
  6. How We Protect Your Information
  7. Breach Notification
  8. Contact & Complaints

1. HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Core Support Connection, LLC (“CSC”) is committed to protecting your privacy. As required by HIPAA and its implementing regulations, we maintain the privacy of your Protected Health Information (PHI), provide notice of our legal duties and privacy practices, and abide by the terms of this notice.

This notice applies to all PHI created, received, maintained, or transmitted by CSC in connection with home care and support services provided to individuals in Adams, Brown, Clermont, and Highland Counties, Ohio.

2. Protected Health Information We Collect

Health & Care Information

Personal & Contact Information

Electronic Records

3. How We Use & Disclose Your Information

Permitted Uses Without Authorization

We may use and disclose your PHI without written authorization for: Treatment (coordinating your care with healthcare providers); Payment (verifying service delivery); Health Care Operations (quality improvement, staff training, compliance); Required by Law (Ohio mandatory reporting under ORC 5101.61 and 5123.61); Public Health Activities; Abuse & Neglect Reporting to authorized government authorities; Emergency Situations; and Legal Proceedings as required by court order or applicable law.

Uses Requiring Your Authorization

We will not use or disclose your PHI for marketing, sale of PHI, or any purpose not described in this Notice without your written authorization. You may revoke authorization at any time in writing.

We do not sell your personal or health information. Core Support Connection will never sell, rent, or lease your PHI to third parties for commercial purposes.

Family Members & Personal Representatives

We may share relevant PHI with family members or authorized representatives only to the extent you authorize, or as permitted by law. We will share information with a legally designated personal representative (legal guardian, healthcare power of attorney) as required.

4. Your Privacy Rights

To exercise any of these rights, please contact us in writing using the information in Section 8.

Right to Access

Inspect and receive a copy of your PHI within 30 days of written request.

Right to Amend

Request correction of inaccurate or incomplete records. We respond within 60 days.

Right to Accounting

Request a list of certain disclosures we’ve made in the past six years.

Right to Restrict

Request restrictions on uses or disclosures. We will comply with agreed restrictions.

Confidential Communications

Request we contact you through alternative means or at a different address.

Right to a Paper Copy

Request a paper copy of this Notice at any time, even if you agreed to receive it electronically.

5. Website Privacy & Cookies

Our website collects only what is necessary to operate. We collect: information you voluntarily submit through our forms; basic usage analytics; and technical information for site optimization. We use essential session cookies for portal functionality only — no advertising cookies or cross-site tracking. Third-party services include Supabase (HIPAA-compliant database with executed BAA) and Microsoft Azure Active Directory for staff authentication.

6. How We Protect Your Information

CSC implements administrative, physical, and technical safeguards including: TLS 1.2+ encryption in transit and AES-256 encryption at rest; access controls limited to staff with legitimate need; Microsoft 365 SSO authentication for portal access; mandatory HIPAA training for all staff; Business Associate Agreements with all applicable vendors; and automatic session expiration after inactivity.

7. Breach Notification

In the event of a breach of your unsecured PHI, CSC will notify you without unreasonable delay and within 60 days of discovery, as required by the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414). Notification will include a description of what happened, types of information involved, steps you can take to protect yourself, and our remediation actions. Breaches affecting 500 or more Ohio residents will also be reported to HHS and prominent media outlets as required.

8. Contact, Complaints & Changes

CSC Privacy Officer

Lee Worsham, Founder & Administrator

📧 info@coresupportconnection.com

📞 (937) 943-7574  ·  Mon–Fri 8am–6pm ET

Filing a Complaint with HHS

If you believe your privacy rights have been violated, you may also file a complaint with the U.S. Department of Health & Human Services Office for Civil Rights: www.hhs.gov/ocr · 1-800-368-1019. We will not retaliate against you for filing a complaint.

Changes to This Notice

CSC reserves the right to change this Notice at any time. The revised Notice will be effective for all PHI we maintain at that time and will be posted on our website. Material changes will be communicated directly to current clients.