Privacy Policy

Vicky's Crown Mobility Transport
Effective Date: December 18, 2024
Last Updated: December 18, 2024

INTRODUCTION

Vicky's Crown Mobility Transport ("we," "our," or "Company") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our non-emergency medical transportation (NEMT) services in Georgia.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

COMPLIANCE WITH FEDERAL AND GEORGIA LAW

HIPAA Compliance

As a provider of non-emergency medical transportation services, Vicky's Crown Mobility Transport complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and all applicable federal regulations including:

  • 45 C.F.R. Part 160 (General Administrative Requirements)

  • 45 C.F.R. Part 164 (Security and Privacy Requirements)

We function as a Business Associate under HIPAA when we handle Protected Health Information (PHI) on behalf of covered entities such as healthcare providers, hospitals, and health plans.

Georgia State Law Compliance

We comply with all applicable Georgia state laws regarding medical privacy and transportation services, including:

  • O.C.G.A. § 24-12-1 (Release of Medical Information)

  • O.C.G.A. § 31-33-8 (Confidentiality of Medical Records)

  • Georgia Department of Community Health NEMT regulations

  • Georgia Medicaid NEMT program requirements

INFORMATION WE COLLECT

Personal Information

We collect the following personal information necessary to provide transportation services:

  • Contact Information: Full name, phone number, email address, physical address

  • Emergency Contact: Name and phone number of emergency contact person

  • Identification: Date of birth, government-issued ID information (as required)

Protected Health Information (PHI)

We may collect or receive the following health-related information:

  • Medical Appointments: Healthcare facility names, appointment dates and times, physician names

  • Mobility Requirements: Wheelchair accessibility needs, ambulatory status, assistive devices required

  • Medical Conditions: Only information necessary for safe transportation (e.g., fall risk, oxygen requirements, communication limitations)

  • Insurance Information: Medicaid ID, insurance provider information for billing purposes

  • Transportation History: Pick-up and drop-off locations, appointment attendance records

Automatically Collected Information

When you use our services, we may automatically collect:

  • GPS Location Data: Real-time vehicle tracking during scheduled transports

  • Trip Information: Routes taken, mileage, trip duration

  • Communication Records: Phone call logs, text message records related to service scheduling

HOW WE USE YOUR INFORMATION

Primary Purposes

We use your information for the following purposes:

Treatment:

  • Coordinating with healthcare providers for safe patient transport

  • Ensuring appropriate vehicle and equipment are assigned based on mobility needs

  • Communicating with medical facilities about patient arrival and pickup

Payment:

  • Processing payments from Medicaid, insurance providers, or private payers

  • Billing and invoicing for services rendered

  • Verifying insurance coverage and eligibility

Healthcare Operations:

  • Scheduling and dispatching transportation services

  • Quality assurance and service improvement

  • Training staff on patient safety and care

  • Compliance audits and regulatory reporting

  • Investigating and responding to complaints or service issues

Required By Law

We may use or disclose your information when required by:

  • Court orders, warrants, or subpoenas

  • Law enforcement investigations

  • Georgia Department of Community Health audits

  • Workers' compensation claims

  • Reporting suspected abuse, neglect, or domestic violence as mandated by law

HOW WE SHARE YOUR INFORMATION

Healthcare Providers and Facilities

We share necessary information with:

  • Medical offices, hospitals, dialysis centers, and other healthcare facilities for appointment coordination

  • Healthcare providers to ensure safe patient transport

  • NEMT brokers (Modivcare Solutions, LLC and Verida, Inc.) as required by Georgia Medicaid program

Business Associates

We may share information with vendors who assist with:

  • Electronic scheduling and dispatching systems

  • Billing and payment processing

  • Vehicle maintenance and fleet management

  • Background check providers for driver screening

All Business Associates are required to sign HIPAA-compliant Business Associate Agreements (BAAs) protecting your information.

Family Members and Caregivers

With your verbal or written authorization, we may share appointment and transportation details with:

  • Family members or friends involved in your care

  • Legal guardians or healthcare proxies

  • Caregivers coordinating your medical appointments

Emergency Situations

We may disclose your health information without authorization in emergency situations to:

  • Emergency medical personnel (EMTs, paramedics, hospital staff)

  • Law enforcement if required for public safety

  • Medical examiners or coroners in case of death

YOUR PRIVACY RIGHTS UNDER HIPAA

You have the following rights regarding your Protected Health Information:

Right to Access

You have the right to inspect and obtain a copy of your health information we maintain, including:

  • Transportation records

  • Medical appointment logs

  • Billing records

How to Request: Submit a written request to our Privacy Officer using the contact information below. We will respond within 30 days.

Right to Request Amendments

If you believe your health information is incorrect or incomplete, you may request an amendment.

How to Request: Submit a written request explaining what information you want amended and why. We may deny your request if the information was not created by us or is already accurate and complete.

Right to Request Restrictions

You may request that we limit how we use or disclose your health information for treatment, payment, or healthcare operations.

Note: We are not required to agree to your request, but if we do, we will comply except in emergency situations.

Right to Request Confidential Communications

You may request that we communicate with you about your transportation services in a specific way or at a specific location.

Example: Requesting we only call your mobile phone, not your home phone.

Right to an Accounting of Disclosures

You have the right to receive a list of certain disclosures we made of your health information within the past six years.

Note: This does not include disclosures made for treatment, payment, healthcare operations, or disclosures you authorized.

Right to a Paper Copy of This Notice

You may request a paper copy of this Privacy Policy at any time, even if you previously agreed to receive it electronically.

Right to Notification of Breaches

You have the right to be notified if there is a breach involving your unsecured protected health information.

DATA SECURITY MEASURES

We implement comprehensive security measures to protect your information:

Physical Safeguards

  • Locked filing cabinets for paper records

  • Restricted access to facilities where records are stored

  • Secure disposal of documents (shredding)

  • Secured vehicles with locked compartments

Technical Safeguards

  • Password-protected computer systems

  • Encrypted electronic communications

  • Firewall protection and antivirus software

  • Secure backup systems

  • Limited system access based on job role

Administrative Safeguards

  • HIPAA training for all employees, drivers, and contractors

  • Background checks for all personnel

  • Signed confidentiality agreements

  • Regular security risk assessments

  • Incident response procedures

  • Sanctions for policy violations

STAFF TRAINING AND CONFIDENTIALITY

Employee Training

All Vicky's Crown Mobility Transport employees, drivers, and contractors receive comprehensive training on:

  • HIPAA Privacy and Security Rules

  • Georgia state privacy laws

  • Proper handling of protected health information

  • Recognizing and reporting security incidents

  • Patient dignity and respectful communication

Confidentiality Agreements

All personnel sign confidentiality agreements acknowledging their responsibility to protect patient information and understanding of penalties for violations.

Limited Access

Only employees who need your information to perform their job duties have access to your records. This includes:

  • Dispatchers scheduling your transportation

  • Drivers transporting you to appointments

  • Billing staff processing payments

  • Management conducting quality assurance

RETENTION AND DISPOSAL

Record Retention

We retain your health information for:

  • Minimum: 6 years from the date of service (as required by HIPAA)

  • Georgia Medicaid records: 5 years from date of service or as required by contract

  • Billing records: 7 years (as required for audit purposes)

Secure Disposal

When records are no longer needed, we:

  • Shred paper documents

  • Permanently delete electronic files

  • Use certified document destruction services for bulk disposal

  • Maintain certificates of destruction

BREACH NOTIFICATION

In the event of a breach of unsecured protected health information, we will:

  1. Notify You: Within 60 days of discovering the breach

  2. Notify Regulatory Authorities: Report to the U.S. Department of Health and Human Services Office for Civil Rights

  3. Notify Media: If breach affects 500+ individuals in Georgia

  4. Provide Information: Including:

    • Description of what happened

    • Types of information involved

    • Steps we are taking to investigate and mitigate harm

    • What you can do to protect yourself

    • Our contact information for questions

WEBSITE AND ONLINE PRIVACY

Website Usage

If you visit our website, we may collect:

  • Browser type and version

  • Operating system

  • IP address

  • Pages visited and time spent

  • Referring website

We use cookies for: Website functionality and analytics only. We do not use tracking cookies for advertising.

Online Communications

Email and online forms are not HIPAA-secure methods of communication. We recommend you do not send sensitive health information via unsecured email.

For secure communications about scheduling or health information, please call our office directly.

CHILDREN'S PRIVACY

We provide transportation services to individuals of all ages, including children. If you are a minor (under 18 in Georgia), we will:

  • Obtain consent from a parent or legal guardian before providing services

  • Communicate with parents/guardians regarding transportation details

  • Protect your privacy rights while respecting parental authority

COMPLAINTS AND GRIEVANCES

Filing a Complaint with Us

If you believe your privacy rights have been violated, you may file a complaint:

Contact:
Gifty Bunyan
Vicky's Crown Mobility Transport
678-906-9279
vickyacrown@gmail.com

In Writing: Describe the issue and provide your contact information.

No Retaliation: We will not retaliate against you for filing a complaint or exercising your privacy rights.

Filing a Complaint with Federal Authorities

You also have the right to file a complaint with:

U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time. Changes will be effective immediately upon posting.

We will:

  • Post the updated Privacy Policy on our website with the "Last Updated" date

  • Make copies available at our office

  • Provide notice of material changes via email (if we have your email address) or mail

You may obtain a current copy at any time by:

BUSINESS ASSOCIATE AGREEMENTS

Healthcare providers, facilities, and health plans contracting with Vicky's Crown Mobility Transport for transportation services must enter into a HIPAA-compliant Business Associate Agreement.

Our BAA includes:

  • Permitted uses and disclosures of PHI

  • Safeguards we implement

  • Our obligation to report breaches

  • Restrictions on further disclosures

  • Termination provisions

GEORGIA MEDICAID NEMT SPECIFIC PROVISIONS

As a provider participating in Georgia's Medicaid Non-Emergency Medical Transportation program:

  • We follow all policies in the Georgia NEMT Provider Manual

  • We coordinate with authorized NEMT brokers (Modivcare and Verida)

  • We comply with three-day advance scheduling requirements for non-urgent appointments

  • We maintain documentation as required by the Georgia Department of Community Health

  • We participate in quality monitoring and customer satisfaction surveys

CONTACT INFORMATION

Privacy Officer: Gifty Bunyan
Vicky's Crown Mobility Transport
Phone: 678-906-9279
Email: vickyscrown@gmail.com
Website: vickyscrowntransport.com

Office Hours:
8am-6pm

Emergency Contact:
[24/7 Dispatch Number if applicable]

EFFECTIVE DATE AND ACKNOWLEDGMENT

Effective Date: December 18, 2024

By using our services, you acknowledge that you have received and reviewed this Privacy Policy.

For Scheduled Services: We will provide a copy of this Privacy Policy at or before your first scheduled transport and upon request thereafter.

ADDITIONAL GEORGIA LEGAL NOTICES

Workers' Compensation

We may release your health information for workers' compensation programs that provide benefits for work-related injuries or illnesses.

Law Enforcement

We may disclose health information to law enforcement officials for purposes such as:

  • Complying with court orders or warrants

  • Identifying or locating suspects or missing persons

  • Reporting crimes occurring on our premises

  • Reporting crimes in emergency situations

Legal Proceedings

We may disclose health information in response to:

  • Court orders

  • Subpoenas

  • Discovery requests in lawsuits

ACKNOWLEDGMENT OF RECEIPT

I acknowledge that I have received a copy of Vicky's Crown Mobility Transport's Privacy Policy.

Patient/Guardian Name: ___________________________

Signature: _____________________________

Date: _____________________________

This Privacy Policy complies with HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164), Georgia medical privacy laws (O.C.G.A. § 24-12-1, § 31-33-8), and Georgia Department of Community Health NEMT program requirements.

For questions about this Privacy Policy, contact our Privacy Officer using the information provided