How SimplySmart Solutions handles protected health information and supports HIPAA-covered communities.
Note: SimplySmart Solutions, LLC operates as a Business Associate under HIPAA when providing services to covered entities such as senior living communities. We do not operate as a covered entity ourselves and do not independently collect protected health information (PHI) through our public website.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes national standards for the protection of individually identifiable health information. Senior living communities — including assisted living facilities, memory care communities, and continuing care retirement communities — may qualify as covered entities or operate alongside covered entities under HIPAA.
When SimplySmart Solutions provides emergency call systems and related services to such communities, we may have access to or handle protected health information (PHI) in connection with those services. In these situations, SimplySmart acts as a Business Associate as defined under HIPAA and its implementing regulations.
We enter into Business Associate Agreements (BAAs) with covered entity clients as required by HIPAA. These agreements establish the permissible uses and disclosures of PHI, our obligations to safeguard PHI, and the procedures to follow in the event of a breach. If you are a covered entity or business associate and require a BAA with SimplySmart Solutions, please contact us using the information below.
SimplySmart Solutions implements administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of any PHI we access or handle on behalf of our clients. These safeguards include:
In the course of providing emergency call and monitoring services, we may have incidental access to information such as resident names, room assignments, or care-related alert data. This information is used solely to deliver the contracted services and is not used for any other purpose without written authorization from the applicable covered entity.
In the event of a breach of unsecured PHI, SimplySmart Solutions will notify the applicable covered entity in accordance with the timeframes and procedures required under HIPAA's Breach Notification Rule. We maintain documented incident response procedures to support timely identification and reporting of any such events.
Our public-facing website (simplyecall.com) does not collect protected health information. Information submitted through our contact and demo request forms is used only to respond to your inquiry and is governed by our Privacy Policy.
If you have questions about our HIPAA compliance practices, need to execute a Business Associate Agreement, or wish to report a concern related to the handling of PHI, please contact us directly.
HIPAA inquiries: Contact us at info@simplyecall.com or through our contact form. We typically respond within one business day.