HIPAA Notice of Privacy Practices

Azuri Connect LLC ("AzuriConnect," "we," "us," or "our") provides a healthcare staffing platform that connects Adult Family Home (AFH) providers with qualified caregivers. In providing this Service, we may handle Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).

This HIPAA Notice of Privacy Practices ("Notice") explains how we may use and disclose your PHI and your rights regarding your PHI. This Notice applies to all PHI that AzuriConnect creates, receives, maintains, or transmits in connection with providing the Service.

Please read this Notice carefully. By using our Service, you acknowledge receipt of this Notice.

PHI includes any individually identifiable health information. In the context of our Service, PHI may include:

• Your professional credentials and certifications (CNA, HCA, NAR, etc.)
• Background check information related to health or caregiving history
• Shift assignments at healthcare facilities
• Health-related information you provide during registration or verification
• Any other information that identifies you and relates to your health or healthcare services

3.1 Business Associate

For organizations using AzuriConnect to manage healthcare workers, AzuriConnect may act as a Business Associate under HIPAA. We enter into Business Associate Agreements (BAAs) with covered entities (such as healthcare facilities) to provide services that involve the use or disclosure of PHI.

3.2 Platform Provider

When we provide the AzuriConnect platform directly to caregivers and organizations, we operate as a business associate of the covered entities that use our Service. We are not a covered entity ourselves.

4.1 Uses and Disclosures for Service Provision

We may use and disclose your PHI for the following purposes without your authorization:

• Shift Matching: Sharing caregiver credentials with organizations to facilitate shift assignments
• Verification: Verifying caregiver identity and credentials as required by healthcare facilities
• Compliance: Maintaining records required by HIPAA and other healthcare regulations
• Audit Trails: Creating logs of PHI access for security and compliance purposes

4.2 Uses and Disclosures Required by Law

We may use or disclose your PHI when required by federal, state, or local law, including:

• Responding to legal processes or governmental requests
• Reporting suspected abuse, neglect, or domestic violence (where required)
• Complying with HIPAA regulations

4.3 Uses and Disclosures with Authorization

All other uses and disclosures of your PHI will only be made with your written authorization, except as limited by HIPAA.

Under HIPAA, you have the following rights regarding your PHI:

5.1 Right to Access

You have the right to request access to your PHI maintained by AzuriConnect. To request access, contact us at legal@azuriconnect.com.

5.2 Right to Amendment

You have the right to request an amendment to your PHI if you believe it is inaccurate or incomplete. To request an amendment, contact us with the specific correction requested.

5.3 Right to Accounting of Disclosures

You have the right to receive an accounting of certain disclosures of your PHI made by AzuriConnect. To request an accounting, contact us at legal@azuriconnect.com.

5.4 Right to Request Restrictions

You have the right to request restrictions on certain uses and disclosures of your PHI. While we are not required to agree to all restriction requests, we will consider them and notify you of our decision.

5.5 Right to Confidential Communications

You have the right to request that we communicate with you in a certain manner (e.g., only through email instead of phone).

5.6 Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice upon request.

We implement the following safeguards to protect your PHI:

6.1 Technical Safeguards

• Encryption: All PHI encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls; staff only access PHI when necessary
• Audit Logs: All access to PHI is logged and monitored
• Authentication: Multi-factor authentication (MFA) available for all accounts

6.2 Organizational Safeguards

• Designated HIPAA Compliance Officer
• Staff undergo annual HIPAA training
• Confidentiality agreements for all employees with PHI access
• Incident response plan for PHI breaches

6.3 Physical Safeguards

• Data hosted in AWS data centers with physical access controls
• Servers located in secure, climate-controlled facilities

In the event of a breach of your unsecured PHI, we will:

• Notify you within 60 days of discovery of the breach
• Describe what happened, including the date of the breach and date of discovery
• Explain the steps we are taking to investigate and mitigate the breach
• Provide contact information for you to ask questions or obtain additional information

We reserve the right to change this Notice and make the new provisions effective for all PHI we maintain. We will notify you of material changes by posting the updated Notice on our website and updating the "Last Updated" date.

For questions about this HIPAA Notice or to exercise your rights, contact us:

• Email: legal@azuriconnect.com
• Mail: Azuri Connect LLC, Attn: HIPAA Compliance Officer, Olympia, WA 98516

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your HIPAA rights have been violated.