Compliance ProLog In

Disclaimer: Please consult a licensed attorney before relying on these documents. These materials are provided for informational purposes only and do not constitute legal advice.

HIPAA Notice of Privacy Practices

Last updated: March 9, 2026

Effective Date: March 9, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. Who We Are and What This Notice Covers

Ali Management Group LLC, operating as Compliance Pro (compliancepro.live), is a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). We provide compliance management software services to Covered Entities, including home care agencies providing home health care and Personal Care Assistance (PCA) services.

This Notice of Privacy Practices (“Notice”) describes how we may use and disclose Protected Health Information (“PHI”) that we receive, create, maintain, or transmit on behalf of our Covered Entity customers in the course of providing our Service.

PHI is individually identifiable health information, including demographic information, that relates to an individual’s past, present, or future physical or mental health condition, the provision of health care, or payment for health care, and that identifies the individual or could reasonably be used to identify the individual.

2. How We Use and Disclose PHI

2.1 Uses and Disclosures Permitted Under Our BAA

As a Business Associate, we may use or disclose PHI only as permitted or required by our Business Associate Agreement with the Covered Entity, and as permitted by HIPAA. These uses include:

  • Service operations: To perform the compliance management services specified in our agreement with the Covered Entity, including form management, credential tracking, training management, and compliance reporting
  • Service administration: For internal administration and management of our platform, including quality assurance, system maintenance, and customer support
  • Legal obligations: As required by federal, state, or local law
  • Health oversight activities: To health oversight agencies for authorized activities such as audits, investigations, and inspections
  • Judicial and administrative proceedings: In response to a court order, subpoena, or discovery request
  • Law enforcement: For law enforcement purposes as required or permitted by law
  • Threat prevention: To prevent or lessen a serious and imminent threat to health or safety

2.2 Uses Requiring Authorization

We will not use or disclose your PHI for any purpose not described in this Notice or permitted by our Business Associate Agreement without written authorization from the Covered Entity. If authorization is given, it may be revoked at any time in writing.

2.3 De-Identified Information

We may use or disclose de-identified information that does not identify any individual, in accordance with HIPAA de-identification standards. Our AI features exclusively use de-identified data — all PHI is stripped by our automated sanitization process before any data is transmitted to third-party AI services.

2.4 Minimum Necessary Standard

When using or disclosing PHI, we make reasonable efforts to limit the information to the minimum necessary to accomplish the intended purpose, in compliance with the HIPAA Minimum Necessary Rule.

3. Your Rights Regarding Your PHI

As a Business Associate, we process PHI on behalf of Covered Entities. Individual rights regarding PHI should generally be directed to the Covered Entity (your home care agency). However, we support the following rights:

3.1 Right to Access

You have the right to inspect and obtain a copy of PHI maintained about you in our systems. Requests should be made to your home care agency (the Covered Entity), which will coordinate with us to fulfill the request.

3.2 Right to Amend

You have the right to request an amendment to your PHI if you believe the information is inaccurate or incomplete. Amendment requests should be directed to your home care agency.

3.3 Right to an Accounting of Disclosures

You have the right to request an accounting of certain disclosures of your PHI made by us during the six years prior to your request. We maintain audit logs of all PHI access and disclosures to support this right.

3.4 Right to Request Restrictions

You have the right to request restrictions on certain uses and disclosures of your PHI. While we are not required to agree to all requested restrictions, we will accommodate reasonable requests where feasible.

3.5 Right to Confidential Communications

You have the right to request that we communicate with you about your PHI through alternative means or at alternative locations.

3.6 Right to a Copy of This Notice

You have the right to obtain a paper or electronic copy of this Notice at any time. This Notice is available at compliancepro.live/hipaa.

4. Our Duties to Protect PHI

We are required by law to:

  • Maintain the privacy and security of your PHI
  • Provide you with this Notice of our legal duties and privacy practices with respect to PHI
  • Abide by the terms of this Notice currently in effect
  • Notify the Covered Entity and affected individuals in the event of a breach of unsecured PHI

We protect PHI through the following safeguards:

  • Administrative safeguards: Written HIPAA policies and procedures, workforce training, designated Privacy and Security Officers, risk assessments, and incident response plans
  • Physical safeguards: Secure data center facilities with access controls, environmental protections, and physical security monitoring (provided by our infrastructure partners)
  • Technical safeguards: AES-256 encryption at rest, TLS 1.2+ encryption in transit, role-based access controls, multi-tenant data isolation, automated audit logging, intrusion detection, and regular vulnerability assessments

5. Breach Notification

In the event of a breach of unsecured PHI, we will notify the affected Covered Entity without unreasonable delay and in no case later than 60 days after discovery of the breach, in compliance with the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D).

Our breach notification will include:

  • A description of the nature of the breach, including the types of PHI involved
  • The date of the breach and date of discovery
  • A description of what we are doing to investigate and mitigate the breach
  • Steps individuals can take to protect themselves
  • Contact information for further inquiries

6. How to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint. You may:

  • Contact us directly at info@compliancepro.live
  • File a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at www.hhs.gov/ocr/privacy/hipaa/complaints/

You will not be retaliated against for filing a complaint. All complaints will be investigated and responded to in a timely manner.

7. Changes to This Notice

We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have about you as well as any information we receive in the future. The current version of this Notice will always be available at compliancepro.live/hipaa.

8. Contact Information

For questions about this Notice or our privacy practices:

Ali Management Group LLC
Attn: HIPAA Privacy Officer
2810 N Church St #501279
Wilmington, DE 19802
Email: info@compliancepro.live
Website: compliancepro.live