SMS/Text Messaging Privacy Policy — Clients & Patients

“The Vine Health Care Group,” “we,” “us,” or “our” refers to The Vine Health Care Group and its affiliated home-health agencies in Southern California. For privacy questions or to exercise your rights, contact info@thevinehealthcaregrp.com or call (909) 459-9553 or (818) 401-0568.

What we text and why

• Care coordination and visit reminders
• Plan-of-care updates and scheduling changes
• Medication or equipment reminders
• Billing and insurance notices
• Service disruptions or emergency alerts

We do not send marketing texts without your prior express written consent.

We limit the content of text messages to only what is necessary to accomplish the communication’s purpose.

Your consent (opt-in) and how to revoke (opt-out)

• You choose whether to receive texts (e.g., checking an opt-in box on an intake form, signing a consent, or texting a keyword to enroll).
• You can revoke consent at any time by any reasonable method (e.g., replying STOP, telling us by phone, or emailing us). We honor STOP and other standard opt-out keywords and may send a one-time confirmation that you’re unsubscribed.
• Message frequency varies with your care needs. Message and data rates may apply.
• For help with our texting program, reply HELP.

Protected health information (PHI) and texting

• Standard SMS is not a secure channel. We limit PHI in regular texts to the minimum necessary.
• For sensitive details, we may use a secure messaging platform, patient portal, or other HIPAA-compliant method rather than regular SMS.
• We require HIPAA-compliant secure texting for patient orders and clinical content, consistent with CMS guidance.
• In the event that PHI is inadvertently disclosed through SMS in a manner inconsistent with HIPAA, we will assess and notify affected individuals as required under HIPAA’s Breach Notification Rule.

Data we collect via texting

• Identifiers: name, phone number.
• Message metadata: time, date, delivery status, sender/recipient.
• Content: the messages you send and we send to you.
• Device/Carrier information: limited technical data from our messaging vendors for fraud/spam prevention and delivery.

How we use and share SMS data

• To provide requested services, coordinate care, verify delivery, troubleshoot, prevent spam, and comply with law.
• We share SMS data with service providers (e.g., our SMS gateway) under contracts that restrict their use and disclosure. When PHI is involved, we require Business Associate Agreements (BAAs).
• We do not sell or share SMS data for cross-context behavioral advertising.

Retention

We keep texting records only as long as needed for care, operations, legal, and audit requirements, then delete or de-identify them according to our retention schedule.

Your California privacy rights (CCPA/CPRA)

California residents have rights to know, access, correct, delete, opt-out of sale/share, limit use of sensitive information, and be free from discrimination for exercising these rights. You can exercise these rights by emailing info@thevinehealthcaregrp.com or calling the numbers above. We will verify your request and respond within the timelines required by California law.

Important TCPA note

We honor STOP and other reasonable opt-out methods promptly, and we avoid sending marketing texts without prior express written consent. Courts and regulators continue to refine robocall/robotext rules, so we periodically update this policy.

SMS/Text Messaging Privacy Policy — Employees, Applicants, and Contractors

Scope

This section covers SMS communications related to your work with The Vine Health Care Group (e.g., shift alerts, scheduling, benefits enrollment windows, emergency notifications, HR updates). Contact info@thevinehealthcaregrp.com with questions.

What we text and why

• Scheduling and coverage (visit assignments, time-sensitive shift fills)
• Clinical operations (non-PHI in standard SMS; PHI only via secure platforms)
• Compliance, safety, emergency alerts, and workplace notices
• HR communications (benefits, deadlines, required trainings)

We do not send marketing texts to employees without prior express written consent, and we honor STOP and other reasonable opt-out methods.

We limit the content of text messages to only what is necessary to accomplish the communication’s purpose.

PHI and patient information

• Do not include PHI in regular SMS.
• Use our approved HIPAA-compliant secure texting or EMR messaging for patient information and orders. We monitor and enforce this requirement consistent with CMS guidance.
• In the event that PHI is inadvertently disclosed through SMS in a manner inconsistent with HIPAA, we will assess and notify affected individuals as required under HIPAA’s Breach Notification Rule.

Device and monitoring (BYOD)

If you use a personal device for work, limited device identifiers and messaging metadata may be processed by our messaging or MDM tools to deliver work texts and protect systems (e.g., spam/threat detection). We do not access your personal content (photos, personal texts, etc.).

California employee privacy rights (CPRA)

As a California employer, we provide a Notice at Collection for HR data and honor CPRA rights for employees, applicants, and contractors, including the rights to know, delete, correct, and limit sensitive personal information, subject to legal exceptions. Submit requests via info@thevinehealthcaregrp.com.

Data we collect via work-related texting

• Identifiers: name, mobile number, role/department
• Employment info: scheduling preferences, assignment confirmations
• Message metadata: time, date, delivery status
• Content: messages you send to us and messages we send to you
• Security/fraud signals from carriers or vendors

How we use and share SMS data (employees)

• To coordinate schedules, confirm assignments, deliver urgent notices, support payroll/timekeeping workflows, and meet legal obligations.
• We share SMS data with service providers (e.g., our SMS gateway/MDM provider) under contracts that restrict use; when PHI is implicated, we use HIPAA-compliant services with BAAs.

Retention

We retain work-related SMS records only as long as necessary for operations, audits, and legal requirements, then delete or de-identify them per our schedule.

Opting out of work texts

If you opt out of standard SMS, we’ll use alternate channels (e.g., email/portal/app) where feasible, but certain employment notices may still be delivered as required by law or policy. Reply STOP to any message, or email info@thevinehealthcaregrp.com and we’ll process your request.

Your controls (applies to everyone)

• HELP: Reply HELP for help with our texting program.
• STOP: Reply STOP to end all texts of that program; we’ll confirm your opt-out.
• Updates: To update your mobile number or preferences, contact us at info@thevinehealthcaregrp.com.

Vendors, security, and international transfers

We use reputable messaging providers that apply reasonable administrative, technical, and physical safeguards. When PHI is involved, we use HIPAA-compliant solutions and BAAs. Data may be processed in the U.S. and other countries where our providers operate, subject to contractual safeguards.

We use VOIP SMS platforms that offer HIPAA-compliant configurations. Our messaging providers are subject to business associate agreements (BAAs) where PHI may be involved.

Children’s privacy

We do not knowingly text children under 13 without appropriate parental/guardian consent.

Changes to this policy

We may update this SMS policy to reflect operational or legal changes. We’ll post the new effective date here and, when appropriate, notify you through our usual channels.