PatientSwaps
  • Home
  • Why PatientSwaps
  • How It Works
  • Pricing
  • Legal
  • Schedule a Demo

About Our HIPAA Role

Effective Date: June 16, 2026
PatientSwaps is a HIPAA Business Associate, not a Covered Entity. For information about general website, account, and billing data, see our Privacy Policy.

Our role under HIPAA

CareSwaps, LLC d/b/a PatientSwaps ("Company," "we," "us," or "our") operates as a HIPAA Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the HITECH Act and the regulations at 45 C.F.R. Parts 160 and 164.

PatientSwaps is not a Covered Entity. We do not deliver healthcare, we do not maintain patient medical records as a healthcare provider, and we do not make clinical decisions. We provide algorithmic bed-matching and transfer-matching software to senior care facilities.

What a Business Associate is

When PatientSwaps performs services on behalf of a healthcare facility (a Covered Entity under HIPAA), and those services involve Protected Health Information (PHI), PatientSwaps acts as that facility's Business Associate. The handling of PHI between the facility and PatientSwaps is governed by a written Business Associate Agreement (BAA) executed between the facility and PatientSwaps before any PHI is exchanged.

How patient information is handled

PatientSwaps uses PHI only to provide the matching and transfer services authorized by the facility. PHI is:

  • Encrypted at rest (AES-256) and in transit (TLS 1.3 or higher)
  • Access-controlled and audit-logged
  • Stored in systems operated by sub-business associates who have executed BAAs with PatientSwaps, including Google Workspace, Jotform (HIPAA Gold), and Paubox
  • Retained in accordance with HIPAA record-retention requirements

PatientSwaps does not use PHI for marketing, research, advertising, or any purpose outside the services authorized by the facility.

Exercising HIPAA individual rights

Under HIPAA, individuals have rights with respect to their PHI, including the right to access, amend, request an accounting of disclosures, and request restrictions. These rights are exercised through the healthcare facility that holds the patient relationship — the Covered Entity. PatientSwaps, as a Business Associate, does not respond directly to individual HIPAA rights requests. If you are a patient or authorized representative and wish to exercise an individual HIPAA right, please contact the facility's privacy officer or medical records department.

Questions about our Business Associate role

For questions about how PatientSwaps operates as a Business Associate, our security practices, or our BAA terms with facilities, contact hello@patientswaps.com.

For questions about how your information is handled on patientswaps.com itself (cookies, account data, marketing communications), see our Privacy Policy.

Filing a complaint

If you believe your HIPAA rights have been violated, you may file a complaint with the HHS Office for Civil Rights at ocrmail@hhs.gov or 1-800-368-1019.

Technology Platform Disclaimer: PatientSwaps is a healthcare technology platform providing algorithmic bed-matching and transfer-matching software. PatientSwaps is not a healthcare provider, patient broker, placement service, medical advisor, or care coordinator. Transfer decisions are made independently by licensed clinical staff at the healthcare facility.

PatientSwaps

  • Home
  • Why PatientSwaps
  • Pricing

Legal

  • Terms of Service
  • Privacy Policy
  • About Our HIPAA Role
  • Data Retention

Contact

  • hello@patientswaps.com
  • Fort Collins, Colorado
  • HIPAA Compliant

Resources

  • Contact Support

© 2026 CareSwaps, LLC d/b/a PatientSwaps. All rights reserved. | Effective June 16, 2026 | Terms of Service | Privacy Policy | About Our HIPAA Role

This site uses analytics cookies (Google Analytics) to understand how visitors use our platform. No health information is collected through cookies. See our Privacy Policy for details.