Privacy Policy

GentleCheck LLC
Effective Date: January 1, 2026
Last Updated: January 1, 2026

1. Introduction

GentleCheck LLC ("GentleCheck," "we," "us," or "our") provides an automated patient outreach platform that helps licensed home healthcare agencies monitor patient satisfaction through voice calls, SMS text messages, and email communications. This Privacy Policy explains how we collect, use, store, and protect information — including Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") — in connection with our services.

GentleCheck operates as a Business Associate under HIPAA. We enter into Business Associate Agreements ("BAAs") with each healthcare agency client before receiving or processing any patient data. This Privacy Policy applies to all users of our website at gentlecheck.com, patients who receive communications from us on behalf of healthcare agencies, and our healthcare agency clients.

2. Information We Collect

2.1 Information Received from Healthcare Agency Clients

We receive patient information from our healthcare agency clients for the purpose of conducting authorized outreach. This information may include:

  • Patient name
  • Phone number(s)
  • Email address
  • Date of birth or age
  • Episode of care identifiers (admission date, discharge date, care type)
  • Clinician or care team assignments
  • Communication preferences and consent status

This information is considered Protected Health Information (PHI) under HIPAA and is handled in accordance with our Business Associate Agreement with each client.

2.2 Information Collected During Patient Communications

When patients interact with our outreach surveys via voice call, SMS, or email, we collect:

  • Survey responses and satisfaction ratings
  • Open-ended feedback provided by the patient
  • Opt-in and opt-out records (date, time, method)
  • Call metadata (duration, completion status)
  • SMS delivery and response records

2.3 Information Collected Through Our Website

When you visit gentlecheck.com, we may collect:

  • Browser type and operating system
  • IP address
  • Pages visited and time spent on our site
  • Referring website
  • Information you voluntarily submit through contact forms

We do not use cookies or tracking technologies to collect PHI through our website.

3. How We Use Information

We use the information we collect for the following purposes:

  • Patient outreach: To conduct satisfaction surveys and check-in communications on behalf of healthcare agency clients via voice calls, SMS, and email.
  • Reporting: To generate satisfaction reports, alert notifications, and analytics for our healthcare agency clients.
  • Service improvement: To maintain, improve, and optimize our platform's performance and reliability.
  • Consent management: To process and honor opt-in and opt-out requests from patients.
  • Compliance: To fulfill our obligations under HIPAA, our Business Associate Agreements, applicable telecommunications regulations, and other laws.
  • Client communication: To respond to inquiries from our healthcare agency clients and prospective clients.

We do not use patient data for marketing purposes. We do not use PHI to contact patients for any reason other than the authorized outreach requested by their healthcare agency.

4. HIPAA Compliance and PHI Handling

4.1 Business Associate Status

GentleCheck operates as a Business Associate under HIPAA. We execute a Business Associate Agreement with each healthcare agency client before receiving any PHI. We handle all PHI in accordance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.

4.2 Administrative, Technical, and Physical Safeguards

We maintain the following safeguards to protect PHI:

  • Encryption: All PHI is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256 encryption).
  • Access controls: Role-based access controls limit PHI access to authorized personnel only. Multi-factor authentication is required for all system access.
  • Infrastructure: Our platform is hosted entirely on HIPAA-eligible Amazon Web Services (AWS) infrastructure. We maintain a BAA with AWS.
  • Audit logging: All access to PHI is logged and monitored.
  • Employee training: All GentleCheck personnel receive HIPAA privacy and security training.
  • Incident response: We maintain a documented breach notification and incident response plan.

4.3 Minimum Necessary Standard

We apply the HIPAA minimum necessary standard to all uses and disclosures of PHI. We only access, use, or disclose the minimum amount of PHI needed to perform authorized outreach services.

5. Data Sharing and Disclosure

5.1 We Do Not Sell or Share Data for Marketing

We do not sell, rent, lease, or share patient information or PHI with third parties for marketing, advertising, or promotional purposes. We do not share mobile phone numbers or SMS opt-in data with third parties for marketing or promotional purposes.

5.2 Permitted Disclosures

We may disclose information only in the following circumstances:

  • To healthcare agency clients: We share survey results, satisfaction data, and alert notifications with the healthcare agency that authorized the outreach. This is the core function of our service.
  • To subcontractors: We may share PHI with HIPAA-compliant subcontractors who assist in delivering our services (such as our cloud infrastructure provider). All subcontractors are bound by Business Associate Agreements and are required to maintain the same level of protection.
  • As required by law: We may disclose information when required by law, regulation, legal process, or enforceable government request, including HIPAA-required disclosures to the U.S. Department of Health and Human Services.
  • Breach notification: In the event of a breach of unsecured PHI, we will notify the affected healthcare agency client in accordance with HIPAA and our Business Associate Agreement.

6. Data Retention

We retain PHI and patient data only for as long as necessary to fulfill our obligations under our Business Associate Agreements and applicable law. Our standard retention practices are:

  • Active patient data: Retained for the duration of the patient's episode of care and the active service period with the healthcare agency client.
  • Survey responses and reports: Retained for the period specified in our Business Associate Agreement with the applicable healthcare agency client.
  • Opt-in and opt-out records: Retained for a minimum of 10 years to comply with applicable telecommunications regulations and state laws.
  • Communication logs and audit trails: Retained as required by HIPAA (minimum 6 years) and our Business Associate Agreements.

Upon termination of a client relationship, we will return or securely destroy PHI in accordance with the terms of our Business Associate Agreement and HIPAA requirements. Destruction methods include cryptographic erasure and secure deletion from all systems, backups, and archives.

7. Patient Rights

7.1 Communication Preferences

Patients may opt out of receiving communications from GentleCheck at any time:

  • SMS: Reply STOP to any text message from GentleCheck.
  • Voice calls: Request removal during any call, or press 9 when prompted.
  • Email: Use the unsubscribe link in any email, or contact us directly.

Opt-out requests are processed promptly. Once opted out, a patient will not receive further outreach from GentleCheck unless they affirmatively opt back in.

7.2 HIPAA Rights

Because GentleCheck is a Business Associate (not a Covered Entity), individual HIPAA rights requests — including requests for access, amendment, or an accounting of disclosures — should be directed to the healthcare agency that provides your care. We will cooperate with our healthcare agency clients to fulfill these requests as required by HIPAA and our Business Associate Agreements.

8. SMS and Voice Communications

GentleCheck sends automated SMS text messages and voice calls to patients on behalf of licensed home healthcare agencies. By opting in to receive text messages from GentleCheck, you agree to receive automated satisfaction survey messages. Key details:

  • Message frequency varies depending on the survey schedule set by your healthcare agency. Patients may receive messages at various points during and after their care episode.
  • Message and data rates may apply depending on your mobile carrier and plan.
  • Opt out at any time by replying STOP to any SMS message.
  • For help, reply HELP to any SMS message, or contact us at [email protected].
  • Carriers are not liable for delayed or undelivered messages.
  • We do not send SMS messages containing PHI. Initial opt-in messages identify GentleCheck and the healthcare agency but do not include health information.

For full details on our SMS consent process, please visit gentlecheck.com/sms-consent.

9. Security of Our Website

Our website at gentlecheck.com uses TLS encryption to protect data transmitted between your browser and our servers. Our website contact forms are not used to collect or transmit PHI. If you need to share sensitive information, please contact us directly using the information in Section 11.

10. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18 without appropriate consent, we will delete that information promptly.

11. Contact Information

If you have questions about this Privacy Policy, our data practices, or wish to exercise any rights described above, please contact us:

GentleCheck LLC
Email: [email protected]
Website: gentlecheck.com

To opt out of SMS messages, reply STOP to any GentleCheck text message.
To opt out of voice calls, request removal during any call.

For HIPAA-related inquiries or to report a concern about your health information, please contact your healthcare agency directly. You may also contact GentleCheck at the email address above, and we will direct your inquiry appropriately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this page periodically.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions, and applicable federal law including HIPAA.