top of page

Privacy Policy & Notice of Privacy Practices

Magnolia Care Health
Website: www.magnoliacarehealth.com
Effective Date: May 10, 2026
Jurisdictions Served: Maryland, Virginia, Washington, DC

1. Introduction

Magnolia Care Health respects the privacy of patients, prospective patients, caregivers, referral sources, healthcare providers, website visitors, and other individuals who interact with us.

Magnolia Care Health provides healthcare-related services, which may include care coordination, patient support, referral navigation, healthcare service coordination, communication with healthcare providers, and related administrative support services.

This Privacy Policy & Notice of Privacy Practices explains how Magnolia Care Health may collect, use, disclose, store, and protect personal information and protected health information, commonly referred to as “PHI.”

This policy is intended to comply with applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, commonly known as HIPAA, where applicable. Magnolia Care Health maintains privacy practices designed to protect personal information and PHI in accordance with applicable privacy, security, healthcare confidentiality, medical records, consumer protection, and breach notification laws in the jurisdictions where we operate.

This policy applies to information collected through our website, phone calls, email, text messages, fax, referral forms, patient intake forms, care coordination communications, provider communications, and other interactions with Magnolia Care Health.

 

2. Scope of This Policy

This policy applies to information Magnolia Care Health receives, collects, creates, maintains, uses, or discloses in connection with our website and healthcare-related services.

Covered information may include:

  • Information submitted through our website;

  • Personal information provided by patients, prospective patients, caregivers, family members, referral sources, healthcare providers, or other parties;

  • Health-related information submitted voluntarily through forms, communications, referrals, or service requests;

  • Referral information received from healthcare providers, pharmacies, care teams, insurers, nursing agencies, healthcare facilities, or other referral partners;

  • Information received by phone, email, SMS/text message, fax, web form, mail, electronic platforms, or other communication methods;

  • Website usage data, cookies, analytics information, IP address, browser information, and device information;

  • Protected health information, where applicable.

Depending on the service, relationship, or transaction involved, Magnolia Care Health may function as a healthcare service provider, a HIPAA covered entity, a business associate, a subcontractor, or another healthcare-related organization subject to privacy and confidentiality obligations. When Magnolia Care Health creates, receives, maintains, uses, or discloses PHI in a role governed by HIPAA or under a contractual healthcare privacy obligation, Magnolia Care Health handles such PHI in accordance with applicable HIPAA requirements, Business Associate Agreement obligations, and applicable state laws.

 

3. Information We Collect

Magnolia Care Health may collect the following categories of information:

Personal Identification Information

We may collect information such as:

  • Name;

  • Address;

  • Phone number;

  • Email address;

  • Date of birth;

  • Emergency contact information;

  • Caregiver or authorized representative information;

  • Preferred communication method.

Healthcare and Referral Information

We may collect information such as:

  • Referring provider information;

  • Treating provider information;

  • Pharmacy, nursing, laboratory, or healthcare partner information;

  • Diagnosis or condition information voluntarily provided or included in referral materials;

  • Medication, prescription, therapy, or treatment-related information;

  • Care coordination notes;

  • Service needs;

  • Insurance and benefits information;

  • Prior authorization or referral documentation;

  • Intake forms, referral forms, and supporting healthcare records.

Insurance, Billing, and Payment Information

We may collect information such as:

  • Insurance carrier name;

  • Member identification number;

  • Group number;

  • Policyholder information;

  • Benefits verification information;

  • Authorization information;

  • Billing or payment-related information;

  • Coordination of benefits information.

Communications

We may collect information when you communicate with us by:

  • Phone;

  • Voicemail;

  • Email;

  • Text message/SMS;

  • Fax;

  • Website contact forms;

  • Referral forms;

  • Intake forms;

  • Mail;

  • Other electronic or written communications.

Website and Technology Information

When you visit our website, we may collect certain technical information, including:

  • IP address;

  • Browser type;

  • Device type;

  • Operating system;

  • Pages viewed;

  • Date and time of visit;

  • Referring website;

  • Cookies or similar technologies;

  • Website analytics and performance data.

Website tracking tools are used to operate, protect, improve, and understand the performance of our website. These tools are not intended to collect sensitive health information unless you voluntarily submit such information through a website form or other communication channel.

 

4. Protected Health Information / PHI

Protected Health Information, or PHI, generally means individually identifiable health information that relates to a person’s past, present, or future physical or mental health condition, healthcare services, or payment for healthcare services, when such information is created, received, maintained, or transmitted by an entity or party subject to HIPAA or similar healthcare privacy obligations.

PHI may include, but is not limited to:

  • Health status information;

  • Diagnosis or condition information;

  • Treatment or therapy information;

  • Prescription or medication information;

  • Provider referral information;

  • Care coordination details;

  • Insurance information;

  • Benefits verification information;

  • Authorization information;

  • Billing or payment information;

  • Communications between Magnolia Care Health and patients, caregivers, providers, pharmacies, insurers, or healthcare partners.

Magnolia Care Health uses, discloses, stores, and protects PHI only as permitted or required by applicable law, contractual obligations, patient authorization, or as otherwise necessary to provide healthcare-related services.

 

5. How We Use Information

Magnolia Care Health may use personal information and PHI for purposes permitted by applicable law, including:

Responding to Inquiries

We may use information to respond to questions, website inquiries, phone calls, emails, referral requests, service requests, or requests for information.

Coordinating Care and Services

We may use information to coordinate healthcare-related services, communicate with healthcare providers, support patient navigation, assist with referrals, coordinate with pharmacies or care providers, and help connect patients with appropriate healthcare resources.

Communication With Care Participants

We may use information to communicate with:

  • Patients;

  • Prospective patients;

  • Caregivers;

  • Family members or authorized representatives;

  • Physicians;

  • Referring providers;

  • Pharmacies;

  • Infusion providers;

  • Nursing agencies;

  • Laboratories;

  • Insurance companies;

  • Benefit managers;

  • Referral partners;

  • Other parties involved in care or service coordination.

Insurance, Benefits, Authorization, and Payment Support

We may use information for:

  • Insurance verification;

  • Benefits investigation;

  • Prior authorization support;

  • Referral coordination;

  • Billing support;

  • Payment support;

  • Claims-related administrative activities;

  • Coordination with payers, providers, or healthcare partners.

Healthcare Operations and Administrative Purposes

We may use information for:

  • Quality assurance;

  • Patient support;

  • Internal operations;

  • Staff training;

  • Compliance monitoring;

  • Credentialing, certification, or accreditation support;

  • Recordkeeping;

  • Audits;

  • Reporting;

  • Business administration;

  • Service improvement.

Website Operation and Security

We may use website and technical information to:

  • Operate the website;

  • Improve website functionality;

  • Monitor website performance;

  • Detect security incidents;

  • Prevent fraud or misuse;

  • Maintain website security;

  • Analyze website traffic and usage trends.

Legal, Regulatory, Audit, and Compliance Purposes

We may use information to comply with:

  • Federal and state privacy laws;

  • Healthcare confidentiality laws;

  • Medical records laws;

  • Consumer protection laws;

  • Data breach notification laws;

  • Regulatory inquiries;

  • Legal obligations;

  • Court orders, subpoenas, or lawful requests;

  • Accreditation, certification, payer, audit, or compliance requirements.

 

6. How We Share Information

Magnolia Care Health may share personal information and PHI only as permitted or required by applicable law, contractual obligations, patient authorization, or as necessary to provide and support healthcare-related services.

We may share information with the following categories of recipients:

Healthcare Providers and Care Partners

We may share information with physicians, referring providers, pharmacies, infusion providers, nursing agencies, laboratories, hospitals, clinics, care coordinators, and other healthcare professionals or organizations involved in care, referral navigation, or service coordination.

Insurance Companies and Payment-Related Parties

We may share information with insurance companies, benefit managers, payers, payment processors, billing support vendors, and other parties involved in benefits verification, authorization, billing, payment, or claims support.

Business Associates, Vendors, and Contractors

We may share information with vendors, contractors, consultants, technology providers, administrative support providers, compliance advisors, legal advisors, billing support providers, and other service providers that assist Magnolia Care Health with operations. When required by applicable law, Magnolia Care Health requires these parties to protect PHI and enter into appropriate confidentiality agreements or Business Associate Agreements.

Government Agencies, Regulators, Courts, and Law Enforcement

We may disclose information when required or permitted by law, including to government agencies, regulators, courts, law enforcement, public health authorities, or other authorized entities.

Magnolia Care Health is required by law to maintain the privacy of PHI and to provide individuals with notice of our legal duties and privacy practices

Caregivers, Family Members, or Emergency Contacts

We may share relevant information with caregivers, family members, authorized representatives, or emergency contacts when permitted by law, authorized by the patient, or appropriate under the circumstances.

Emergencies, Health, and Safety

We may disclose information when necessary to prevent or respond to a serious threat to health or safety, or as otherwise permitted by applicable law.

Sale of PHI

Magnolia Care Health does not sell PHI without consent and appropriate authorization

Marketing

Magnolia Care Health does not use or disclose PHI for marketing purposes where patient authorization is required unless such authorization has been obtained in accordance with applicable law.

 

7. HIPAA Privacy Practices and Compliance With Applicable Laws

Magnolia Care Health maintains privacy practices designed to comply with applicable federal and state laws governing privacy, security, healthcare confidentiality, medical records, protected health information, consumer protection, and data breach notification.

Where HIPAA applies, Magnolia Care Health’s practices are designed to comply with applicable requirements of the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and related requirements.

Magnolia Care Health’s privacy and compliance practices include the following:

Limited Access to PHI

Magnolia Care Health limits access to PHI to workforce members, contractors, vendors, healthcare partners, and other authorized parties who need access to perform permitted duties, provide services, coordinate care, support operations, or comply with legal or contractual obligations.

Administrative, Technical, and Physical Safeguards

Magnolia Care Health uses administrative, technical, and physical safeguards designed to protect PHI and personal information from unauthorized access, use, disclosure, alteration, or destruction.

These safeguards may include:

  • Role-based access controls;

  • Password-protected systems;

  • Secure storage practices;

  • Secure transmission practices where appropriate;

  • Workforce confidentiality obligations;

  • Vendor oversight;

  • Privacy and security policies;

  • Incident response procedures;

  • Internal review of privacy and security practices.

Workforce Privacy Training

Magnolia Care Health trains workforce members on privacy, confidentiality, and appropriate handling of personal information and PHI.

Business Associate Agreements and Confidentiality Obligations

Where required by HIPAA or other applicable privacy obligations, Magnolia Care Health enters into Business Associate Agreements with vendors, contractors, subcontractors, or partners that create, receive, maintain, or transmit PHI on behalf of Magnolia Care Health or another covered healthcare organization.

Magnolia Care Health also requires appropriate confidentiality obligations from workforce members, vendors, contractors, and other parties that may access confidential information.

Privacy Complaints, Incidents, and Breach Response

Magnolia Care Health maintains procedures for receiving privacy complaints, reviewing suspected privacy or security incidents, evaluating whether a reportable breach has occurred, and providing notifications when required by applicable law.

Periodic Review

Magnolia Care Health periodically reviews privacy and security practices and updates policies, procedures, and safeguards as appropriate.

State Privacy and Healthcare Confidentiality Laws

Magnolia Care Health follows applicable state privacy, medical records, consumer protection, healthcare confidentiality, data breach, and consumer health information laws in the jurisdictions where it operates. State-specific rights and obligations may vary depending on the individual’s location, the type of information involved, and Magnolia Care Health’s role in handling that information.

 

Magnolia Care Health is required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. Magnolia Care Health is required to abide by the terms of the privacy policy currently in effect.

8. Patient Rights Regarding PHI

Where applicable under HIPAA or other privacy laws, patients may have certain rights regarding their PHI. These rights may include:

Right to Access

You may have the right to request access to inspect or receive a copy of certain health information maintained about you.

Right to Request an Amendment

You may have the right to request that Magnolia Care Health correct or amend certain health information if you believe it is inaccurate or incomplete.

Right to Request Restrictions

You may have the right to request restrictions on certain uses or disclosures of your PHI. Magnolia Care Health will review such requests in accordance with applicable law but may not be required to agree to every requested restriction.

Right to Request Confidential Communications

You may have the right to request that Magnolia Care Health communicate with you in a particular way or at a particular location, such as by phone, email, mail, or another reasonable method.

Right to an Accounting of Certain Disclosures

You may have the right to request an accounting of certain disclosures of your PHI, as required by applicable law.

Right to Receive a Copy of This Policy

You may request a paper or electronic copy of this Privacy Policy & Notice of Privacy Practices at any time.

Right to File a Privacy Complaint

You may file a privacy complaint with Magnolia Care Health if you believe your privacy rights have been violated. Magnolia Care Health will not retaliate against you for filing a complaint or exercising your privacy rights.

You also have the right to file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). Complaints may be submitted online at www.hhs.gov/ocr/privacy/hipaa/complaints, by phone at 1-800-368-1019 (TDD: 1-800-537-7697), or by mail to: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201. Filing a complaint with HHS OCR will not affect your care or services with Magnolia Care Health.

How to Submit a Request

To submit a privacy rights request, please contact:

Privacy Officer / Compliance Contact
Magnolia Care Health
  Address: 12501 Prosperity Dr. STE 150, Silver Spring MD 20904
Phone: 240-641-7183
Email: support@magnoliacarehealth.com

Magnolia Care Health may need to verify your identity before processing certain requests.

 

9. Website Privacy, Cookies, and Analytics

Magnolia Care Health may use cookies, analytics tools, security tools, and similar technologies to operate, maintain, secure, and improve our website.

These tools may collect information such as:

  • IP address;

  • Browser type;

  • Device type;

  • Pages visited;

  • Time spent on the website;

  • Referring website;

  • General location information;

  • Website performance data.

Website analytics and tracking tools are not intended to collect sensitive health information unless you voluntarily submit such information through a website form or other communication channel.

Please do not submit urgent medical information, emergency requests, or time-sensitive clinical information through general website forms. If you are experiencing a medical emergency, call 911 or seek immediate medical attention.

 

10. Email, Text Messaging, and Electronic Communications

Magnolia Care Health may communicate with patients, prospective patients, caregivers, referral sources, providers, and other parties by phone, voicemail, email, SMS/text message, fax, mail, or other electronic methods.

Email and SMS/text messaging may not always be fully secure. By providing your contact information, you authorize Magnolia Care Health to contact you regarding inquiries, services, scheduling, care coordination, referral coordination, administrative matters, and related communications, subject to applicable law.

You may request that Magnolia Care Health communicate with you using an alternate method or at an alternate location. Magnolia Care Health will make reasonable efforts to accommodate such requests when required by applicable law and operationally feasible.

Do not use email, text message, or website forms for emergencies or urgent medical needs.

 

11. Data Security Safeguards

Magnolia Care Health uses reasonable administrative, technical, and physical safeguards designed to protect personal information and PHI.

These safeguards may include:

  • Role-based access to systems and information;

  • Password protection;

  • Secure systems and restricted access;

  • Encryption where appropriate;

  • Secure storage and transmission practices;

  • Workforce confidentiality obligations;

  • Vendor and contractor oversight;

  • Business Associate Agreements where required;

  • Incident response procedures;

  • Privacy and security training;

  • Physical safeguards for records and work areas;

  • Review of privacy and security practices.

No method of electronic transmission, website operation, or data storage is 100% secure. Magnolia Care Health cannot guarantee absolute security, but we take privacy and security seriously and maintain safeguards designed to protect information in accordance with applicable law.

 

12. Data Retention

Magnolia Care Health retains personal information and PHI for as long as necessary to support care coordination, referral navigation, patient support, business operations, legal compliance, recordkeeping, audits, dispute resolution, regulatory requirements, contractual obligations, and other legitimate purposes.

Retention periods may vary depending on the type of information, the services involved, applicable legal requirements, and business or healthcare recordkeeping needs.

When information is no longer required, Magnolia Care Health uses reasonable methods to securely dispose of or de-identify information in accordance with applicable law and internal procedures.

 

13. Third-Party Websites

The Magnolia Care Health website may contain links to third-party websites or online resources. Magnolia Care Health is not responsible for the privacy practices, security practices, content, or policies of third-party websites.

If you visit a third-party website, you should review that website’s privacy policy and terms of use.

 

14. Children’s Privacy

The Magnolia Care Health website is intended primarily for use by adults, caregivers, referral sources, healthcare providers, and individuals seeking healthcare-related information or services.

Magnolia Care Health may provide or coordinate services involving minors where appropriate and permitted by law. Information about minors should be submitted only by a parent, legal guardian, authorized representative, healthcare provider, or other person authorized under applicable law.

Magnolia Care Health handles information about minors in accordance with applicable federal and state privacy, healthcare confidentiality, consent, and medical records laws.

 

15. State-Specific Privacy Rights and Jurisdiction-Specific Notices

Magnolia Care Health provides healthcare-related services and may interact with patients, prospective patients, caregivers, referral sources, healthcare providers, and website visitors in the jurisdictions where it operates, including:

Maryland, Virginia, Washington, DC

In addition to HIPAA where applicable, Magnolia Care Health reviews and follows applicable state and local privacy, healthcare confidentiality, medical records, consumer protection, consumer health information, and data breach notification laws in the jurisdictions where it provides, markets, coordinates, or supports healthcare-related services.

State-specific rights and obligations may vary depending on:

  • The individual’s state or jurisdiction of residence;

  • The state or jurisdiction where services are requested or provided;

  • The type of information involved;

  • Whether the information is protected health information under HIPAA;

  • Whether Magnolia Care Health is acting as a healthcare provider, care coordination organization, business associate, subcontractor, referral navigation service, or other healthcare-related service provider;

  • Whether a state consumer privacy law, consumer health data law, medical records law, or breach notification law applies.

Maryland Residents

If Magnolia Care Health collects, uses, maintains, or discloses personal information, health-related information, consumer health information, medical records, or PHI involving Maryland residents, Magnolia Care Health handles such information in accordance with applicable Maryland privacy, consumer protection, healthcare confidentiality, medical records, and data breach notification laws.

Maryland has enacted the Maryland Online Data Privacy Act, which regulates certain processing of personal data and includes provisions addressing sensitive data and consumer health data. The law became effective October 1, 2025, with applicability depending on the organization, data, processing activity, and exemptions or limitations under the law. Magnolia Care Health evaluates Maryland privacy obligations based on the type of information collected, the purpose of processing, and whether the information is already regulated as PHI or otherwise subject to healthcare privacy requirements.

Where applicable, Maryland residents may have rights relating to access, correction, deletion, portability, opt-out choices, or other rights under applicable Maryland privacy law. Requests may be submitted using the contact information in this policy.

Virginia Residents

If Magnolia Care Health collects, uses, maintains, or discloses personal information, health-related information, medical records, or PHI involving Virginia residents, Magnolia Care Health handles such information in accordance with applicable Virginia privacy, healthcare confidentiality, medical records, consumer protection, and data breach notification laws.

Virginia’s Consumer Data Protection Act provides certain consumer privacy rights, but the law contains exemptions for categories of health-related data, including protected health information under HIPAA, certain health records, and patient-identifying information governed by federal substance use confidentiality laws. Applicability depends on the type of information, the purpose for which it is processed, Magnolia Care Health’s role, and whether statutory exemptions apply.

Where applicable, Virginia residents may have rights relating to access, correction, deletion, portability, opt-out choices, or other rights under applicable Virginia privacy law. Requests may be submitted using the contact information in this policy.

District of Columbia Residents

If Magnolia Care Health collects, uses, maintains, or discloses personal information, health-related information, medical records, or PHI involving District of Columbia residents, Magnolia Care Health handles such information in accordance with applicable District of Columbia privacy, healthcare confidentiality, consumer protection, medical records, and data breach notification requirements.

District of Columbia law includes data breach notification requirements for entities that conduct business in the District and own, license, or maintain computerized or electronic data containing personal information. Magnolia Care Health maintains procedures for evaluating suspected privacy or security incidents and providing notifications when required by applicable law.

Where applicable, District of Columbia residents may have rights relating to privacy, confidentiality, access to health-related information, and breach notification under applicable law. Requests may be submitted using the contact information in this policy.

Residents of Other States or Jurisdictions

If Magnolia Care Health provides, markets, coordinates, or supports services involving residents of other states, Magnolia Care Health will evaluate and comply with applicable privacy, healthcare confidentiality, medical records, consumer protection, consumer health data, and breach notification laws in those jurisdictions.

Depending on the state, individuals may have rights to:

  • Request access to certain personal information or health information;

  • Request correction or amendment of certain information;

  • Request deletion of certain personal information, where applicable;

  • Request a copy of certain information in a portable format, where applicable;

  • Request limits on certain uses or disclosures, where applicable;

  • Opt out of certain processing activities, where applicable;

  • Receive notice of certain data breaches or privacy incidents;

  • File a privacy complaint without retaliation.

Some state privacy laws may not apply to PHI regulated by HIPAA, and some laws may contain exemptions for healthcare providers, business associates, medical records, clinical information, or other regulated information. Magnolia Care Health evaluates these obligations based on the specific facts, the type of information involved, and applicable law.

How to Exercise State-Specific Rights

To submit a privacy request, state-specific rights request, or privacy complaint, please contact:

Privacy Officer / Compliance Contact
Magnolia Care Health
Address: 12501 Prosperity Dr. STE 150, Silver Spring MD 20904

 Phone: 240-641-7183
Email: support@magnoliacarehealth.com

Magnolia Care Health may need to verify your identity before processing certain requests. Magnolia Care Health will not retaliate against any individual for exercising privacy rights or filing a privacy complaint.

 

 

16. Complaints and Contact Information

If you have questions about this Privacy Policy & Notice of Privacy Practices, want to exercise privacy rights, request a copy of this policy, or file a privacy complaint, please contact:

Privacy Officer / Compliance Contact
Magnolia Care Health
Address: 12501 Prosperity Dr. STE 150, Silver Spring MD 20904
Phone: 240-641-7183
Email: support@magnoliacarehealth.com

Magnolia Care Health will not retaliate against any person for filing a privacy complaint, asking a privacy question, or exercising rights available under applicable privacy laws.

 

17. Updates to This Policy

Magnolia Care Health may update this Privacy Policy & Notice of Privacy Practices from time to time to reflect changes in our services, website, privacy practices, legal obligations, or operational needs.

When this policy is updated, the “Effective Date” at the top of the policy will be revised. The current version of this policy will remain available on the Magnolia Care Health website.

9. Contact Information

If you have questions or concerns about this Privacy Policy or how your data is handled, contact us:

Magnolia Care
12501 Prosperity Dr., STE 150
Silver Spring, MD 20904
📧 support@magnoliacarehealth.com
📞 240-641-7183

CONTACT US

12501 Prosperity Dr. STE 150Silver Spring, MD 20904

Phone: 240-641-7183

Fax: 240-641-7789

support@magnoliacarehealth.com

 

© 2026 Magnolia Care.

Let’s Bring Care To You

Privacy Policy

 

bottom of page