logo
Book A Ride

Policies and Procedures

Privacy Policy

Purpose

The Privacy Policy of NorthStar Rides, LLC establishes guidelines for the collection, use, storage, and protection of personal, medical, and financial information in compliance with Minnesota healthcare regulations, the Minnesota Health Records Act, and HIPAA. This policy is designed to protect the privacy of clients, employees, and business partners by ensuring that sensitive information is handled with integrity and security. The policy outlines privacy protection measures, penalties for identity misuse, and reporting procedures for privacy breaches.

Policy

  1. Scope
    This policy applies to all employees, contractors, officers, and representatives of NorthStar Rides, LLC,who handle or have access to personally identifiable information (PII), protected health information (PHI), or any other sensitive data. It covers all aspects of privacy protection, from data collection and storage to access, sharing, and disposal.
  2. Definition of Private and Protected Information
    For the purposes of this policy, private informationincludes:

     

    • Personally Identifiable Information (PII): Names, addresses, phone numbers, email addresses, social security numbers, and other unique identifiers.
    • Protected Health Information (PHI): Medical records, health histories, treatment details, and insurance information.
    • Financial Information: Payment information, credit card numbers, bank details, and other financial data.
  3. Penalties for Deliberate Identity Misuse
    NorthStar Rides enforces a zero-tolerance policy for the misuse of private information. Penalties for unauthorized access, disclosure, or use of someone’s identity or private information include:

     

    • Disciplinary Action: Employees found to misuse or disclose private information without authorization will face disciplinary measures, up to and including termination.
    • Financial Liability: Individuals responsible for identity misuse may be held financially liable for damages, including restitution and legal fees.
    • Criminal Prosecution: In cases of intentional identity theft or unauthorized use of private information, NorthStar Rides may pursue criminal charges under Minnesota law, leading to possible fines and imprisonment.

Privacy Protection Measures

  1. Access Control and Data Security
    Access to PII, PHI, and financial information is limited to authorized personnel who require it to fulfill their job responsibilities.

     

    • Role-Based Access: Access to sensitive data is granted based on job roles, with only those who need access for business purposes granted permission.
    • Password Protection and Encryption: All digital systems containing private information are password-protected and encrypted to safeguard data against unauthorized access.
    • Two-Factor Authentication (2FA): Systems storing sensitive data are secured with two-factor authentication, providing an additional layer of protection.
  2. Data Collection and Storage
    NorthStar Rides is committed to collecting only the necessary information for business purposes and ensuring secure storage of sensitive data.

     

    • Minimal Data Collection: Only essential data is collected, in line with regulatory requirements and operational needs.
    • Secure Storage: Physical records containing sensitive data are stored in locked cabinets, while electronic records are stored on secure, encrypted servers.
    • Retention and Disposal: Data retention schedules are set to ensure that information is kept only as long as necessary for business or regulatory purposes. Upon expiration, records are securely destroyed, including shredding physical documents and permanently deleting digital files.
  3. Employee Training and Awareness
    All employees undergo regular training on privacy laws, data protection, and their responsibilities in handling private information. Training includes the handling of PII, PHI, and financial information, as well as recognizing and reporting potential breaches.
  4. Vendor and Third-Party Compliance
    Third-party vendors with access to sensitive information are required to adhere to NorthStar Rides’ privacy policies. They must sign confidentiality agreements, and their compliance with privacy standards is reviewed periodically.

Use and Disclosure of Private Information

  1. Authorized Use
    NorthStar Rides employees may use private information only for legitimate business purposes, including service delivery, billing, and employee management. Use beyond these purposes is strictly prohibited.
  2. Prohibited Disclosure
    Private information must not be disclosed to unauthorized individuals or third parties without explicit consent from the individual or as required by law. Unauthorized sharing of private information is a violation of this policy and may lead to disciplinary action.
  3. Patient and Client Consent
    In cases where PHI is shared for external purposes (e.g., with healthcare providers or insurers), NorthStar Rides must obtain the client’s written consent, unless otherwise authorized or required by law.

Procedures for Handling and Reporting Privacy Breaches

  1. Handling Private Information Securely
  2. Limit Data Exposure
    Employees should avoid discussing or displaying private information in non-secure areas. Digital devices displaying sensitive information should be positioned to prevent others from viewing the screen, and conversations involving private data should be held in private spaces.
  3. Controlled Access to Physical Records
    Physical records containing private information should only be accessed by authorized personnel and kept in locked cabinets when not in use.
  4. Avoiding Data Transfer Risks
    Sensitive data should not be transmitted over unsecured networks or stored on unauthorized devices. Employees should use only company-approved and encrypted devices for handling private information.
  5. Reporting Privacy Breaches and Identity Misuse
  6. Immediate Reporting Requirement
    Employees who become aware of or suspect a privacy breach, unauthorized access, or misuse of private information must report it to their supervisor or the Compliance Officer immediately.
  7. Reporting Procedures
    • Step 1: Notify Supervisor or Compliance Officer– Employees must promptly report any suspected breach or misuse of private information.
    • Step 2: Complete Incident Report– Employees should document all details related to the suspected breach, including the date, time, nature of the incident, individuals involved, and any actions taken.
    • Step 3: Secure Information– Take immediate steps to contain the breach and secure any exposed data. This may include changing system passwords, isolating affected devices, or securing physical records.
    • Step 4: Investigation– The Compliance Officer will conduct an investigation to assess the impact of the breach, identify the source, and determine the appropriate corrective actions.
  8. Whistleblower Protection
    NorthStar Rides protects employees who report privacy breaches or misuse of information in good faith from retaliation. Retaliation against employees who report breaches is prohibited and may lead to disciplinary action.

Consequences of Non-Compliance

  1. Internal Disciplinary Actions
    Employees who fail to comply with this privacy policy or misuse private information will face disciplinary actions, including:

     

    • Warnings: Verbal or written warnings for minor infractions or first-time violations.
    • Suspension: Temporary suspension for repeated or serious violations.
    • Immediate Termination: For deliberate or gross misconduct, including unauthorized use or disclosure of private information.
  2. Financial and Legal Penalties
    Employees who misuse private information or engage in identity theft may face financial liability and criminal prosecution.

     

    • Civil Penalties: NorthStar Rides may pursue civil penalties to recover losses resulting from privacy breaches or misuse of data.
    • Criminal Charges: In cases of intentional misuse of private information, NorthStar Rides may press criminal charges, which may result in fines and imprisonment under Minnesota law.
  3. Reimbursement of Financial Losses
    Employees involved in identity misuse or privacy violations may be required to reimburse NorthStar Rides for any associated financial losses, legal fees, or regulatory fines.
  4. Regulatory Consequences
    Non-compliance with HIPAA and the Minnesota Health Records Act can lead to significant regulatory fines, potentially damaging NorthStar Rides’ reputation and legal standing.

Prevention and Mitigation

  1. Routine Privacy Audits
    NorthStar Rides conducts regular audits to verify compliance with privacy policies, identify potential risks, and ensure that privacy protections are effective.
  2. Access Logs and Monitoring
    Access to private information is logged and monitored. Regular reviews are conducted to detect unauthorized access attempts or unusual activity.
  3. Confidentiality and Privacy Agreements
    All employees, contractors, and vendors must sign privacy and confidentiality agreements, affirming their commitment to protecting sensitive information and adhering to NorthStar Rides’ privacy standards.
  4. Continuous Improvement
    Findings from incident reports, employee feedback, and industry best practices are used to continuously improve privacy practices, training programs, and data protection protocols at NorthStar Rides.

Policy Review and Updates

The Privacy Policy of NorthStar Rides, LLC is reviewed annually or as necessary to ensure compliance with Minnesota healthcare regulations and federal standards. Employees will be notified of any updates and required to acknowledge receipt of the revised policy.

Acknowledgment of Privacy Policy

I acknowledge that I have read and understand the Privacy Policy of NorthStar Rides, LLC. I agree to follow all privacy protection measures, report any potential breaches, and handle private information responsibly. I understand that failure to comply with this policy may result in disciplinary action, up to and including termination, and potential legal consequences.

Customer Satisfaction Policy

Your feedback drives our commitment to excellence. NorthStar Rides values every customer interaction and ensures:

  • Open Communication: Passengers can report concerns or provide feedback through our dedicated customer service channels.
  • Issue Resolution: We address all complaints promptly and work diligently to resolve any issues to your satisfaction.
  • Continuous Improvement: We regularly review feedback to enhance our services and ensure we’re meeting your needs.

Safety and Compliance Policy

At NorthStar Rides, the safety and well-being of our passengers are our top priorities. We are committed to maintaining the highest safety standards by:

  • Driver Qualifications: All drivers undergo rigorous background checks, including criminal history and driving record reviews. They are also certified in defensive driving, first aid, and passenger assistance.
  • Vehicle Maintenance: Our fleet is regularly inspected and maintained according to strict schedules to ensure optimal performance and safety.
  • Regulatory Compliance: We adhere to all federal, state, and local transportation regulations, ensuring our operations meet or exceed industry standards.

Service Guarantee Policy

NorthStar Rides guarantees reliable, on-time service to every passenger. We strive to deliver a seamless experience by:

  • Punctuality: Ensuring timely pickups and drop-offs to help you stay on schedule for your medical appointments.
  • Contingency Planning: In the event of unexpected delays, we communicate promptly and work to find the best alternative solutions.

Your satisfaction is our priority, and we’re committed to exceeding your expectations.

Cancellation and No-Show Policy

To provide the best service for all our passengers, we have a clear cancellation and no-show policy:

  • Cancellations: Passengers may cancel their rides before the scheduled pickup time without penalty.
  • No-Shows: A no-show fee may not apply if a passenger is absent at the scheduled pickup time and location.
  • Rescheduling: We encourage passengers to notify us as soon as possible if they need to reschedule their ride.

This policy ensures fairness and helps us serve our clients efficiently.

Emergency and Incident Response Policy

NorthStar Rides is prepared to handle emergencies with professionalism and care:

  • Driver Training: Our drivers are trained to respond to medical emergencies, including CPR and first aid certification.
  • Incident Reporting: Any accidents or incidents are documented and reported immediately to ensure transparency and improvement.
  • Coordination with Healthcare Providers: In emergencies, we work closely with healthcare providers to ensure the passenger receives timely care.

Accessibility Policy

NorthStar Rides is committed to providing accessible transportation for all passengers, including those with disabilities or special needs:

  • Wheelchair Accessibility: Our fleet includes vehicles equipped with ramps and lifts to accommodate passengers using wheelchairs.
  • Special Assistance: Drivers are trained to assist passengers with mobility devices or other special requirements.
  • Inclusive Services: We work to ensure every passenger, regardless of physical ability, experiences a safe and comfortable ride.

Partnership and Collaboration Policy

We believe in the power of strong partnerships. NorthStar Rides collaborates with healthcare providers, insurance companies, and community organizations to deliver exceptional service:

  • Transparent Agreements: Our partnerships are built on clear, mutually beneficial terms.
  • Regular Performance Reviews: We conduct periodic evaluations to ensure service quality and address any concerns.
  • Open Communication: We maintain open lines of communication to support our partners’ goals and adapt to changing needs.

Training and Professional Development Policy

We invest in our team to ensure the highest level of service and professionalism:

  • Ongoing Training: Drivers and staff receive regular training in safety protocols, customer service, and medical transportation best practices.
  • Professional Development: We encourage continuous learning to stay updated on the latest industry advancements and technologies.
  • Quality Assurance: Regular evaluations and performance assessments help us maintain service excellence.

HIPAA Compliance Policy

At NorthStar Rides, we recognize the critical importance of protecting our passengers’ personal and health information. As a medical transportation provider, we are committed to full compliance with the Health Insurance Portability and Accountability Act (HIPAA). Our policies and procedures are designed to ensure that your sensitive information remains secure and confidential at all times.

 

How We Protect Your Information

1. Secure Data Handling

All passenger information, including personal and medical details, is collected and stored in secure systems with limited access.

Only authorized personnel, such as dispatchers and drivers, have access to information necessary for coordinating rides.

2. Data Transmission Security

We use encrypted communication channels to transmit sensitive data, ensuring it is protected from unauthorized access.

Mobile devices and software used by our drivers are equipped with security features to safeguard information during transit.

3. Confidentiality Agreements

All NorthStar Rides employees, including drivers and administrative staff, sign confidentiality agreements as a condition of employment.

Regular training on HIPAA regulations ensures every team member understands their responsibility in protecting passenger information.

4. Access Control

Access to passenger records is restricted to personnel who need the information to perform their job duties.

Systems are monitored to track and audit access, preventing unauthorized usage.

  Your Rights as a Passenger

· Privacy Assurance: Your information will only be used to coordinate and deliver transportation services.

· Access to Records: You may request a copy of your transportation records or ask for corrections if needed.

· Reporting Concerns: If you believe your privacy has been compromised, you can contact our Privacy Officer immediately for a resolution.

Breach Notification Protocol

In the unlikely event of a data breach involving protected health information (PHI), NorthStar Rides will:

· Notify affected individuals promptly, in accordance with HIPAA guidelines.

· Investigate the breach thoroughly and implement corrective actions to prevent future occurrences.

· Report the incident to the U.S. Department of Health and Human Services (HHS), as required by law.

Commitment to Continuous Improvement

NorthStar Rides regularly reviews and updates its HIPAA compliance policies to keep pace with evolving regulations and best practices. We invest in technology and training to ensure your information remains secure and your privacy is always respected.

If you have any questions or concerns regarding our HIPAA compliance practices, please contact our Privacy Officer at concerns@northstarrides.com 

This policy underscores our unwavering commitment to maintaining the trust and confidence of our passengers.