DashboardPrivacy & HIPAA
↓ Download PDF
Privacy notice · effective Apr 1, 2026

Your data lives here on the island, with us.

KHS is HIPAA-aligned, self-hosted, and HIIQ-owned. We don't ship participant data to outside vendors, we don't sell anything, and we tell you exactly what we collect and why.

Care that balances — every visit, every unit, every cycle. PHI never leaves HIIQ-controlled infrastructure. Period.

KHS · Mission anchor · 2026-05

§ 1Scope & covered entity

Kamaaina Healthcare Services LLC ("KHS") is a HIPAA covered entity providing Hawaiʻi I/DD home- and community-based services under the MQD G809 waiver. This notice applies to the KHS Dashboard ("the app") at kamaaina.health, including its mobile surfaces.

We collect, process, and store Protected Health Information (PHI) about participants enrolled in MQD-funded services, and operational data about the direct service workers (DSWs), supervisors, and back-office staff who deliver and bill for those services.

What this means in practice

If you have a KHS account, you are seeing PHI in the course of your job. Your access is scoped to what your role needs — DSWs see only their assigned participants, supervisors see their caseload, billing managers see all participants but only for billing-relevant work. Admins see everything and have their actions logged in the audit trail visible at /audit.

§ 2What we collect

The categories of information stored in the KHS system, the table they live in, and who can see them:

CategoryExamplesSourceScope
Participant identity Name, preferred name, Medicaid ID, date of birth, address, phones, emergency contact Intake forms, MQD service-plan documents SS+ for assigned · BM+ for all
Health context Care plan code (G809 / F71 / F70 / F841 / F73), service codes authorized, diagnosis indicators on care plan MQD authorizations, provider documents SS+ for assigned · BM+ for billing
Visit records Clock-in/out times, GPS coordinates at clock-in/out, photo of participant or supervisor, signature, service code, units delivered, free-text notes DSW mobile app · EVV system DSW for own · SS+ for assigned
Billing & claims 837P claim batches, MQD case numbers, remit data, variance filings, claim status System-generated from visits + auths BM+ only
Staff records Name, role, work email, certifications, hire date, password hash, session tokens, IP at sign-in Onboarding · auth system HSS+ for direct reports · GM for all
Audit trail Every read of PHI, every write, every soft-delete, with user / timestamp / before-after diff System-generated on every action Admin only

§ 3How we use it

We use PHI only for the operations of KHS: scheduling, delivering, documenting, and billing for the MQD-authorized services we provide. Specifically:

  • Service delivery — matching DSWs to participants, sending shift reminders, tracking visit completion.
  • Compliance — confirming visits with EVV, catching exceptions, filing variances when scheduled care exceeds authorized caps.
  • Billing — assembling 837P batches, submitting to MQD, reconciling 835 remits, responding to denials.
  • Quality & safety — supervisors reviewing visit patterns, training currency, EVV-match rates per caregiver.
  • Reporting — internal reports for leadership, MQD-required reporting, financial planning.

We do not use PHI to train AI models, sell to third parties, or share with advertisers. We have never received a third-party data request. If we ever do, we will challenge it in court before responding, and we will tell you (the data subject's representative) unless legally gagged.

§ 4What we don't share

KHS infrastructure is HIIQ-owned and self-hosted. PHI does not flow to:

  • Cloud providers like AWS, Azure, GCP, or Cloudflare.
  • Email services like AWS SES, SendGrid, or Mailgun. We use Postfix on the KHS hardware, or an SMTP relay on our own Hostinger metal.
  • Analytics tools (Google Analytics, Mixpanel, Hotjar — none of them).
  • Captcha services (Cloudflare Turnstile, reCAPTCHA — none).
  • Public font CDNs that could fingerprint PHI-bearing pages. (Google Fonts on the Login page is the one current exception and is on the F5 list to be self-hosted.)
  • AI APIs or LLM providers. The app does not call out to OpenAI, Anthropic, or any other inference service.
The one exception

Claims data flows from KHS to Hawaiʻi Med-QUEST Division (MQD) via the 837P EDI standard. This is the regulator we are reporting to; it is the reason we exist. Other than MQD, no PHI leaves HIIQ-controlled infrastructure.

§ 5Where it lives

The full stack runs on hardware HIIQ owns or rents:

  • Frontend — static HTML on Hostinger metal in Provo, UT. Serves the same files in this app you're reading now. No tracking, no analytics, no third-party scripts.
  • Backend — FastAPI on KHS-owned hardware in our Hawaiʻi office. PostgreSQL database on the same machine. Daily encrypted backups to a second on-prem machine.
  • Bridge — A Tailscale tailnet connects the frontend (Hostinger) to the backend (KHS Hawaiʻi), through a HIIQ Edge VPS that terminates TLS. PHI in transit is double-encrypted: TLS to the Edge VPS, then WireGuard inside the tailnet.

§ 6Retention

HIPAA requires records to be retained for at least 6 years from the date of last service or the date the record was created, whichever is later. Hawaiʻi state regulation extends this for I/DD services to 7 years post-service. We retain:

  • Participant records — 7 years past last service date.
  • Visit records (EVV + notes) — 7 years past visit date.
  • Claim batches & 835 remits — 7 years past submission.
  • Audit trail — 7 years from event timestamp. Cannot be edited; only soft-deleted by admin with a corresponding audit record.
  • Staff records — 7 years past termination date.
  • Session logs / IP addresses — 90 days, then purged.

§ 7Your rights

Under HIPAA, participants (or their legally authorized representatives) have the right to:

  • Inspect their record. KHS will provide a copy within 30 days of a written request.
  • Request correction of an inaccuracy. Corrections are tracked in the audit trail; the original entry is preserved.
  • Request an accounting of disclosures — who has seen the record outside of treatment, payment, and operations.
  • Restrict disclosures we make to a health plan when payment is made out-of-pocket in full.
  • File a complaint with KHS, with the Hawaiʻi DOH, or with the US Department of Health and Human Services Office for Civil Rights. We will never retaliate.

Send requests to privacy@kamaaina.health or by mail to our office address below.

§ 8Breach response

If we discover a breach of unsecured PHI affecting one or more participants, we will notify affected individuals (or their representatives) without unreasonable delay and no later than 60 days from discovery, by first-class mail or by email if a current email is on file. Breaches affecting 500+ individuals are also reported to HHS and to local media as HIPAA requires.

Our standing posture

We treat unauthorized access to a participant's record as a breach, even if no data left the system. The audit trail is designed to make this detectable — that's why every read is logged. If you suspect your account has been accessed by someone else, report it to your supervisor immediately and we will rotate your credentials and lock historical sessions.

§ 9Contact us

Our designated HIPAA Privacy Officer is the General Manager. Reach the privacy office at:

  • Email · privacy@kamaaina.health
  • Mail · Kamaaina Healthcare Services LLC · Attn: Privacy Officer · [Office address] · Honolulu, HI 96813
  • Phone · (808) 555-PHI1 · weekdays 8 am – 5 pm HST

This notice is reviewed annually and after any material change in how we handle PHI. Last updated: April 1, 2026.

KHS v0.7 System status Help Sign in HIPAA · MQD compliant · self-hosted on HIIQ infrastructure