Notice of Privacy Practices & Digital Data Policy

Universal Key Solutions LLC

Effective Date: May 3, 2026 Compliance Version: 4.0 (2026 Statutory Alignment)

I. Executive Commitment to Data Integrity

At Universal Key Solutions, we view patient privacy not merely as a regulatory hurdle, but as a pillar of our clinical excellence. As a Medicare-approved DME provider, we manage highly sensitive information. This document outlines our rigorous protocols for handling Protected Health Information (PHI) under federal law and Personal Data under the Maryland Online Data Privacy Act (MODPA).

II. HIPAA & Health Information (PHI)

In accordance with the 2026 HIPAA Omnibus Final Rule, we protect your health records with the following mandates:

1. Use and Disclosure (TPO)

We process your PHI for Treatment, Payment, and Healthcare Operations (TPO).

  • Treatment: Coordinating with your prescribing physician for equipment specifications.

  • Payment: Submitting claims to Medicare or private insurers to secure your benefits.

  • Operations: Internal quality audits and compliance reviews.

2. Substance Use Disorder (SUD) Records (42 CFR Part 2)

Per the 2026 alignment, if we receive records identifying a patient as having a substance use disorder, these records receive heightened protection.

  • Legal Prohibition: We are strictly prohibited from using these records in any civil, criminal, administrative, or legislative proceedings against you without a specific court order and subpoena.

  • Unified Consent: You may provide a single, unified consent for all TPO disclosures, which we will track and honor across our ecosystem.

3. Security Architecture

  • Encryption: All PHI is encrypted both "at rest" (stored) and "in transit" (emailed or transmitted).

  • Access Control: We employ Multi-Factor Authentication (MFA) for all staff accessing patient databases.

  • Vulnerability Management: We conduct biannual system scans to identify and remediate potential security threats.

III. Maryland Online Data Privacy Act (MODPA) Compliance

As a Maryland-based entity, we comply with the state's 2026 privacy protections for residents.

1. Your Consumer Rights

Maryland residents have the statutory right to:

  • Access & Portability: Request a copy of the personal data we have collected about you in a portable format.

  • Correction: Request that we rectify any inaccuracies in your personal or medical files.

  • Deletion: Request the deletion of personal data (subject to federal medical record retention requirements).

  • Opt-Out: Opt-out of any targeted advertising or profiling that may occur through our digital presence.

2. Sensitive Data Protocol

Under MODPA, "Sensitive Data" (including health status, race, or precise geolocation) may only be processed if strictly necessary to provide the service you requested. We do not sell your personal data to third parties.

IV. Breach Notification Protocols

Transparency is a core value. In the event of a data breach:

  • Federal: We will report the breach to the Secretary of HHS within the 72-hour window required for significant incidents.

  • State: We will notify affected Maryland residents within 45 days of discovery, in compliance with the Maryland Personal Information Protection Act (MPIPA).

V. Exercise of Rights & Complaints

To exercise your rights under MODPA or HIPAA, or to file a grievance regarding our privacy practices, contact our Compliance Office:

Privacy Officer Universal Key Solutions LLC Towson, MD 21204

410-630-9063 | mgmt@universalkeysolutions.com

If you believe your privacy rights have been violated, you may also submit a complaint to the U.S. Department of Health and Human Services or the Maryland Attorney General’s Consumer Protection Division.