HIPAA Statement
Last Updated: December 19, 2025
Important Clarification
PharmaGuide is not a HIPAA-covered entity. However, we are committed to protecting your health information through industry-leading privacy practices, including local-first data storage and strong encryption.
1. What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information.
HIPAA Applies To:
- Healthcare Providers — Doctors, hospitals, pharmacies, clinics that transmit health information electronically
- Health Plans — Health insurance companies, HMOs, government health programs (Medicare, Medicaid)
- Healthcare Clearinghouses — Entities that process health information
- Business Associates — Companies that handle protected health information (PHI) on behalf of covered entities
HIPAA Does NOT Apply To:
- Consumer health and wellness apps (like PharmaGuide)
- Fitness trackers and wearable devices
- Most health-related websites and mobile applications
- Direct-to-consumer genetic testing services
- Apps that individuals use to manage their own health information
2. Why PharmaGuide is Not a HIPAA-Covered Entity
PharmaGuide falls outside HIPAA's scope for several reasons:
Consumer App, Not Provider
We are a consumer health technology company — not a healthcare provider, health plan, or clearinghouse.
No Electronic Transactions
We do not conduct HIPAA-regulated electronic healthcare transactions (claims, eligibility, referrals).
No PHI from Providers
We do not receive Protected Health Information (PHI) from healthcare providers or health plans.
User-Controlled Data
Health information in PharmaGuide is entered and controlled by you — not received from covered entities.
3. What We Do Instead
While HIPAA doesn't apply to us, we take your health data privacy extremely seriously. Our approach is built on a fundamental principle:
Unlike most health apps that upload your data to cloud servers, PharmaGuide stores your sensitive health information locally on your phone — giving you complete control.
Our Privacy-First Architecture
- Local-First Storage: Your health profile, supplement stack, medication list, and scan history are stored on your device — not on our servers
- AES-256 Encryption: All locally stored health data is encrypted using the same standard trusted by banks and governments
- Minimal Server Contact: Our servers only store your email address (for account purposes) and app preferences
- No Data Selling: We never sell, rent, or trade your personal information to third parties
- Transparent AI: When you use AI features, we clearly disclose what data is processed and how
4. Your Privacy Protections
PharmaGuide complies with applicable federal and state privacy laws, including:
FTC Act
We adhere to Federal Trade Commission guidelines prohibiting unfair or deceptive practices regarding consumer data.
CCPA/CPRA
California residents have specific rights regarding their personal information, including access, deletion, and opt-out rights.
State Health Laws
We monitor and comply with emerging state health privacy laws like Washington's My Health My Data Act.
FTC Health Breach Rule
If applicable, we follow FTC Health Breach Notification requirements for personal health records.
5. HIPAA vs. PharmaGuide Protections
Here's how our privacy practices compare to HIPAA requirements:
| Protection Area | HIPAA Requirement | PharmaGuide Practice |
|---|---|---|
| Data Encryption | Required for PHI at rest and in transit | AES-256 encryption for all health data |
| Access Controls | Limit access to authorized individuals | Only you can access your local data |
| Minimum Necessary | Use only minimum data needed | We collect only what's essential |
| Data Location | Secure storage required | Local device storage (exceeds typical) |
| User Rights | Access and amendment rights | Full control — edit or delete anytime |
| Breach Notification | Notify within 60 days | Prompt notification if server data affected |
| No Data Sales | Restrictions on PHI disclosure | We never sell your data |
= Exceeds typical requirements
6. Your Rights
Regardless of HIPAA coverage, you have the following rights with PharmaGuide:
Right to Access
View all data we have about you at any time
Right to Correct
Edit or update your information anytime
Right to Delete
Remove your data and close your account
Right to Export
Download your data in a portable format
Right to Control
Your health data stays on your device
Right to Opt-Out
Decline optional data collection anytime
To exercise any of these rights, contact us at privacy@pharmaguide.io or use the settings within the app.
7. For Healthcare Providers
If you are a healthcare provider considering recommending PharmaGuide to patients:
- PharmaGuide is a consumer app, not a clinical tool
- We are not a Business Associate under HIPAA
- Recommending PharmaGuide does not create a BA relationship
- Patient data entered into PharmaGuide is patient-controlled
- We do not receive PHI from your practice or EHR system
Sharing Reports with Providers
Patients can generate and share their supplement/medication stack reports with you. This sharing is:
- Initiated and controlled by the patient
- Not an electronic healthcare transaction under HIPAA
- Similar to a patient bringing a handwritten medication list
If you have questions about using PharmaGuide in your practice, contact us at providers@pharmaguide.io.
8. Questions About This Statement
If you have questions about our HIPAA status or privacy practices, we're here to help:
PharmaGuide Inc.
Boston, MA, United States
Privacy Inquiries: privacy@pharmaguide.io
Healthcare Provider Questions: providers@pharmaguide.io
General Support: support@pharmaguide.io