HIPAA Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you can get access to this information.
Last updated: June 18, 2026
1. Our Commitment to Your Privacy
ReportGuide is committed to maintaining the privacy and security of your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and applicable state privacy laws. This notice explains how we may use and disclose your PHI and your rights regarding that information.
2. What is Protected Health Information (PHI)?
PHI includes any individually identifiable health information that we create, receive, maintain, or transmit. In the context of ReportGuide, this includes:
- Medical reports and lab results you upload to our platform
- AI-generated analyses and summaries of your health data
- Health metrics, trends, and biomarker data
- Any health-related information linked to your account
3. How We Use and Disclose Your PHI
Uses That Do Not Require Your Authorization
- To Provide Services: Processing your uploaded reports through our AI engine
- As Required by Law: Disclosures required by federal, state, or local law
- Public Health Activities: Reporting as required by public health authorities
- Legal Proceedings: In response to a valid court order or subpoena
Uses That Require Your Authorization
- Sharing your PHI with third parties for marketing purposes
- Sale of your PHI
- Uses and disclosures not described in this notice
- Research purposes (if applicable)
You may revoke any authorization in writing at any time. Revocation will not affect disclosures already made in reliance on your authorization.
4. Safeguards We Have in Place
Technical
- AES-256 encryption at rest
- TLS 1.3 in transit
- MFA for system access
- Audit trails
Administrative
- Privacy & Security Officers
- Regular HIPAA training
- Role-based access controls
- BAAs with all vendors
Physical
- SOC 2 Type II data centers
- Physical access controls
- Environmental controls
- Disaster recovery
5. Your Rights Regarding Your PHI
Under HIPAA, you have the following rights:
Right to Access
Request access to your PHI in your preferred format
Right to Amendment
Request correction of inaccurate or incomplete PHI
Accounting of Disclosures
Request a list of PHI disclosures in past 6 years
Request Restrictions
Request limits on certain uses/disclosures
Confidential Communications
Request alternative communication methods
Copy of Notice
Request paper or electronic copy of this notice
6. Breach Notification
In the event of a breach of unsecured PHI, we will:
- Notify affected individuals within 60 days of discovering the breach
- Provide notification via email and/or first-class mail
- Include a description of the breach and the types of information involved
- Describe steps you can take to protect yourself
- Describe what we are doing to investigate, mitigate, and prevent future breaches
- Report the breach to the Department of Health and Human Services (HHS)
- If the breach affects 500+ individuals, notify prominent media outlets
7. Business Associates
We may share your PHI with trusted third-party service providers (Business Associates) who perform services on our behalf. All Business Associates are contractually required to safeguard your PHI through signed Business Associate Agreements (BAAs) that meet or exceed HIPAA requirements. These agreements specify permissible uses, require breach notification, and mandate appropriate safeguards.
8. Filing a Complaint
If you believe your privacy rights have been violated, you may file a complaint with:
- Our Privacy Officer at privacy@reportguide.ai
- The U.S. Department of Health and Human Services, Office for Civil Rights at www.hhs.gov/ocr/complaints
We will not retaliate against you for filing a complaint.
Contact Information
For questions about this notice or to exercise your rights:
ReportGuide Privacy Officer
Email: privacy@reportguide.ai
