Back to Home

HIPAA Compliance

Last updated: February 16, 2026

Our Commitment to Security

TherapyPod and ClinicGPT Hub are committed to maintaining the highest standards of privacy and security for protected health information (PHI). We employ enterprise-grade security controls to ensure compliance with HIPAA regulations.

1. Overview

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for the protection of certain health information. As a provider of services to healthcare organizations, we understand the importance of HIPAA compliance and have implemented comprehensive measures to ensure the security and privacy of PHI.

2. Business Associate Agreement (BAA)

We offer Business Associate Agreements to all eligible customers who require HIPAA compliance. Our BAA outlines:

  • Our responsibilities as a business associate
  • Permitted uses and disclosures of PHI
  • Safeguards we implement to protect PHI
  • Breach notification procedures
  • Compliance with HIPAA Security Rule requirements

3. Technical Safeguards

Encryption

AES-256 Encryption at rest and TLS 1.2+ in transit.

Access Control

Strict role-based access and Multi-Factor Authentication (MFA).

Audit Logs

Comprehensive logging of all system access and actions.

4. Physical Safeguards

Our infrastructure providers maintain:

  • SOC 2 Type II certification
  • 24/7 physical security monitoring
  • Biometric access controls
  • Environmental controls and redundancy

5. Administrative Safeguards

  • Regular security risk assessments
  • Employee HIPAA training and confidentiality agreements
  • Incident response procedures
  • Business continuity and disaster recovery plans
  • Vendor management and due diligence

6. Data Handling Recommendations

Best Practices

  • Avoid storing sensitive PHI in chat conversations when possible
  • Use patient identifiers instead of full names when appropriate
  • Regularly review and delete old conversations
  • Train staff on proper PHI handling procedures

7. Breach Notification

In the unlikely event of a breach, we will notify affected covered entities within 60 days, provide details about the breach and affected individuals, describe steps taken to mitigate harm, and cooperate with any required investigations.

8. Contact Us

For questions about our HIPAA compliance or to request a BAA, please contact: health@mail.therapypod.com

Disclaimer: This page provides general information about our HIPAA compliance practices. It does not constitute legal advice. Healthcare providers should consult with their own legal counsel to ensure compliance with applicable laws and regulations.