HIPAA Compliance
Last Updated: April 27, 2025
Important Disclaimer
Conflict Clarity Coach provides coaching services only and does not offer medical advice, diagnosis, or treatment. Our AI coaching is not a substitute for professional healthcare services. If you are experiencing a medical emergency or having thoughts of harming yourself or others, please contact a healthcare professional, call 911, or go to your nearest emergency room immediately.
HIPAA Compliance Overview
Conflict Clarity Coach is designed to be HIPAA-eligible, meaning we have implemented the technical, physical, and administrative safeguards required by the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy and security of protected health information (PHI).
Security Safeguards
- End-to-end encryption (TLS) for all data in transit
- AES-256 encryption for all data at rest
- Role-based access controls
- Multi-factor authentication for administrators
- Regular security assessments and penetration testing
- Secure development practices
Administrative Controls
- Comprehensive HIPAA policies and procedures
- Regular staff training on HIPAA compliance
- Designated Privacy and Security Officers
- Business Associate Agreements with all vendors
- Incident response and breach notification procedures
- Regular compliance audits
Business Associate Agreements (BAAs)
We maintain Business Associate Agreements (BAAs) with all third-party service providers that may have access to protected health information, including:
- Twilio (for voice communication)
- Deepgram (for speech-to-text processing)
- OpenAI (for AI conversation processing)
- ElevenLabs (for text-to-speech conversion)
- Fly.io (for hosting infrastructure)
Your Rights Under HIPAA
As a user of our HIPAA-eligible service, you have certain rights regarding your protected health information:
- Right to access your information
- Right to request corrections to your information
- Right to request restrictions on certain uses and disclosures
- Right to request confidential communications
- Right to receive an accounting of disclosures
- Right to obtain a paper copy of this notice
Data Retention and Deletion
In accordance with HIPAA requirements, we maintain a clear data retention policy:
- By default, session data is retained for 90 days
- You can adjust this retention period in your privacy settings (30-365 days)
- You can request deletion of your data at any time
- Audit logs are maintained for 6 years as required by HIPAA
Breach Notification
In the unlikely event of a breach of unsecured protected health information, we will:
- Notify affected users without unreasonable delay (and within 60 days)
- Provide information about what happened, what information was involved, steps you should take, and what we are doing to mitigate harm and prevent future breaches
- Notify the Secretary of Health and Human Services as required
- Notify prominent media outlets for breaches affecting more than 500 individuals in a state or jurisdiction
Coaching vs. Healthcare Services
It is important to understand that while we maintain HIPAA compliance, Conflict Clarity Coach provides coaching services only and is not a healthcare provider. Our service:
- Does not provide medical advice, diagnosis, or treatment
- Is not a substitute for professional mental health services
- Should not be used in emergency situations
- Is designed to help with interpersonal conflict resolution only
If you are experiencing a medical emergency or having thoughts of harming yourself or others, please contact a healthcare professional, call 911, or go to your nearest emergency room immediately.
Contact Our Privacy Officer
If you have questions about our HIPAA compliance or would like to exercise your rights under HIPAA, please contact our Privacy Officer at:
privacy-officer@conflictclarity.example.com
Conflict Clarity Coach
123 Resolution Street
Harmony City, HC 12345
Phone: (555) 123-4567