Health data,
handled with care.
TrueBuddy notices health-related things — mood, sleep, pain, medication. Here is how that information is protected, and where HIPAA applies.
When HIPAA applies
For most families, HIPAA does not apply: an individual or family using TrueBuddy for a relative is not a HIPAA Covered Entity. In that case the Privacy Policy and Terms govern.
HIPAA applies when TrueBuddy handles Protected Health Information on behalf of a Covered Entity — for example a care provider or care organization using Wellness+ with a care-team summary. For those deployments we offer a Business Associate Agreement.
The Business Associate Agreement is available as a standard form and becomes binding once executed by both the Covered Entity and Sagentica.
How health data is protected.
Encrypted
Health-related information is encrypted in transit and at rest, with role-based access and audit logging.
Minimum necessary
We use and disclose only what is needed to provide the Service — nothing more.
Summaries, not transcripts
Care teams receive trends and flags. Raw conversations are not distributed.
Subcontractors bound
Any provider that touches PHI agrees to terms at least as strict as our own.
Breach notification
Security incidents and breaches are reported within the timeframes the HIPAA Rules require.
Never sold
PHI is never sold and is never used for marketing without authorization.
A note on scope
This page describes our posture and the controls we operate. It is informational and is not legal advice. A care organization considering a covered deployment should review the BAA with its own compliance team. Reach us at compliance@truebuddyai.com.
Care-team deployment?
We'll walk you through the BAA and a Wellness+ setup built for compliance.
compliance@truebuddyai.com