Compliance & Data Protection

Health Assist AI

Commitment to Privacy & Security

Health Assist AI is committed to safeguarding the privacy, confidentiality, and security of information processed through our platform. Our systems are designed using security-by-design and privacy-by-design principles to support responsible use in healthcare environments.

🇺🇸 HIPAA (United States)

Health Assist AI supports healthcare providers and organizations subject to the Health Insurance Portability and Accountability Act (HIPAA).

Health Assist AI operates as a HIPAA Business Associate when providing services to Covered Entities and processes Protected Health Information (PHI) solely to support clinical and administrative workflows.

HIPAA Safeguards

Health Assist AI implements administrative, technical, and physical safeguards aligned with HIPAA requirements, including:

  • Encryption of PHI in transit (TLS) and at rest
  • Role-based, least-privilege access controls
  • Secure authentication and access management
  • Exclusion of PHI from application logs and analytics
  • Monitoring and security oversight
  • Vendor and sub-processor HIPAA alignment

Cloud Infrastructure

Health Assist AI operates on HIPAA-eligible Microsoft Azure infrastructure under Microsoft’s Customer Agreement and applicable Data Protection Addendum, which include HIPAA Business Associate terms.
PHI is not used for public AI model training.

PHI Retention

  • PHI is used solely to support intended healthcare workflows
  • PHI is retained only for a limited operational period
  • Secure deletion processes are enforced
  • HealthAssist AI is not a system of record

🍁 Canada (PHIPA / PIPEDA)

For Canadian healthcare partners, HealthAssist AI aligns with applicable privacy frameworks, including:

  • PHIPA (Ontario)
  • PIPEDA, where federally applicable

Key practices include:

  • Limiting collection to the minimum necessary
  • Protecting confidentiality and integrity of health information
  • Supporting secure custody and control of data
  • Implementing reasonable administrative and technical safeguards

Health Assist AI acts as a service provider to healthcare organizations, which remain responsible for their regulatory obligations.

🇪🇺 GDPR (European Union)

Where GDPR applies:

  • Health Assist AI acts as a Data Processor
  • Customers act as Data Controllers
  • Data is processed solely for the intended healthcare purpose
  • Infrastructure and safeguards support GDPR-aligned requirements

Data Processing Agreements (DPAs) are available upon request.

Contracts & Agreements

  • Business Associate Agreements (BAAs) are available for U.S. Covered Entities
  • Equivalent contractual protections are available for Canadian and international partners
  • Sub-processors handling regulated data are required to maintain equivalent protections

Breach Response

Health Assist AI maintains documented incident and breach response procedures aligned with applicable regulatory frameworks. Confirmed incidents are investigated, documented, and communicated in accordance with contractual and regulatory requirements.

Disclaimer

This page describes Health Assist AI’s security and privacy approach for informational purposes only.
It does not constitute legal advice and does not certify compliance. Customers remain responsible for their own regulatory obligations and should consult legal counsel as appropriate.

Contact

Privacy & Compliance Inquiries: 📧 info@health-assist.org

Last updated: Febrauary 1, 2026