This Notice of Privacy Practices ("Notice") describes the legal obligations of MyHealthBuddy Technologies Pvt. Ltd. ("MyHealthBuddy.AI") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act regarding your Protected Health Information (PHI).
PHI is any information that: (a) relates to your past, present, or future physical or mental health condition; (b) relates to the provision of healthcare to you; or (c) relates to payment for healthcare services — and that can be used to identify you.
PHI collected and processed by MyHealthBuddy.AI includes, but is not limited to:
We are permitted under HIPAA to use and disclose your PHI for the following purposes without requiring additional authorisation:
We share your PHI with licensed healthcare professionals you consult through the App so they can provide you with appropriate clinical care. This includes your recent vitals, symptom history, and AI-generated pre-consultation summary.
We use PHI internally to operate our AI health platform, including training and quality-assurance evaluation of our AI models using de-identified data only. Individually identifiable PHI is never used to train AI models without explicit consent.
We may disclose PHI when required by federal, state, or local law, including to comply with court orders, administrative subpoenas, or government health authority directives.
We may disclose PHI to public health authorities as required for disease surveillance, reporting of adverse drug events, or other mandated public health functions.
We may disclose PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public, to a person or persons reasonably able to prevent or lessen the threat.
Data that has been de-identified in accordance with HIPAA's Expert Determination or Safe Harbour method is no longer PHI and is not subject to this Notice. We may use and share de-identified, aggregated data freely for research, product improvement, and publication.
For the following categories of use and disclosure, we will obtain your written authorisation before proceeding:
You may revoke a previously given authorisation at any time by submitting a written request to our Privacy Officer. Revocation does not affect uses or disclosures already made in reliance on the authorisation.
You have the following rights with respect to your PHI held by MyHealthBuddy.AI:
Inspect and obtain a copy of your PHI in our Designated Record Set in electronic format (HL7 FHIR R4), within 30 days of your request.
Request correction of inaccurate or incomplete PHI. We may deny the request if the record was not created by us or is accurate and complete.
Receive a list of disclosures of your PHI made outside of treatment, payment, or operations for the prior 6 years.
Request restrictions on certain uses and disclosures of your PHI. We must honour restrictions on disclosures to health plans for services you paid for in full out-of-pocket.
Request that we communicate with you about health matters through a specific alternative means or at a specific location.
Obtain a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
To exercise any of these rights, submit a request through Settings → Privacy → Data Requests in the App, or in writing to our Privacy Officer at the address below. We will respond within 30 days (extendable by 30 days with written notice).
MyHealthBuddy.AI is required by law to:
We reserve the right to change this Notice and to apply the revised terms to PHI already on file, provided that the change is permitted by HIPAA. We will post the revised Notice in the App and on our website and notify affected users.
In the event of a breach of unsecured PHI, we will notify you without unreasonable delay and no later than 60 days after discovery of the breach, as required by the HITECH Act. The notification will include:
For breaches affecting more than 500 individuals in a state or jurisdiction, we will also notify prominent media outlets and the US Secretary of Health and Human Services (HHS) as required.
We share PHI with third-party service providers ("Business Associates") who assist us in operating our platform. Each Business Associate has signed a HIPAA-compliant Business Associate Agreement (BAA) obligating them to safeguard your PHI to the same standard we do. Our current Business Associates with access to PHI include:
If you believe that your privacy rights have been violated, you may file a complaint with:
We will not retaliate against you for filing a complaint.
This Notice is effective 1 June 2025. We may revise this Notice at any time. When we do, we will post the revised Notice in the App and on this page with an updated effective date. If the changes materially affect your rights, we will notify you via in-app notification and email before the changes take effect.
The most current version of this Notice is always available in the App under Settings → Legal → HIPAA Notice.
For questions about this Notice or to exercise your HIPAA rights, contact:
📧 General privacy: privacy@myhealthbuddy.ai
📬 MyHealthBuddy Technologies Pvt. Ltd., [Registered Address], India
Response time: within 30 days of receipt of a written request.