Legal

HIPAA Notice

Last updated June 1, 2026

Our Commitment

drtellsyou supports healthcare organizations that are required to comply with the Health Insurance Portability and Accountability Act (HIPAA). We design our workflows, systems, and staff training around that requirement.

Business Associate Agreements

For any engagement involving protected health information (PHI), we execute a Business Associate Agreement (BAA) with the covered entity prior to handling any PHI.

Access Controls & Audit Logging

Access to PHI is restricted to authorized personnel on a need-to-know basis, with role-based permissions and full audit logging across our platforms and workflows.

Staff Training

All staff handling PHI complete recurring HIPAA compliance training and are bound by confidentiality obligations as a condition of employment or engagement.

Incident Response

We maintain an incident response process to identify, contain, and report any suspected breach of PHI in accordance with HIPAA breach notification requirements.