Health Data Disclosure
Last Updated: January 11, 2026Version: 1.0
Purpose of This Disclosure
This disclosure explains what health information myCARI accesses when you connect to your healthcare provider and how we use that information. This document is required by Epic and other healthcare providers participating in the SMART on FHIR ecosystem.
Related Documents: Privacy Policy | Terms of Service | HIPAA Authorization Notice
What Health Data We Access
When you connect myCARI to your healthcare provider (such as Epic MyChart, Cerner, or other FHIR-enabled systems), we request access to the following health information:
Patient Information
| Data Type | What It Includes | Why We Need It |
|---|---|---|
| Demographics | Name, date of birth, address, phone number, gender | Display your profile, verify identity, contact preferences |
| Patient ID | Your unique identifier at the provider | Link records to your myCARI account |
Medical Records
| Data Type | What It Includes | Why We Need It |
|---|---|---|
| Conditions | Diagnoses, health problems, chronic conditions | Show your health conditions on your timeline |
| Medications | Prescriptions, dosages, instructions, refill dates | Medication tracking, reminders, and safety alerts |
| Allergies | Drug allergies, food allergies, environmental allergies | Safety alerts, drug interaction warnings |
| Immunizations | Vaccines, dates administered, lot numbers | Vaccination tracking and records |
| Lab Results | Blood tests, urine tests, pathology results | Health monitoring, trend analysis |
| Vital Signs | Blood pressure, heart rate, weight, height, BMI | Health trends and personalized insights |
| Procedures | Surgeries, medical procedures, dates | Medical history timeline |
| Clinical Notes | Visit summaries, provider notes | Comprehensive health record |
Care Information
| Data Type | What It Includes | Why We Need It |
|---|---|---|
| Encounters | Office visits, hospital stays, emergency visits | Appointment history and care tracking |
| Care Team | Doctors, nurses, specialists, their contact info | Provider directory, care coordination |
| Appointments | Scheduled visits, future appointments | Calendar integration, reminders |
How We Use Your Data
Primary Uses
- Display - Show your health information in a unified timeline within the myCARI app
- Sync - Keep your data current with periodic updates from your healthcare provider
- Reminders - Send medication reminders and appointment notifications
- Insights - Provide personalized AI health insights (with your consent)
- Sharing - Share with care team members you explicitly authorize
We Do NOT
- Sell your health information to anyone
- Share your data with advertisers or marketers
- Use your data for marketing purposes
- Share with insurance companies without your explicit consent
- Share with employers or employment agencies
- Make treatment decisions on your behalf
- Share data with third parties for their own purposes
Data Storage
| Aspect | Details |
|---|---|
| Location | United States (Google Cloud Platform, US regions) |
| Encryption | AES-256 encryption at rest, TLS 1.3 in transit |
| Compliance | HIPAA-compliant infrastructure (GCP with signed BAA) |
| Retention | While your account is active + 30 days after deletion |
| Backups | Encrypted backups retained for up to 90 days |
Who Can See Your Data
| Who | What They See | How |
|---|---|---|
| You | All your health data | Via the myCARI app anytime |
| Care Team Members | Data you choose to share based on permission level | You must explicitly invite them |
| MLPipes Staff | Limited access for support only | Only with your permission for support purposes |
| No One Else | - | We do not share without your consent |
Your Control Over Data
You Can Always:
- View all data we have imported from your healthcare provider
- Disconnect your healthcare provider at any time
- Remove care team members and revoke their access
- Delete your account and all associated data
- Export your data in standard formats (PDF, FHIR JSON)
How to Disconnect a Healthcare Provider
- Open the myCARI app
- Go to Settings → Connected Accounts
- Tap the provider you wish to disconnect
- Tap "Disconnect" and confirm
You can also revoke access through your healthcare provider's patient portal (e.g., Epic MyChart → Manage Connected Apps).
Questions?
- Privacy Team: privacy@mlpipes.ai
- Support: support@mlpipes.ai
Address:
MLPipes LLC
5725 S Valley View Blvd Ste 5 PMB 471045
Las Vegas, Nevada 89118-3122 US