HIPAA Authorization Notice
Introduction
This HIPAA Authorization Notice explains how MLPipes LLC ("we," "our," or "us") collects, uses, and protects your Protected Health Information ("PHI") when you use the myCARI mobile application (the "App").
By checking the HIPAA authorization checkbox during account setup, you provide your express written consent for us to collect, use, and disclose your PHI as described in this notice.
What is Protected Health Information (PHI)?
Protected Health Information includes any individually identifiable health information that we collect, create, or receive through the App, including but not limited to:
- Medical conditions and diagnoses
- Medications and dosages
- Vital signs and health measurements
- Lab results and medical test data
- Medical appointment information
- Healthcare provider information
- Treatment and care plans
PHI We Collect
Health Data You Enter Manually
- Vital Signs: Blood pressure, heart rate, blood glucose, temperature, oxygen saturation, respiratory rate, weight
- Medications: Names, dosages, schedules, refill information, pharmacy details
- Medical History: Conditions, diagnoses, allergies, procedures, immunizations
- Appointments: Healthcare provider visits, scheduled procedures, follow-ups
- Medical Documents: Scanned documents, uploaded records, notes
Health Data from Apple HealthKit
With your permission, we collect:
- Heart rate and resting heart rate
- Blood pressure readings
- Blood glucose levels
- Oxygen saturation (SpO2)
- Respiratory rate
- Body measurements (weight, height, BMI)
- Sleep data (duration, stages, quality)
- Step count and activity data
- Workout and exercise data
- Electrocardiogram (ECG) readings
Health Data from Healthcare Providers (FHIR)
When you connect your healthcare provider accounts (Epic MyChart, Cerner, etc.), we import:
- Laboratory results and reference ranges
- Medication lists and prescriptions
- Diagnoses and problem lists
- Immunization records
- Allergy and intolerance information
- Clinical notes and summaries
- Imaging and procedure reports
AI-Analyzed Health Data
Our AI features process:
- Meal Photos: Images of food you photograph are analyzed for nutritional content
- Health Patterns: Your vitals, activity, sleep, and medication data are analyzed to generate personalized health insights
- Trends and Anomalies: AI identifies patterns and potential concerns in your health data
How We Use Your PHI
Provide Health Tracking Services
- Display your health metrics on dashboards
- Track medication schedules and adherence
- Monitor vital sign trends over time
- Generate health history timelines
- Provide appointment reminders
Generate AI Health Insights
- Analyze your health data patterns
- Provide personalized health recommendations
- Generate daily health coaching and goals
- Identify potential health concerns for discussion with your provider
- Analyze meal photos for nutritional information
Enable Care Team Collaboration
- Share health data with care team members you authorize
- Enable secure messaging about your health
- Provide care team members with relevant health updates
- Support coordinated care activities
Who Can Access Your PHI
You
You always have full access to all your health information in the App.
Care Team Members
You control which care team members can access your PHI:
| Permission Level | Access Granted |
|---|---|
| Basic View | Medications, appointments, emergency alerts only |
| Full View | All health data including vitals, medical records |
| Professional Caregiver | Full access with mandatory audit logging |
You can modify or revoke care team access at any time in App settings.
Your HIPAA Rights
You have the following rights regarding your PHI:
Right to Access
- View all your health data in the App
- Export your health records in standard formats (PDF, FHIR)
- Request a complete copy of your health information
Right to Amendment
- Request corrections to inaccurate health data
- Add notes or clarifications to your records
- Update outdated information
Right to Restriction
- Request limits on how we use or share your PHI
- Restrict sharing with specific care team members
- Opt out of certain data processing activities
Right to Accounting
- Receive a list of disclosures of your PHI
- See who has accessed your health data
- Review care team access logs
Right to Revoke Authorization
- Withdraw this authorization at any time
- Revocation applies to future uses only
- Prior uses based on your authorization remain valid
To exercise any of these rights, contact us at privacy@mlpipes.ai or use the Privacy settings in the App.
Security Measures
We protect your PHI with enterprise-grade security:
Encryption
- At Rest: AES-256 encryption for all stored health data
- In Transit: TLS 1.3 encryption for all data transmission
- End-to-End: Care team messages encrypted between devices
Access Controls
- Biometric authentication (Face ID, Touch ID)
- Strong password requirements
- Session timeout for inactive sessions
- Multi-factor authentication available
Audit Logging
- All PHI access is logged with timestamps
- Care team member access is tracked
- Login attempts and security events monitored
- Logs retained for compliance purposes
Data Retention
Active Account
- Your PHI is retained while your account is active
- You can delete specific health records at any time
- Medication logs and vital history preserved for continuity of care
Account Deletion
- Upon account deletion, PHI is removed from active systems within 30 days
- Backup copies may be retained for up to 90 days
- Audit logs and compliance records retained for 6 years as required by law
Revocation
You may revoke this authorization at any time by:
- Deleting your account in the App
- Emailing privacy@mlpipes.ai with subject "Revoke HIPAA Authorization"
- Contacting us at the address below
Revocation takes effect upon processing (within 5 business days) and applies to future uses only. We cannot undo uses or disclosures made in reliance on your prior authorization.
Contact Information
For questions about this HIPAA Authorization Notice or to exercise your rights:
- Privacy Inquiries: privacy@mlpipes.ai
- HIPAA Rights Requests: hipaa@mlpipes.ai
- General Support: support@mlpipes.ai
Address:
MLPipes LLC
5725 S Valley View Blvd Ste 5 PMB 471045
Las Vegas, Nevada 89118-3122 US
Privacy Officer: Alfeo A. Sabay
Related Documents
- Privacy Policy - Full privacy practices
- Terms of Service - Terms of use
- Health Data Disclosure - FHIR data access details