HIPAA Notice of Privacy Practices
Effective Date: December 26, 2025
Our Commitment to Privacy
AttendMe is committed to protecting the privacy and security of our users' information. While AttendMe is designed as a research tool and users should not input Protected Health Information (PHI), we maintain HIPAA-compliant security measures as part of our commitment to healthcare data protection.
Important Notice About PHI
How We Protect Your Information
Even though PHI should not be entered into our system, we implement comprehensive security measures:
- Physical Safeguards: Secure data centers with controlled access
- Technical Safeguards: Encryption, access controls, and audit logs
- Administrative Safeguards: Employee training, access policies, and security procedures
Security Measures
Encryption
- All data transmitted between your device and our servers is encrypted using TLS 1.3
- Data at rest is encrypted using AES-256 encryption
- Encryption keys are managed using industry best practices
Access Controls
- Role-based access control (RBAC) for all system components
- Multi-factor authentication available for user accounts
- Regular access reviews and privilege audits
- Automatic session timeouts for inactive users
Audit Logging
- Comprehensive logging of all data access and modifications
- Tamper-proof audit trails
- Regular review of access logs
- Retention of audit logs for minimum of 6 years
User Rights and Responsibilities
As a user of AttendMe, you have the right to:
- Access your account information and usage history
- Request corrections to your account information
- Request deletion of your account and associated data
- Receive notifications of any security breaches
- File a complaint if you believe your privacy rights have been violated
Your responsibilities include:
- NOT entering any PHI or patient-identifiable information
- Maintaining the security of your account credentials
- Reporting any suspected security incidents immediately
- Using the service only for its intended research purposes
Business Associate Agreements
While AttendMe is not intended to handle PHI, we maintain Business Associate Agreements (BAAs) with our key service providers who meet HIPAA standards, including:
- Cloud infrastructure providers
- Database service providers
- Security monitoring services
These agreements ensure that our partners maintain appropriate safeguards for any data they process on our behalf.
Breach Notification
In the unlikely event of a data breach, we will:
- Notify affected users within 72 hours of discovery
- Provide details about what information was involved
- Describe steps we are taking to investigate and mitigate
- Offer guidance on protective measures you can take
- Comply with all applicable breach notification laws
Workforce Training
All AttendMe employees and contractors with access to user data receive:
- Initial HIPAA privacy and security training
- Annual refresher training
- Role-specific security training
- Regular updates on privacy best practices
Compliance and Auditing
We maintain our security posture through:
- Regular security risk assessments
- Third-party security audits
- Penetration testing
- Compliance monitoring and reporting
- Continuous improvement of security measures
Questions and Complaints
If you have questions about our privacy practices or believe your privacy rights have been violated:
Email: harry@attendme.ai
You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights:
Changes to This Notice
We reserve the right to change this notice and our privacy practices. Any changes will be posted on our website and will apply to all information we maintain. The effective date of the notice is listed at the top of this page.
Remember:
AttendMe is a research and educational tool. Never input patient-identifiable information. Always maintain patient privacy in accordance with your professional obligations and applicable laws.