HIPAA Authorization Notice
Introduction
This HIPAA Authorization Notice explains how MLPipes LLC ("we," "our," or "us") collects, uses, and discloses your Protected Health Information ("PHI") when you use the myCARI mobile application (the "App").
By checking the HIPAA authorization checkbox during account setup, you provide your express written consent for us to collect, use, and disclose your PHI as described in this notice. This authorization is required to use the health tracking and care team features of myCARI.
What is Protected Health Information (PHI)?
Protected Health Information includes any individually identifiable health information that we collect, create, or receive through the App, including but not limited to:
- Medical conditions and diagnoses
- Medications and dosages
- Vital signs and health measurements
- Lab results and medical test data
- Medical appointment information
- Healthcare provider information
- Treatment and care plans
- Communications with care team members about your health
PHI We Collect
Health Data You Enter Manually
- Vital Signs: Blood pressure, heart rate, blood glucose, temperature, oxygen saturation, respiratory rate, weight
- Medications: Names, dosages, schedules, refill information, pharmacy details
- Medical History: Conditions, diagnoses, allergies, procedures, immunizations
- Appointments: Healthcare provider visits, scheduled procedures, follow-ups
- Medical Documents: Uploaded records, images, and files related to your health
Health Data from Apple HealthKit
With your permission, we collect:
- Heart rate and resting heart rate
- Blood pressure readings
- Blood glucose levels
- Oxygen saturation (SpO2)
- Respiratory rate
- Body measurements (height, weight, BMI)
- Sleep data (duration, stages, quality)
- Step count and distance
- Workout and exercise data
- ECG/electrocardiogram data
- Active and resting energy burned
- Stand hours
Health Data from Healthcare Providers (FHIR)
When you connect your healthcare provider accounts, we import:
- Laboratory results and reference ranges
- Medication lists and prescriptions
- Diagnoses and problem lists
- Immunization records
- Allergy and intolerance information
- Clinical notes and visit summaries
- Imaging reports and results
AI-Analyzed Health Data
- Meal Photos: Images you capture for nutritional analysis
- Health Patterns: AI-identified correlations in your health data
- Trends and Anomalies: Detected changes in your health metrics over time
Care Team Communications
- Messages exchanged with care team members
- Shared health reports and summaries
- Alerts and notifications sent to caregivers
How We Use Your PHI
Provide Health Tracking Services
- Display your health data in the App dashboard
- Track trends and changes in your vital signs
- Manage your medication schedules and reminders
- Store and organize your medical records
- Generate health reports and summaries
Generate AI Health Insights
- Analyze health patterns and correlations
- Provide personalized health observations
- Identify potential trends requiring attention
- Suggest relevant health topics and information
- Process meal photos for nutritional estimates
Enable Care Team Collaboration
- Share your health information with designated caregivers
- Send alerts when health metrics exceed thresholds
- Facilitate secure messaging between you and care team members
- Provide caregivers with health status updates
Send Health Reminders
- Medication reminders and refill alerts
- Appointment notifications
- Health measurement prompts
- Check-in reminders for care team updates
Improve Our Services
- Analyze usage patterns to enhance App features
- Improve AI model accuracy and relevance
- Identify and fix technical issues
- Develop new health tracking capabilities
Note: When used for service improvement, your data is de-identified and aggregated to protect your privacy.
Who Can Access Your PHI
You
You always have full access to all your health data in the App. You can view, export, and delete your information at any time.
Care Team Members
You control which care team members can access your PHI and at what level:
| Permission Level | Access Granted |
|---|---|
| Basic View | Medications, appointments, and emergency alerts only |
| Full View | All health data including vitals, medical history, and AI insights |
| Professional Caregiver | Full access with mandatory audit logging and professional accountability |
You can add, modify, or revoke care team member access at any time through App settings.
Our Service Providers
We use trusted service providers who may process your PHI under strict contractual protections:
| Provider | Purpose | Safeguards |
|---|---|---|
| Google Cloud Platform (GCP) | Cloud infrastructure and data storage | BAA in place, HIPAA-compliant configuration |
| Firebase | Authentication and real-time database | BAA in place, encrypted storage |
| AI Processing Services | Health insights and analysis | BAA in place, data minimization, no training on your data |
Legal and Emergency Disclosures
We may disclose your PHI without your authorization when:
- Required by law or legal process
- Necessary to prevent serious and imminent threat to health or safety
- Required for public health activities
- Requested by health oversight agencies
- Ordered by a court or administrative tribunal
Your HIPAA Rights
Right to Access
- View all your health data directly in the App
- Export your health records in standard formats (PDF, FHIR, JSON)
- Request a complete copy of your PHI we maintain
- Receive your records within 30 days of request
Right to Amendment
- Request corrections to inaccurate or incomplete health data
- Add clarifying notes or statements to your records
- Receive a response to amendment requests within 60 days
Right to Restriction
- Request limits on how we use or disclose your PHI
- Restrict disclosures to specific care team members
- Limit what information is shared with particular individuals
Right to Accounting of Disclosures
- Request a list of disclosures we have made of your PHI
- See who accessed your information and when
- Review audit logs for care team access
Right to Confidential Communications
- Request that we communicate with you by specific means
- Ask that information be sent to a particular address or location
Right to Revoke Authorization
- Withdraw this authorization at any time
- Revocation applies to future uses and disclosures only
- We will retain records of disclosures made prior to revocation
To exercise any of these rights, contact us at hipaa@mlpipes.ai
Security Measures
Encryption
- At Rest: AES-256 encryption for all stored health data
- In Transit: TLS 1.3 encryption for all data transmission
- End-to-End: Care team messages encrypted between devices
Access Controls
- Biometric Authentication: Face ID/Touch ID support for App access
- Password Protection: Strong password requirements for accounts
- Session Timeout: Automatic logout after period of inactivity
- Multi-Factor Authentication (MFA): Additional verification for sensitive operations
Audit Logging
- All access to PHI is logged with timestamps
- Care team member access is tracked and reviewable
- System access by our personnel is logged and monitored
Data Isolation
- Your health data is logically separated from other users
- Strict access controls prevent unauthorized cross-account access
- Regular security audits verify data isolation integrity
Message Retention and Deletion
Care Team Messages
- Messages are retained while your account is active
- You can delete individual messages from your view
- Deleted messages may be retained in audit logs for HIPAA compliance
Note: Under HIPAA, we are required to maintain records of communications containing PHI for compliance and audit purposes.
Message Audit Trail
- Audit logs of message access are retained for 6 years
- Logs include who accessed messages and when
- Audit trails cannot be deleted to ensure compliance
Data Retention
Active Account
While your account is active, we retain all your PHI to provide our services. You can delete specific data at any time through the App.
Account Deletion
- Active Data: Deleted within 30 days of account deletion request
- Backup Systems: Removed from backups within 90 days
- You will receive confirmation when deletion is complete
Legal Holds
If your data is subject to a legal hold or required for ongoing litigation, we may retain it beyond normal deletion timelines as required by law.
Authorization Term
Duration
This authorization remains in effect for as long as you maintain an active myCARI account, unless you revoke it earlier.
Revocation
You may revoke this authorization at any time by:
- Navigating to Settings > Privacy > Revoke HIPAA Authorization in the App
- Emailing your revocation request to hipaa@mlpipes.ai
- Sending a written request to our mailing address
Revocation will be processed within 5 business days. Note that revoking authorization will disable health tracking features that require PHI access.
Electronic Signature
By checking the HIPAA authorization checkbox during account registration or in your account settings, you are providing your electronic signature and consent to this HIPAA Authorization Notice.
Your electronic signature has the same legal effect as a handwritten signature under the Electronic Signatures in Global and National Commerce Act (E-SIGN Act) and the Uniform Electronic Transactions Act (UETA).
A copy of this authorization will be available in your account settings and can be downloaded at any time.
Changes to This Notice
We may update this HIPAA Authorization Notice from time to time. When we make material changes:
- We will notify you through the App or via email
- We will update the "Last Updated" date at the top of this notice
- For significant changes, we may request you re-acknowledge the authorization
- Continued use of health tracking features after notice of changes constitutes acceptance
Contact Information
- Privacy Inquiries: privacy@mlpipes.ai
- HIPAA Rights Requests: hipaa@mlpipes.ai
- General Support: support@mlpipes.ai
Privacy Officer: Alfeo A. Sabay
Address:
MLPipes LLC
5725 S Valley View Blvd Ste 5 PMB 471045
Las Vegas, Nevada 89118-3122 US
Acknowledgment
By providing your electronic signature (checking the authorization checkbox), you acknowledge that:
- You have read and understand this HIPAA Authorization Notice
- You voluntarily authorize MLPipes LLC to collect, use, and disclose your PHI as described
- You understand that you may revoke this authorization at any time
- You understand that information disclosed pursuant to this authorization may be subject to re-disclosure and may no longer be protected by federal privacy regulations
- You have received or have access to a copy of this authorization for your records