HIPAA Notice | Mindsherpa
Mindsherpa Legal

HIPAA Notice

This notice summarizes HIPAA-related privacy and security practices for Mindsherpa services that involve protected health information.

Last Updated: August 18, 2025
This HIPAA Notice is intended to support the broader Privacy Policy. It is not a substitute for a Business Associate Agreement or any required plan-specific privacy documentation.

HIPAA Role

Where Mindsherpa processes protected health information in connection with employer-sponsored wellness programs or covered entity arrangements, Mindsherpa may act as a Business Associate under HIPAA and agrees to protect PHI in accordance with applicable requirements and contractual obligations.

How We Protect PHI

Our safeguards are designed to protect confidentiality, integrity, and availability of health-related information. These safeguards may include:

  • Encryption of data in transit and at rest.
  • Role-based access controls and least-privilege access practices.
  • Administrative privacy and security policies.
  • Security monitoring, vulnerability management, and incident response procedures.
  • Workforce privacy and security training.

Individual Rights

Depending on your relationship with Mindsherpa and the applicable program, you may have rights to access, amend, or request an accounting of certain disclosures of PHI. Requests should be submitted through the contact information below or through the sponsoring covered entity when applicable.

Employer Reporting

Mindsherpa does not share individual personal health information with employers for workforce management decisions. Employer-facing reporting is designed to use aggregated and anonymized insights unless a different disclosure is expressly authorized or legally required.

Contact

Canada Ottawa, Ontario infoca@mindsherpa.health
Europe Portugal, Lisbon infopt@mindsherpa.health
Luxembourg Luxembourg, Luxembourg infolx@mindsherpa.health