HIPAA Role
Where Mindsherpa processes protected health information in connection with employer-sponsored wellness programs or covered entity arrangements, Mindsherpa may act as a Business Associate under HIPAA and agrees to protect PHI in accordance with applicable requirements and contractual obligations.
How We Protect PHI
Our safeguards are designed to protect confidentiality, integrity, and availability of health-related information. These safeguards may include:
- Encryption of data in transit and at rest.
- Role-based access controls and least-privilege access practices.
- Administrative privacy and security policies.
- Security monitoring, vulnerability management, and incident response procedures.
- Workforce privacy and security training.
Individual Rights
Depending on your relationship with Mindsherpa and the applicable program, you may have rights to access, amend, or request an accounting of certain disclosures of PHI. Requests should be submitted through the contact information below or through the sponsoring covered entity when applicable.
Employer Reporting
Mindsherpa does not share individual personal health information with employers for workforce management decisions. Employer-facing reporting is designed to use aggregated and anonymized insights unless a different disclosure is expressly authorized or legally required.