HIPAA Compliance Statement

AI Image Care's commitment to data security and privacy, including considerations related to the Health Insurance Portability and Accountability Act (HIPAA).

Last Updated: May 27, 2024

1. Introduction

AI Image Care provides AI-powered image analysis tools for general wellness, fitness, nutrition, and informational insights (the "Service"). We are committed to protecting the privacy and security of user data. This statement outlines our position regarding the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, including by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Important Disclaimer: AI Image Care's tools are designed for informational, educational, and general wellness purposes only. They are NOT intended to be used for the diagnosis, treatment, mitigation, or prevention of any disease or medical condition. As such, for most individual users utilizing our publicly available tools for personal, non-clinical insights, the data processed may not inherently qualify as Protected Health Information (PHI) under HIPAA, as AI Image Care is not acting as a Covered Entity or a Business Associate in that direct-to-consumer context for wellness purposes.

Always consult with a qualified healthcare professional for any medical advice, diagnosis, or treatment.

2. Our Role and HIPAA Applicability

2.1. Direct-to-Consumer Services

When individual users access our general wellness tools directly through our public website (aiimagecare.com) for personal informational purposes (e.g., fitness tracking, nutrition estimation, general skin appearance observations), AI Image Care typically does not act as a "Covered Entity" (like a doctor's office or hospital) or a "Business Associate" (a vendor serving a Covered Entity) as defined under HIPAA. The information you provide in this context is governed by our Privacy Policy and Terms of Service.

While the images and data you upload may relate to your health, if you are using the tools for personal wellness insights and not in the context of receiving medical care from a Covered Entity that has directed you to use our service, HIPAA's specific requirements may not directly apply to AI Image Care's handling of that data as PHI.

2.2. Potential Future Services for Covered Entities

Should AI Image Care offer services directly to "Covered Entities" (e.g., healthcare providers, health plans) or act as a "Business Associate" on their behalf, where our tools are used to create, receive, maintain, or transmit Protected Health Information (PHI), we are committed to meeting all applicable HIPAA requirements for such services. This would involve entering into Business Associate Agreements (BAAs) with such Covered Entities, outlining our responsibilities to protect PHI in accordance with HIPAA.

In such scenarios, AI Image Care would implement and maintain appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI) as required by the HIPAA Security Rule.

3. Data Security and Privacy Practices

Regardless of direct HIPAA applicability for our general wellness tools, AI Image Care is deeply committed to robust data security and privacy. We implement significant safeguards designed to protect all user data, including images and any derived information. These practices are informed by industry best standards and include:

  • Technical Safeguards:
    • Encryption of data in transit and at rest where appropriate.
    • Access controls to limit data access to authorized personnel.
    • Secure server infrastructure hosted with reputable providers who maintain high security standards.
    • Regular security assessments and updates.
  • Administrative Safeguards:
    • Policies and procedures for data handling and security.
    • Employee training on data privacy and security.
    • Incident response plans.
  • Physical Safeguards:
    • Our cloud service providers are responsible for the physical security of the data centers where data is stored, adhering to strict industry standards.

For more details on our data handling practices, please see our Privacy Policy.

4. User Responsibilities

Users are responsible for the data they choose to upload to our Service. We urge users:

  • Not to upload images or information that they consider to be sensitive PHI if they are concerned about its handling outside of a formal healthcare provider relationship where HIPAA protections are explicitly in place through a Covered Entity.
  • To use strong passwords and maintain the confidentiality of any account credentials, if applicable.
  • To be mindful of where and how they access our services to protect their own privacy (e.g., using secure networks).

5. De-Identification and Aggregation

For the purpose of improving our AI models and the Service, AI Image Care may use de-identified or aggregated data derived from user uploads. De-identification is a process by which personally identifiable information is removed, such that the remaining data does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual. De-identified data, as defined by HIPAA standards, is not considered PHI.

6. Disclaimer

This statement is for informational purposes and does not constitute a guarantee of HIPAA compliance in all contexts, especially for direct-to-consumer use of our general wellness tools where AI Image Care is not acting as a Covered Entity or Business Associate. The applicability of HIPAA depends on the specific nature of the data, the user, and the context in which services are provided.

Healthcare professionals and organizations considering using AI Image Care in a capacity that involves PHI should contact us directly to discuss specific compliance requirements and the potential for a Business Associate Agreement.

7. Changes to This Statement

We may update this HIPAA Compliance Statement from time to time to reflect changes in our services, legal requirements, or industry best practices. We will post any changes on this page and update the "Last Updated" date.

8. Contact Information

If you have any questions about this HIPAA Compliance Statement or our data security practices, please contact us: