HIPAA Notice

Last Updated: January 2026

Privacy-First
256-bit SSL
Security Controls
Delaware Corp
PCI DSS

Important: FairVisitHealth is NOT a HIPAA-Covered Entity

FairVisitHealth is a healthcare price comparison platform, not a healthcare provider, health plan, or healthcare clearinghouse. We do not provide medical care, process insurance claims, or have access to your medical records. Therefore, HIPAA regulations do not apply to our services.

1. What This Means for You

What We DO

  • Display publicly available healthcare pricing
  • Help you compare costs across providers
  • Provide AI-powered price estimates
  • Store your search preferences and history
  • Process subscription payments via Stripe

What We Do NOT Do

  • Provide medical care or treatment
  • Access your medical records or PHI
  • Process insurance claims or billing
  • Store diagnoses, prescriptions, or lab results
  • Act as a healthcare provider or clearinghouse

2. Protected Health Information (PHI)

We Do Not Collect, Store, or Transmit PHI

Protected Health Information (PHI) under HIPAA includes individually identifiable health information such as medical records, treatment history, diagnoses, and insurance information. FairVisitHealth does not have access to any PHI.

When you search for healthcare prices on our platform, we only process:

  • Search terms (e.g., "MRI", "dental cleaning")
  • Location data (ZIP code or city)
  • Account information (email, name)
  • Usage analytics (anonymized)

3. Applicable Regulations

While HIPAA does not apply to FairVisitHealth, we comply with all applicable privacy regulations:

FTC Act Section 5

Prohibition on unfair or deceptive practices in consumer transactions.

FTC Health Breach Notification Rule (HBNR)

Requires notification in case of a breach of identifiable health-related information, even for non-HIPAA entities.

State Consumer Health Data Laws

Including Washington My Health My Data Act, California CCPA/CPRA, and similar state laws that protect consumer health data.

4. For Healthcare Providers

Business Associate Agreements (BAA)

Since FairVisitHealth does not access, store, or transmit PHI, we are not a Business Associate under HIPAA and do not require BAAs with healthcare providers.

However, if your organization requires a data handling agreement for non-PHI data (such as pricing information or provider directory listings), please contact us at:

[email protected]

Provider Data Sources

Provider information displayed on FairVisitHealth is sourced from:

  • NPPES (National Plan and Provider Enumeration System) - Public NPI data
  • CMS Hospital Transparency Files - Public pricing data
  • Provider websites and public directories
  • User-submitted pricing reports (community prices)

5. Data Security

Even though we don't handle PHI, we maintain enterprise-grade security standards:

  • Encryption: 256-bit SSL/TLS in transit, AES-256 at rest
  • Access Control: Row-level security (RLS) on all database tables
  • Authentication: Secure auth with MFA support for admin accounts
  • Monitoring: Real-time security monitoring and intrusion detection
  • Auditing: Comprehensive audit logs for all data access
  • Backups: Daily encrypted backups with disaster recovery

6. Your Rights

You have the following rights regarding your data on FairVisitHealth:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a standard format
  • Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at [email protected]

7. Contact Information

FairVisitHealth, Inc.

Delaware Corporation

Privacy Inquiries: [email protected]

Provider Relations: [email protected]

General Support: [email protected]

This notice is provided for informational purposes to clarify FairVisitHealth's regulatory status. It is not legal advice. Consult a qualified attorney for specific legal questions regarding HIPAA compliance.