HIPAA Privacy Notice
Last updated: March 23, 2026
VQ Healthy is designed to be HIPAA compliant. We protect your Protected Health Information (PHI) with the same standards used by healthcare organizations.
1. What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires safeguards to protect the privacy and security of personal health information.
2. Protected Health Information (PHI)
PHI includes any individually identifiable health information. In VQ Healthy, this includes:
- Your name and contact information
- Health metrics (weight, blood sugar, heart rate, etc.)
- Medication records and prescriber information
- Appointment details
- CGM (glucose monitor) data
3. How We Protect Your PHI
| Safeguard | Implementation |
|---|---|
| Encryption at Rest | AES-256-CBC for all PHI fields |
| Encryption in Transit | TLS 1.2+ (HTTPS required) |
| Access Controls | Session-based authentication with 2FA option |
| Audit Controls | All access and modifications logged with timestamp, user, IP |
| Integrity Controls | CSRF protection, input sanitization, prepared statements |
| Transmission Security | SSL/TLS for all data transmission |
| Password Security | bcrypt hashing with cost factor 12 |
4. Your Rights Under HIPAA
- Right to Access: You can view and export your health data at any time
- Right to Amendment: You can request correction of your health records
- Right to an Accounting of Disclosures: You can request a record of who has accessed your data
- Right to Restrict Disclosures: You control which providers can access your information
- Right to Confidential Communications: You choose how we contact you
5. Breach Notification
In the unlikely event of a data breach affecting your PHI, we will:
- Notify you within 60 days of discovering the breach
- Provide details about what information was affected
- Describe steps we are taking to address the breach
- Report to the HHS Secretary as required by law
6. Minimum Necessary Standard
We access, use, and disclose only the minimum amount of PHI necessary for the intended purpose. Provider connections only expose your medication list — not your full health data.
7. Contact Our Privacy Officer
For HIPAA-related questions or to exercise your rights:
VisionQuest Services LLC
Email: email4johnson@gmail.com
All your data is HIPAA compliant and encrypted.