HIPAA Notice of Privacy Practices

Our Contact Information

Covered Entity: Qash Solutions Inc.
Service: myguide.health
DUNS Number: 119536275
Location: Texas, United States
Contact Email: admin@myguide.health
Privacy Officer: Contact via admin@myguide.health
Response Time: Within 5 business days

Our Commitment to Your Privacy

We are required by law to maintain the privacy of your Protected Health Information (PHI) and to provide you with this Notice of our legal duties and privacy practices with respect to PHI.

We are required to abide by the terms of this Notice currently in effect. We reserve the right to change the terms of this Notice and to make the new Notice provisions effective for all PHI that we maintain. If we make material changes to our privacy practices, we will post the revised Notice on our website and update the effective date.

What is Protected Health Information (PHI)?

PHI is information about you, including demographic information, that may identify you and relates to:

• Your past, present, or future physical or mental health or condition
• The provision of health care to you
• The past, present, or future payment for the provision of health care to you

In our Service, PHI includes but is not limited to: medications and dosages, health assessments, diet and nutrition information, medical conditions, supplement usage, and care notes.

How We May Use and Disclose Your PHI

1. Uses and Disclosures WITH Your Authorization

We require your explicit written authorization before using or disclosing your PHI for most purposes. You have provided authorization by:

• Creating an account and agreeing to our Terms of Service
• Providing explicit consent for medical features (drug interactions, health assessments)
• Adding family members or caregivers to your care group

2. Uses and Disclosures for Treatment, Payment, and Health Care Operations

For Treatment:

• Care Coordination: We share your medication schedules, health assessments, and care notes with authorized family members and caregivers you designate within your care group
• AI Health Analysis: We use Google Gemini AI to analyze your medication compliance, diet entries, and generate health summaries to assist in your care
• Drug Safety: We share medication names (but not your identity) with the FDA OpenFDA API to check for drug interactions and side effects
• Medication Reminders: We send SMS and email notifications about your medication schedules

For Payment:

• We share your Stripe customer ID with Stripe to process subscription payments
• We do not share health information with payment processors

For Health Care Operations:

• Quality improvement and service enhancement
• Customer support and troubleshooting
• Security monitoring and fraud prevention

3. Uses and Disclosures to Business Associates

We may disclose your PHI to our Business Associates who perform services on our behalf. We have Business Associate Agreements (BAAs) with these entities requiring them to safeguard your PHI:

• Google/Firebase: Cloud infrastructure, database storage, file storage, authentication, email notifications
• Google Gemini AI: Health summaries, medication analysis, diet analysis
• Anthropic Claude: AI-powered health analysis (fallback service)

4. Other Uses and Disclosures

We may use or disclose your PHI without your authorization in the following situations:

• Required by Law: When required by federal, state, or local law
• Public Health Activities: To prevent or control disease, injury, or disability
• Health Oversight Activities: To authorized health oversight agencies for audits, investigations, or inspections
• Legal Proceedings: In response to court orders, subpoenas, or discovery requests
• Law Enforcement: For law enforcement purposes as required by law
• To Avert Serious Threat: To prevent a serious and imminent threat to health or safety
• Emergency Situations: In emergency treatment situations

Your Rights Regarding Your PHI

1. Right to Access Your PHI

You have the right to inspect and obtain a copy of your PHI. You can access all your health information through your dashboard at any time. You may also request a copy by contacting us at admin@myguide.health.

We will provide your PHI within 30 days of your request. We may charge a reasonable, cost-based fee for copying and postage.

2. Right to Request Amendment

If you believe that your PHI is incorrect or incomplete, you may request that we amend it. You can update most information directly through your dashboard settings. For other amendments, contact us at admin@myguide.health.

We will respond to your amendment request within 60 days. We may deny your request if the information:

• Was not created by us
• Is not part of the records we maintain
• Is not information you would be permitted to inspect and copy
• Is accurate and complete as is

3. Right to an Accounting of Disclosures

You have the right to receive an accounting of certain disclosures of your PHI made by us during the six years prior to your request. This does not include:

• Disclosures for treatment, payment, and health care operations
• Disclosures made to you
• Disclosures you authorized
• Disclosures to persons involved in your care

To request an accounting, contact us at admin@myguide.health. We will provide the first accounting within 12 months free of charge.

4. Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI. You can request restrictions through your account settings or by contacting us.

We are not required to agree to your request except in the case where you pay out-of-pocket in full for a service and request that we not disclose PHI related to that service to your health plan.

5. Right to Request Confidential Communications

You have the right to request that we communicate with you about your PHI in a certain way or at a certain location. You can specify your preferred communication method in your account settings or by contacting us.

6. Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Notice upon request. To request a paper copy, contact us at admin@myguide.health.

7. Right to Revoke Authorization

You may revoke your authorization for us to use or disclose your PHI at any time by:

• Revoking medical feature consent in your account settings
• Removing family members or caregivers from your care group
• Deleting your account entirely

Your revocation will not affect any uses or disclosures already made in reliance on your authorization.

8. Right to Be Notified of a Breach

You have the right to be notified in the event of a breach of your unsecured PHI. We will notify you within 72 hours of discovering a breach.

Our Responsibilities

• We are required by law to maintain the privacy and security of your PHI
• We will notify you promptly if a breach occurs that may have compromised the privacy or security of your PHI
• We must follow the duties and privacy practices described in this Notice
• We will not use or share your PHI other than as described here unless you give us written permission
• If you give us permission, you may change your mind at any time

How We Protect Your PHI

Technical Safeguards

• Encryption: All data encrypted in transit (HTTPS/TLS) and at rest (Firebase encryption)
• Access Controls: Authentication required; role-based access control; minimum necessary access
• Audit Controls: All PHI access is logged with user ID, timestamp, and action taken
• Automatic Logoff: Sessions expire after 24 hours of inactivity
• Integrity Controls: Protected fields prevent unauthorized modifications

Physical Safeguards

• Data stored in secure Google Cloud data centers with enterprise-grade physical security
• Redundant backups and disaster recovery procedures

Administrative Safeguards

• Designated Privacy and Security Officers
• Regular security risk assessments
• Workforce training on HIPAA compliance
• Incident response procedures
• Business Associate Agreements with all vendors handling PHI

Minimum Necessary Standard

When using or disclosing PHI, we make reasonable efforts to limit the information to the minimum necessary to accomplish the intended purpose. For example:

• Caregivers can only access PHI for loved ones specifically assigned to them
• Family members can only access PHI for loved ones in their care group
• AI analysis receives only the minimum data needed for the specific analysis requested
• Drug interaction checks send only medication names, not patient identities

Marketing and Sale of PHI

We do not:

• Use your PHI for marketing purposes
• Sell your PHI to third parties
• Send you marketing communications (all emails and SMS are transactional only)

If we ever wish to use PHI for marketing or sell PHI, we will obtain your written authorization first.

Changes to This Notice

We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for PHI we already have about you as well as any information we receive in the future.

We will post the current Notice on our website with the effective date. You may also request a copy of the current Notice at any time by contacting us at admin@myguide.health.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS).

To file a complaint with us:

• Email: admin@myguide.health
• Subject Line: "HIPAA Privacy Complaint"
• Include: Your name, contact information, and description of the issue

To file a complaint with HHS:

• Office for Civil Rights, U.S. Department of Health and Human Services
• Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
• Phone: 1-877-696-6775

You will not be penalized or retaliated against for filing a complaint.

Questions

If you have questions about this Notice or need more information, please contact:

Privacy Officer
Qash Solutions Inc.
Email: admin@myguide.health
Response Time: Within 5 business days