We follow HIPAA, Federal, and State laws to ensure your information is secure.
Our Approach
We know how critical it is that your health information is safe and secure. We believe in transparency in our
practices and have ensured our privacy policy and terms of service are written in simple language.
We do not sell your data, and you are in complete control of who you share your profile with.
How we keep your information secure
Data is secured and encrypted at rest and in transit using industry standard encryption algorithms.
Guava utilizes modern cloud technologies that are built for HIPAA compliance.
Data is safeguarded from unauthorized access and tampering.
Our team of ex-Amazon engineers built Guava with industry standard security practices from day one.
Your privacy
This isn't just any information. It's your health information.
We do not sell your information.
We will never share your data without your permission.
We do not use your data for marketing or advertising.
HIPAA is
a US federal law that protects health information from being disclosed without the patient’s consent
or knowledge, while enabling health information to be accessed and used for patient care.
HIPAA provides you with the right to access your own health information, and is what allows Guava to help you retrieve your records from providers.
Covered entities, such as health care providers and health plans, are required to follow
the standards outlined by HIPAA when handling and transmitting patient records. Even though Guava is currently not
a covered entity, we still closely follow HIPAA rules to ensure the highest security and privacy to keep your data safe.
The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information (ePHI).
What this means for Guava:
Performing risk assessments and security audits at regular intervals
Encrypting electronic protected health information
Maintaining activity and audit logs
Protecting PHI from improper alteration and deletion
Ensuring integrity and security when data is being transmitted
The Privacy Rule requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made.
What this means for Guava:
Safeguarding PHI from intentional or unintentional uses and disclosures
Establishing a privacy policy on handling PHI, and updating the policy as the law changes
Ensuring communication about PHI is confidential
Not using PHI in marketing, and not selling PHI
Keeping a log of all disclosures of PHI
Restricting employee access to health data. Data is only accessed if a specific reason triggers it, such as a user asking us to fix a problem.
Training employees on protecting the privacy of PHI
At Guava, we take your security and privacy seriously. We do not sell your data, and
will only disclose your data if you or someone you give permission to explicitly shares your profile.
