Guava follows HIPAA, GDPR, and applicable federal and state law to keep your information secure.
Our Approach
We know how critical it is that your health information is safe and secure. We believe in transparency in our
practices and have written our privacy policy and terms of service in simple language.
We do not sell your data, and you are in complete control of who you share your profile with.
How we keep your information secure
Data is encrypted using AES-256 at rest and TLS 1.3 (minimum 1.2) in transit.
Guava utilizes modern cloud technologies that are built for HIPAA compliance.
Data is safeguarded from unauthorized access and tampering.
Our team of ex-Amazon engineers built Guava with industry standard security practices from day one.
Your privacy
This isn't just any information. It's your health information.
We do not sell your information.
We will never share your data without your permission.
We do not use your data for marketing or advertising.
HIPAA is
a US federal law that protects health information from being disclosed without the patient’s consent
or knowledge, while enabling health information to be accessed and used for patient care.
HIPAA provides you with the right to access your own health information, including by making
an official request to one of your providers.
Covered entities, such as health care providers and health plans, are required to follow
the standards outlined by HIPAA when handling and transmitting patient records. Whether acting as a
Business Associate under HIPAA or providing direct consumer services where HIPAA may not apply,
Guava applies the same rigorous safeguards across all operations to keep your data safe.
When partnering with covered entities or other business associates, Guava signs a Business Associate
Agreement or Data Sharing Addendum as applicable to contractually ensure compliance.
The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information (ePHI).
What this means for Guava:
Performing risk assessments and security audits at regular intervals
Encrypting electronic protected health information
Maintaining activity and audit logs
Protecting PHI from improper alteration and deletion
Ensuring integrity and security when data is being transmitted
The Privacy Rule requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made.
What this means for Guava:
Safeguarding PHI from intentional or unintentional uses and disclosures
Establishing a privacy policy on handling PHI, and updating the policy as the law changes
Ensuring communication about PHI is confidential
Not using PHI in marketing, and not selling PHI
Keeping a log of all disclosures of PHI
Restricting employee access to health data. Data is only accessed if a specific reason triggers it, such as a user asking us to fix a problem.
Training employees on protecting the privacy of PHI
At Guava, we take your security and privacy seriously. We do not sell your data, and
will only disclose your data if you or someone you give permission to explicitly shares your profile.
