Safety & HIPAA Compliance
Your privacy is not a feature — it's the foundation.
Euthyn is designed from the ground up to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA). We treat every piece of health information you share as Protected Health Information (PHI) and apply the full technical, administrative, and physical safeguards the law requires — and then some.
Encryption at Rest & In Transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Session recordings and messages are never stored in plain text.
Minimum Necessary Access
Staff and systems only access the minimum data required to deliver care. Access logs are audited regularly.
Business Associate Agreements
All third-party vendors that process health information sign a HIPAA Business Associate Agreement (BAA) before any data sharing occurs.
Secure Infrastructure
Our infrastructure runs on SOC 2 Type II certified cloud providers with automatic backups, intrusion detection, and disaster recovery.
What counts as Protected Health Information (PHI)?
PHI includes any information that could identify you and relates to your past, present, or future physical or mental health. This includes session notes, diagnoses discussed during sessions, appointment history, and payment information when connected to a health service. Euthyn stores only what is necessary to deliver your care and never sells PHI to advertisers or data brokers.
Your Rights Under HIPAA
You have the right to access your own health records, request corrections, receive an account of disclosures, and request restrictions on how your information is used or shared. To exercise any of these rights, contact us at [email protected].
Breach Notification
In the unlikely event of a data breach involving PHI, Euthyn will notify affected individuals within 60 days as required by the HIPAA Breach Notification Rule. Breaches affecting more than 500 individuals in a state are also reported to the U.S. Department of Health & Human Services.
Cookies & Analytics
We use minimal, privacy-first analytics that do not track individual health behaviour. No session content is ever used for advertising purposes. You can opt out of optional analytics cookies at any time via your browser settings.