Protocol Health

Legal

HIPAA Notice

Effective date: June 14, 2026

This notice explains why the Health Insurance Portability and Accountability Act (HIPAA) does not apply to Protocol Health, and how the information you provide is protected instead.


1. HIPAA does not apply to Protocol Health

Protocol Health is not a HIPAA “covered entity” or a “business associate,” and HIPAA does not govern the information you submit to us. We do not provide treatment, bill or process health insurance, or operate on behalf of a healthcare provider, health plan, or healthcare clearinghouse. As a result, the HIPAA Privacy Rule and Security Rule do not apply to the data you enter into the Service.

2. Why HIPAA does not apply

HIPAA regulates healthcare providers, health plans, and healthcare clearinghouses (and the business associates that handle protected health information on their behalf). Protocol Health is an educational research simulator. The health information you enter is self-reported by you for educational purposes and is not created or received in the course of treatment or insurance activities, so it falls outside HIPAA’s scope.

3. How your information is protected instead

Although HIPAA does not apply, the information you provide is protected under other laws and our policies, including:

  • our Consumer Health Data Privacy Policy, which implements the Washington My Health My Data Act, Nevada SB 370, and the Connecticut Data Privacy Act;
  • our general Privacy Policy, which implements the California Consumer Privacy Act (CCPA/CPRA) and other U.S. state privacy laws; and
  • the Federal Trade Commission Act and the FTC’s Health Breach Notification Rule.

4. Breach-notification commitment

Although HIPAA’s breach-notification rule does not apply to us, Protocol Health is subject to the FTC’s Health Breach Notification Rule. In the event of a breach of unsecured identifiable health information, we are committed to notifying affected individuals, the Federal Trade Commission, and, where required, the media, in accordance with that Rule.

5. No claim of HIPAA compliance

Because HIPAA does not apply to us, we do not represent that the Service is “HIPAA-compliant” or that your information is protected by HIPAA. We provide this notice so that your expectations about how your information is regulated are accurate.

6. Contact us

If you have questions about how we handle your health information, contact us at support@myprotocol.health.