HIPAA Notice of Privacy Practices

Our Commitment

Peppy Club LLC acts as a platform connecting users with healthcare providers. While individual providers are responsible for their own HIPAA compliance, we implement technical safeguards to protect any Protected Health Information (PHI) that passes through our platform.

Technical Safeguards

Encryption: All personal and health-related data is encrypted at rest using AES-256-GCM, a FIPS 140-2 compliant encryption standard.

Access Controls: Role-based access ensures only authorized personnel can access sensitive data.

Audit Trails: All access to and modifications of health data are logged in immutable audit records.

Transmission Security: All data in transit is encrypted using TLS 1.2 or higher.

Video Consultations: Video calls are peer-to-peer (WebRTC) with end-to-end encryption. Call content is not recorded, stored, or accessible to Peppy Club.

Fail-Safe Design: If any decryption operation fails, the system returns an encrypted placeholder rather than exposing data.

Your Rights

Under HIPAA, you have the right to: inspect and obtain a copy of your health information; request amendments to your health records; receive an accounting of disclosures; request restrictions on uses and disclosures; receive confidential communications; file a complaint if you believe your rights have been violated.

Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals within 60 days as required by HIPAA. Due to our encryption-at-rest design, a breach of encrypted data does not constitute a reportable breach under HIPAA Safe Harbor provisions.

Contact

HIPAA Privacy Officer: privacy@peppyclub.com

To file a complaint: U.S. Department of Health and Human Services, Office for Civil Rights