HIPAA Compliance

Notice of Privacy Practices

Effective: April 16, 2026

HIPAA Covered Entity

TrueEval Medical Group is a HIPAA-covered entity. All PHI is protected under federal law.

AES-256 Encryption

All health data encrypted at rest and in transit using military-grade encryption standards.

Minimum Necessary

We only access the minimum amount of your health information needed for each purpose.

Your Rights

You have the right to access, amend, and receive an accounting of disclosures of your PHI.

This Notice Describes How Medical Information About You May Be Used and Disclosed

TrueEval Medical Group and TrueEval Labs, Inc. (collectively "TrueLabs") are committed to protecting your protected health information (PHI). This Notice of Privacy Practices describes how we may use and disclose your PHI and your rights regarding that information.

Uses and Disclosures of PHI

For Treatment: We may use your PHI to provide, coordinate, or manage your healthcare. This includes sharing your laboratory results with reviewing physicians within TrueEval Medical Group, transmitting prescriptions to fulfillment pharmacies, and coordinating with mobile phlebotomy services.

For Payment: We may use your PHI to process payments for services rendered, including membership fees, testing panels, and treatment fulfillment.

For Healthcare Operations: We may use your PHI for quality assessment, training, and improving our AI-powered clinical intelligence engine. All data used for AI training is de-identified in accordance with HIPAA Safe Harbor standards.

Your Rights

Under HIPAA, you have the right to: Access your PHI and request copies of your health records; Amend your PHI if you believe it is incorrect or incomplete; Restrict certain uses and disclosures of your PHI; Receive confidential communications of your PHI by alternative means or at alternative locations; Receive an accounting of disclosures of your PHI; File a complaint if you believe your privacy rights have been violated.

Security Measures

We maintain comprehensive administrative, technical, and physical safeguards including: AES-256 encryption for all data at rest; TLS 1.3 encryption for all data in transit; SOC 2 Type II compliant cloud infrastructure; role-based access controls with audit logging; regular penetration testing and vulnerability assessments; workforce training on HIPAA compliance; Business Associate Agreements with all vendors who access PHI.

Contact Our Privacy Officer

If you have questions about this Notice or wish to exercise your rights, contact our HIPAA Privacy Officer at [email protected] or write to: TrueEval Labs, Inc., HIPAA Privacy Officer, [Address]. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.