Skip to main content

Privacy Policy

Last updated: April 2026

hipaaHelp.us collects only what is required to deliver HIPAA training and produce completion records for your organization.

What we collect

  • Email address — used to identify you and send training links.
  • Name (optional) — as provided by your group administrator.
  • Training activity — quiz answers, per-question outcomes, slide viewing durations, completion timestamps, and score.
  • Session cookies — a single HTTP-only cookie maintains your session for 30 days.

What we do NOT collect

We do not collect Protected Health Information (PHI), patient records, IP address geolocation, behavioral tracking, or any third-party advertising identifiers.

How we use it

Training data is used only to (a) score your attempt, (b) generate your completion certificate, and (c) provide your group administrator with roster-level completion tracking for compliance recordkeeping under 45 CFR § 164.530(b)(2)(i).

Data location

Your organization’s training data is stored in a dedicated database (one per organization) hosted on Turso in AWS us-east-1. Training records are append-only and are never modified or deleted after creation.

Your rights

You may request access to or deletion of your training records by emailing your group administrator or support@hipaahelp.us. Your organization may also have internal processes governing access requests.

Contact

Privacy questions: privacy@hipaahelp.us