HIPAA Compliance Policy

Effective Date: July 21, 2025
Last Updated: July 21, 2025 

Disclaimer for consumers in general: Inner Support is Not a Healthcare Provider and does not provide Therapy Services. The content and features provided are for informational and supportive purposes only and are not intended as therapy or medical care for consumers in general. If you are seeking therapy, consult a licensed mental health professional. Inner Support is not intended to diagnose, treat, cure, or prevent any mental health condition.

Disclaimer for therapists and Practitioners: Inner Support is designed to assist your clinical workflow and facilitate communication with clients as appropriate. However, Inner Support does not provide clinical services or medical advice. Responsibility for HIPAA compliance and all aspects of clinical care, including treatment decisions, documentation, and patient communication, rests solely with you as the licensed provider or practitioner.

Overview:

At Inner Support, we are committed to protecting the privacy and security of your health information. Although Inner Support is not a healthcare provider and does not offer medical or therapeutic services, we’ve chosen to implement data protection practices consistent with the Health Insurance Portability and Accountability Act (HIPAA). Under HIPAA, “health information” means any information, whether oral or recorded in any form or medium, that is created or received by a health care provider, health plan, employer, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.

This policy outlines how the Inner Support protects users’ health information and complies with the Health Insurance Portability and Accountability Act (HIPAA). This policy explains our role, our technical safeguards, and how HIPAA may apply when our platform is used by healthcare providers and practitioners.

 

1. Inner Support is Not a Covered Entity under HIPAA

Inner Support is not a covered entity under HIPAA. We are a wellness-focused platform designed for use by both general consumers and professional users, including licensed therapists and other healthcare providers. While HIPAA does not directly apply to us as a platform, we provide features and safeguards that allow professional users to use our app in a HIPAA-aligned manner. When such users engage with our platform, and where applicable, we are willing to enter into a Business Associate Agreement (BAA) upon request

 

2. Our Technical Safeguard

All personal health information you enter in to Inner Support—including journal entries, mood logs, session transcripts, and personal reflections—is encrypted both in transit and at rest. We use industry-standard, HIPAA-compliant servers and secure access controls to ensure your information remains private.

We take privacy seriously and have implemented administrative, physical, and technical safeguards designed to protect sensitive information, including:

  • Data encryption (at rest and in transit)
  • Role-based access control
  • User authentication and session timeouts
  • HIPAA-compliant cloud infrastructure
  • Access and audit logs
  • Internal staff confidentiality protocols

These safeguards are intended to support secure use by covered entities and business associates, but do not replace or relieve users of their own legal obligations under HIPAA or other applicable laws.

 

3. Responsibility of Professional Users

If you are a licensed therapist, healthcare provider, practitioner or any user subject to HIPAA, you are solely responsible for:

  • Obtaining valid consent or authorization from your clients before collecting or storing any protected health information (PHI)
  • Ensuring that your use of Inner Support complies with HIPAA and your professional licensing rules
  • Limiting the use and disclosure of PHI to what is legally permissible
  • Securing access to your device and your account

Use of Inner Support does not create a patient-provider relationship, and we do not control the content you upload or store.

 

4. We do not Use, Sell or Share your Data

We do not share your health information with any third parties for marketing or any non-essential purposes. Your information will only be disclosed if required by law or with your explicit consent.

We do not access, sell, or share PHI stored through our App, except:

(1)   As required by law (e.g., court order or subpoena);

(2)  To service providers under a confidentiality agreement with security assurances; and

(3)  With user consent.

 

5. Who has Access to your Data

Only authorized personnel and select HIPAA-compliant service providers have access to your personal health information, and only as needed to deliver and improve our services. All staff and vendors are bound by strict confidentiality agreements.

 

6. How Can you Control your Data

You may request access to, correction of, or deletion of your health information at any time by contacting us at stacey@drstaceyshelby.com.

 

7. Business Associate Agreements (BAAs)

All third-party vendors that may process or store PHI on our behalf have signed HIPAA Business Associate Agreements (BAAs) to ensure your data is handled according to legal and ethical standards.

To request a BAAs please email us at: stacey@drstaceyshelby.com.

 

8. What happens in case of Data Breach

In the unlikely event of a data breach affecting your health information, we will promptly notify you as required by HIPAA regulations and will take all necessary steps to address and mitigate the breach.

 

9. No Guarantee of HIPAA Compliance for Specific Use Case

While we implement safeguards consistent with HIPAA requirements, we do not guarantee HIPAA compliance for your specific use case. Compliance ultimately depends on how you configure and use the platform. You are responsible for using the app in a legally and ethically appropriate manner.

 

10. Use of Artificial Intelligence (AI)

Inner Support uses artificial intelligence technologies to enhance certain features of the platform, such as personalized recommendations, pattern recognition, or user experience improvements.

If you are a professional user handling Protected Health Information (PHI), please note:

  • AI-generated outputs are based on the data you input or allow to be processed. You are responsible for ensuring that any PHI entered into AI-supported features is used in accordance with HIPAA and your professional obligations.
  • We do not access, train on, or share PHI with external AI models.
  • AI functionalities are developed and deployed in a manner designed to preserve data integrity, confidentiality, and access control, and do not override your responsibility to use these features ethically and legally.

If you have questions about how AI is used in the app or need to disable specific features for compliance reasons, please contact us at stacey@drstaceyshelby.com

 

Questions?

If you have any questions or concerns about how your health information is handled, please contact:

Email: stacey@drstaceyshelby.com

Phone: 310-990-2649

Mailing Address: 111 NE 1st Street 8th Floor, #8307, Miami Florida, 33132.

 

This statement is intended to demonstrate our ongoing commitment to privacy and compliance. Please review our full Privacy Policy for more details.