← Home

HIPAA Notice of Privacy Practices

Last updated March 2026.

Voluntary compliance: UniteRare voluntarily implements HIPAA-aligned practices. As a technology platform (not a covered healthcare entity), we are not legally required to comply with HIPAA. We follow these practices because we believe they represent the right standard for handling sensitive health information.

1. What Information This Notice Covers

This notice describes how UniteRare handles health-related information you provide, including diseases you follow, symptom information you enter, and health details you share in your profile or community posts.

2. How We Protect Health Information

UniteRare implements technical, administrative, and physical safeguards aligned with HIPAA standards:

  • Encryption: All data is encrypted at rest and in transit using industry-standard protocols.
  • Access controls: Strict role-based access controls limit who can access health-related data.
  • Three-Vault separation: Identity data and health context data are stored in separate vaults and never joined for third-party sharing. See our Privacy Policy for details.
  • Minimum necessary principle: We collect only the health information necessary to provide platform features.
  • Audit logging: Access to sensitive data is logged for security review.

3. Business Associate Agreements (BAAs)

When AI features process health-related queries (such as the insurance appeal generator or diagnosis assist), we maintain Business Associate Agreements with AI service providers to govern the handling of that information under HIPAA-aligned standards.

4. How We Use Health Information

Health-related information is used only to:

  • Provide personalized platform features (disease alerts, relevant trial matching)
  • Generate aggregate, de-identified research insights with your consent
  • Improve platform accuracy and relevance

We do not sell, rent, or share your health information for advertising, insurance underwriting, or employment purposes.

5. Your Rights Regarding Health Information

  • Right to access: Request a copy of health information associated with your account.
  • Right to amendment: Request correction of inaccurate health information.
  • Right to restriction: Request we limit how we use your health information.
  • Right to deletion: Request complete deletion of your account and associated health data. Email team@uniterare.com.
  • Right to complain: You may file a complaint without retaliation.

6. De-identification and Research

Where we aggregate data for research or analytics, we apply de-identification methods including:

  • Removal of direct identifiers (name, email, IP address)
  • Minimum cell sizes of n≥5 for any reported aggregate
  • Geographic generalization to state level or above

7. Data Breach Notification

In the event of a data breach involving health information, we will notify affected users promptly and take immediate corrective action.

8. Contact

Privacy Officer: team@uniterare.com
UniteRare, Westwood, Massachusetts