Patient Privacy & HIPAA

1. Our Commitment to Patient Privacy

While we have not yet achieved formal HIPAA compliance certification, HomeoBrain is built in accordance with HIPAA standards. Protecting patient privacy is a core design principle — not an afterthought.

2. Automatic PII Scrubbing

All patient data is automatically scrubbed of personally identifiable information before any AI processing takes place. Our parser strips:

• Names — patient names, family member names, practitioner names
• Dates of birth — full dates, partial dates, ages expressed as dates
• Phone numbers — all formats (domestic and international)
• Addresses — street addresses, cities, ZIP codes
• Social Security numbers (SSNs)
• Email addresses
• Medical record numbers
• All 18 HIPAA Safe Harbor identifiers

This scrubbing happens before any case text is sent to third-party AI services (Google, Anthropic) for analysis.

3. Patient Data Storage and Protection

To let you revisit cases and discuss them with the AI, HomeoBrain prompts you to save each case you analyze (one click, or skip), encrypted at rest. The case text used for the in-app search index is de-identified first (all 18 Safe Harbor identifiers removed). Any patient name or label you enter is stored encrypted and used only to link follow-up sessions. We do not use your case data to train AI models or for analytics, and we never sell it. You can permanently delete any case at any time, which also removes it from the search index.

4. No Third-Party Data Sharing

We will never share any patient data with third parties. The only external transmission of case data is to AI providers for generating your analysis, and this data has already been scrubbed of all identifiable information before transmission.

5. Pre-Scrubbed Cases Welcome

You are also welcome to upload case files that have already been de-identified. If you prefer to scrub your own data before uploading, our system will still run its own pass to catch anything that may have been missed.

6. Saved Analyses

When you save a case (you are prompted after each analysis, or save manually), HomeoBrain stores the case text and results encrypted, along with an optional encrypted patient name or label and a case date. The text used for search is de-identified before indexing. Saved cases are tied to your account and can be permanently deleted at any time. We recommend anonymized identifiers (e.g., "Case #42") for the label.

7. The 18 HIPAA Safe Harbor Identifiers

For reference, the HIPAA Safe Harbor method defines 18 types of identifiers that must be removed for data to be considered de-identified:

• Names
• Geographic data smaller than a state
• Dates (except year) related to an individual
• Phone numbers
• Fax numbers
• Email addresses
• Social Security numbers
• Medical record numbers
• Health plan beneficiary numbers
• Account numbers
• Certificate/license numbers
• Vehicle identifiers and serial numbers
• Device identifiers and serial numbers
• Web URLs
• IP addresses
• Biometric identifiers
• Full-face photographs
• Any other unique identifying number or code

HomeoBrain's parser is designed to detect and remove all of these before any AI processing occurs.

8. Questions?

If you have any questions about how we handle patient data, please contact us at drmoshe@homeobrain.com.