HIPAA

Last updated: June 21, 2026

This page explains how HIPAA applies to Autus. It's a summary, not legal advice — for the full picture, read our Privacy Policy.

Personal use

When you use Autus to track your own protocol, HIPAA generally doesn't apply. HIPAA governs “covered entities” — healthcare providers, health plans, and clearinghouses — and their business associates. An individual logging their own data isn't a covered entity, so your personal account falls outside HIPAA. Your data is still protected by our Privacy Policy and the safeguards below.

Coach & clinic plans

If you're a coach, nurse practitioner, or clinic managing client protocols through Autus, you may be handling protected health information (PHI) on behalf of others. For those plans we offer HIPAA-ready data handling, including:

A Business Associate Agreement (BAA) available on request before any PHI is shared with us.
A consent flow on every protocol you share with or manage for a client.
Access controls, audit logging, and adherence reporting scoped to the client seats on your plan.

To start a BAA or ask about clinic onboarding, email hi@getautus.com.

How we safeguard your data

Encryption. Data is encrypted in transit and at rest.
Least access. Access is limited to what's needed to operate the service.
Portability. You can export your data (CSV, JSON, or a clinician PDF) or delete your account at any time.

Autus is not a medical device or a covered entity for personal use. Nothing here is legal advice. If you handle PHI professionally, put a BAA in place before sharing it with any vendor — including us.