Privacy, HIPAA and PHIPA — Our Commitment to You

Privacy, HIPAA & PHIPA — Our Commitment to You

Claire, operated by Claire dba Fawkes Biodata Inc.  •  Effective May 29, 2026  •  privacy@clairemed.ai

Claire provides software that helps independent physicians and their practices work with patient health information. We understand this is among the most sensitive information that exists, and that your patients have trusted you with it. This page explains, in plain language, how we protect that information and how we meet our obligations under the U.S. Health Insurance Portability and Accountability Act (HIPAA) and Ontario’s Personal Health Information Protection Act (PHIPA).

Your data stays yours

You remain in control of your patients’ health information at all times. Claire acts only as your service provider — a Business Associate under HIPAA and an agent/service provider of the health information custodian under PHIPA. We access and use protected health information (PHI) solely to deliver the services you have asked us to provide, strictly on your instructions. We never sell PHI, use it for advertising, or use it for our own purposes.

HIPAA (United States)

  • Business Associate Agreement: We sign a BAA with every practice before handling PHI, defining our responsibilities and limits.

  • Safeguards: We maintain the administrative, physical, and technical safeguards required by the HIPAA Security Rule.

  • Minimum necessary: We limit access to and use of PHI to the minimum necessary to perform our services.

  • Breach notification: If a breach affecting your PHI occurs, we notify you without unreasonable delay and no later than 60 days, and support your reporting obligations.

PHIPA (Ontario, Canada)

  • Acting for the custodian: As an agent of the health information custodian (you), we collect, use, and disclose personal health information only as you permit and as PHIPA allows.

  • No secondary use: We do not use personal health information except to provide our services to you, and we return or securely dispose of it as instructed.

  • Patient rights: We help you respond to your patients’ requests to access or correct their records, and to any privacy inquiries or complaints.

  • Breach handling: We notify you at the first reasonable opportunity of any unauthorized access, loss, or disclosure so you can meet your PHIPA duties.

How we protect your information

  • Encryption: PHI is encrypted in transit (TLS) and at rest using industry-standard, validated encryption.

  • Access controls: Access follows least-privilege principles, requires multi-factor authentication, and is reviewed regularly.

  • Audit logging: All access to PHI is logged and monitored; logs are retained per regulatory requirements.

  • Trusted infrastructure: Claire runs on Google Cloud Platform under a signed Business Associate Agreement, with data minimization and de-identification applied where possible. Data residency options are available on request.

  • Vendor oversight: Any third party that handles PHI on our behalf is bound by a BAA or equivalent agreement and is reviewed for security.

Questions or concerns

We are happy to provide our Business Associate Agreement, security overview, or full Privacy Policy on request. To reach our privacy team, contact privacy@clairemed.ai.

This summary is provided for transparency and does not replace the Business Associate Agreement, Data Processing terms, or full Privacy Policy between Claire and your practice, which govern in the event of any conflict.

 

Contact us