HIPAA Security Detail & Trust Controls (Full Version)
Built for scale. Honest about beta.
CareHub uses a privacy-first beta architecture today and is building HIPAA-ready infrastructure for production. This page separates live controls from roadmap controls so patients, families, partners, and clinicians can evaluate trust on facts rather than marketing.
Data Scope
Minimal beta collection by design
Transport Security
HTTPS and hardened authentication
Continuity
Daily backups and multi-path recovery
User Rights
Access, correction, deletion, portability
Production Path
HIPAA-ready controls staged for launch
Executive Summary
CareHub is taking a phased approach to security and privacy. The beta platform is deliberately scoped to avoid broad health-data capture, while the production architecture is being shaped to support stronger HIPAA-aligned controls when those workflows are activated.
Reality Check
- Current state: privacy-first beta architecture with active authentication, encrypted transport, invite controls, and backup discipline.
- Not current state: this page does not pretend that every production-grade control is already fully enforced everywhere.
- Guiding principle: collect the minimum necessary data, limit unnecessary exposure, and be explicit about what is live versus what is still being hardened.
Why This Matters
Trust is earned by clear scope, not inflated claims. This page is intended to reduce fear around privacy and data loss by explaining the current implementation plainly, including how continuity and recovery are handled today.
CareHub does not provide diagnosis or treatment. The platform is intended for information, coordination, research translation, and community support, with sensitive health-data workflows staged for more rigorous production controls.
What We Collect, and What We Deliberately Avoid
The beta system is intentionally narrow. Users may provide account details, authentication data, selected profile information, and optional entries they choose to record while using CareHub services.
Current Data Categories
- Account and login data: email-based authentication, verification flows, and associated security metadata.
- Optional user-provided content: profile, wellness, or support entries that users voluntarily submit inside the product.
- Operational analytics: pseudonymous usage signals used to improve reliability, debug issues, and understand product behavior.
Deliberate Exclusions
- No Social Security numbers or driver's-license style identity documents in the beta scope.
- No payment-card processing inside the current public beta posture.
- No broad PHI intake by default: the product strategy is to avoid wide health-data capture until production-grade controls are fully activated.
Current Security Measures
CareHub's current security posture is built around authentication discipline, encrypted transport, scoped access, and operational hygiene rather than broad claims of finished compliance.
- Authentication stack: Supabase-backed auth flows with email verification and hashed password handling.
- Encrypted transit: HTTPS and SSL protect data moving between users, services, and infrastructure.
- Session protection: secure session token handling with expiry and revocation logic being progressively tightened.
- Registration controls: invite-oriented access and validation measures reduce unnecessary exposure during beta.
- Secret management: operational credentials are kept out of source content and managed through environment configuration.
- Audit visibility: application logging and access-trace infrastructure exist today, with broader enforcement still being hardened.
Security Philosophy
The goal is to narrow risk before scaling surface area. CareHub would rather phase features responsibly than claim a larger compliance perimeter than the implementation currently supports.
Data Continuity, Backup, and Recovery
Data-loss fear is reasonable, so continuity has to be concrete. CareHub's published continuity posture relies on redundancy, documented restoration paths, and a clear distinction between live-system deletion and backup rotation.
Current Continuity Safeguards
- Daily automated backups: scheduled backup activity is documented at 3 AM.
- Multi-platform redundancy: recovery pathways span Google Sheets, Supabase PostgreSQL, Google Drive, and local CLI archives.
- Multiple restoration options: recovery is not dependent on a single store or a single sync path.
- Documented retention boundaries: backup copies may persist temporarily before normal overwrite cycles complete.
Deletion and Backup Rotation
Verified deletion requests are intended to be completed within 30 days unless data must be retained for legal, fraud-prevention, or security reasons. Removal from live systems and removal from rotating backups do not necessarily happen at the same instant; older backup copies age out through the normal overwrite schedule.
What This Means in Practice
If a system issue occurs, CareHub is not relying on a single database snapshot and hoping for the best. The continuity model is built around redundant stores and documented recovery paths specifically to reduce the chance of permanent loss.
Privacy Rights, Retention, and User Control
CareHub's privacy posture is grounded in user control, limited retention, and transparency about what rights exist before the system expands into more sensitive workflows.
- Access and correction: users can request access to their data and correction of inaccurate records.
- Deletion: verified requests are intended to be completed within 30 days, subject to legal and fraud-prevention exceptions.
- Portability and transparency: GDPR and CCPA-style control principles inform the current policy posture.
- Consent management: future sensitive features are expected to rely on clearer role, consent, and disclosure boundaries rather than implied participation.
Policy Layer
This page is the operational trust summary. For the policy-language baseline, refer to the linked Privacy Policy, which remains the formal statement of collection, use, and rights.
HIPAA Strategy and Production Controls
HIPAA readiness should be framed as a production activation path, not a blanket claim over the beta environment. The architecture direction is serious, but the roadmap items below are intentionally described as staged controls.
Controls Intended for Production Health-Data Workflows
- Business Associate Agreements: vendor BAA templates are part of the production plan and are expected to be executed when covered workflows go live.
- Expanded audit and breach response: comprehensive audit logging, incident handling, and notification procedures are part of the intended production perimeter.
- Role accountability: privacy and security officer responsibilities are defined for launch-stage governance rather than claimed as fully operational today.
- Workforce controls: training, access discipline, and procedural compliance are expected to tighten alongside any PHI activation.
Plain-English Position
CareHub is building toward HIPAA-ready production controls, but this page avoids presenting roadmap items as if they are already universally enforced in beta. That distinction matters.
AI Governance and Sensitive Features
AI is being used to accelerate research compression, drafting, and support workflows, but CareHub's position is that strategic judgment and privacy-sensitive decisions remain human responsibilities.
- Current use: language models can help compress research, support drafting, and improve coordination workflows.
- Human review: important trust, policy, and product decisions are not delegated to unsupervised AI outputs.
- No diagnosis claim: AI surfaces are not positioned as medical diagnosis or treatment engines.
- Future-sensitive features: voice cloning, legacy preservation, or blockchain-linked systems would require explicit consent, stronger governance, and separate security review before deployment.
If Blockchain or Zero-Knowledge Features Are Pursued
The public position is that sensitive data would remain off-chain, with privacy-preserving proofs used only if they improve trust without exposing protected information.
Ask Rupert Disclosures
I'm Rupert, Daddy's goldendoodle, and I answer with help from Google Gemini™. I do my best, but I can still get things wrong, so please double-check anything important.
How I answer
- Interface: Ask Rupert is delivered from the Next.js application layer at /ask-rupert.
- Model: the current API route is configured to call gemini-2.5-flash.
- Processing: CareHub brokers the request through its API layer before any model response is returned.
When to get human help
You can ask me about anything at all, not just medical stuff. But if something is urgent, dangerous, or needs clinical judgement, please speak to a qualified professional or emergency services right away.
When I can save what you tell me
Until you sign in, I can't record your input in CareHub's database for auditing, follow-up, and shared understanding. Chats are processed by Google Gemini and are subject to Google's Privacy Policy. CareHub's own policy layer is at Privacy Policy.
Cookies
You'll Love These Cookies!
And We Want You to Know Why...
Unlike the 30-page legal mazes you'll find elsewhere, we're upfront: we use cookies to enhance your experience and keep things secure.
Essential Cookies
- Required for security
- Always On
Analytics Cookies
Help us improve the app.
Consent Actions
- Accept All - Accept All enables both essential and analytics cookies.
- Decline Non-Essential
- Customize
- Save Preferences
- Learn More in Our Privacy Policy
Known Gaps and Immediate Actions
Trust improves when gaps are named. Several controls still need hardening before any production-scale protected health-data workflow would be acceptable.
- JWT hygiene: fallback secret behavior and related token hardening need to be fully removed before sensitive production use.
- MFA and lockout enforcement: these controls need stronger boundary enforcement before health-data launch.
- Row-Level Security: RLS rollout is not yet the final production posture across every sensitive table.
- Invite validation and Google Sheets integration: these flows are being hardened and should be described as in progress, not fully solved.
- Lookup and verification efficiency: some verification endpoints still need more rigorous indexed or production-grade query patterns.
Why Publish The Gaps
Because a beta product can tolerate staged hardening, but a PHI-bearing production product cannot. The purpose of this page is to keep those categories separate.
Contact, Governance, and Updates
Questions about privacy, trust, or platform posture can be directed to research.carehub@gmail.com. Material changes to controls, scope, or production rollout posture should be reflected in this page and in the linked policy documents.
- Primary principle: minimum necessary data, explicit scope, and honest staging.
- Operational companion pages: see the linked Privacy Policy, Privacy and Trust, and Security Trust Brief documents for supporting detail.
- Current posture: this page is intended to reflect both the live beta implementation and the production control trajectory without blending the two.