[astura]

Then they need to provide additional information as to why they are considered a "covered entity" under HIPAA, because it is NOT obvious from their website why HIPPA would apply and the answer I was replying to appeared to be very mealy-mouthed based on the information given.

If they have additional information they'd like to share, I'd very much like to hear it.

[david_l_lin]

HIPAA applies to any circumstance around handling PHI. We handle your self-reported survey data, and microbiome data as PHI. We do NOT have to be a "covered entity" to apply HIPAA compliant protocols to our data handling. It's an additional security measure we take in handling your PHI.

[astura]

>HIPAA applies to any circumstance around handling PHI.

HIPAA does not apply at all as you are not a covered entity under HIPAA, stop lying.

>We do NOT have to be a "covered entity" to apply HIPAA compliant protocols to our data handling

Yeah, but that's just your current choice. You (more or less) claimed you were obligated to abide by HIPAA, but that's a lie, you are not.

I know you though nobody would call you out on this, but I am, because I understand the law. Please be upfront when asked, and stop lying.