HIPAA notice

Last updated: 2026-04-30

Apellica handles Protected Health Information (PHI) when you upload denial letters, plan documents, or clinical records to support your appeal. We treat all such information under HIPAA standards regardless of whether we are formally a Covered Entity for your case.

Safeguards

Our security program is being built in stages. We publish what is live today and what is in progress at /security. In summary:

• Live today: TLS 1.2+ in transit, access on a need-to-know basis, BAAs available on request, authorization-based handling (45 CFR § 164.508).
• In progress before first paid case: AES-256 at rest with vendor BAAs, audit logging of PHI access, annual HIPAA training, breach-response procedures.

Your rights

You have the right to request access to, correction of, and deletion of your PHI subject to legal retention obligations. Email privacy@apellica.com to exercise any of these rights.