Inciteful Med is built for individual patients (and their caregivers and advocates) using their own data. Today, we don't sign Business Associate Agreements (BAAs) with provider organizations or position the product as a HIPAA-covered tool for clinicians using identified patient data on behalf of their patients.

What that means in practice

If you're a clinician:

Using Inciteful Med to research generally (no patient identifiers, no PHI) - perfectly fine. This is how most clinicians use it today.
Pointing a patient to Inciteful Med so they can use it themselves - perfectly fine and recommended. The patient's own use is governed by our standard privacy practices.
Uploading identified PHI for patients you're treating - not the supported pattern today.

For more on what does work today, see For clinicians: using Inciteful Med in a visit.

What's our HIPAA stance for individual patients?

For individual patients using Inciteful Med to research their own health, see Is Inciteful Med HIPAA compliant?. The short version: we operate to HIPAA-grade security standards (encryption, access controls, audit logging), but the strict legal definition of "HIPAA-covered" applies primarily to provider organizations and their business associates.

Want to bring Inciteful Med into your practice formally?

We talk with provider organizations interested in deploying Inciteful Med for their patient communities - see Becoming a partner. If your interest is specifically around using identified PHI inside your practice, contact us and we can talk about what's on our roadmap and what would have to be true for it to fit your needs.