Questions About Compliance
Do you offer a Business Associate Agreement?
Here is our Business Associate Agreement (BAA) which becomes effective on the date you sign-up.
What are your Terms of Service?
Here are our Terms of Service which become effective on the date you sign-up.
What is your Privacy Policy?
Here is our Privacy Policy.
How can I learn more about your HIPAA compliance?
Here is our compliance document.
Do you sell my data?
We do not sell your data to any 3rd parties. After you cancel your account, your data will be destroyed within 60 days.
I know Stripe is not HIPAA compliant on it's own. Has Sessions Health made this integration HIPAA compliant? Or is there a way to integrate another card system into Sessions?
HHS provides this as one of a handful of exclusions to the HIPAA Privacy Rule:
When a financial institution processes consumer-conducted financial transactions by debit, credit, or other payment card, clears checks, initiates or processes electronic funds transfers, or conducts any other activity that directly facilitates or effects the transfer of funds for payment for health care or health plan premiums. When it conducts these activities, the financial institution is providing its normal banking or other financial transaction services to its customers; it is not performing a function or activity for, or on behalf of, the covered entity.
Sessions Health limits the activity with Stripe strictly to payment processing to remain HIPAA compliant. Sessions Health does not use other functions of Stripe such as invoicing that would require other information, such as email, phone, addresses, etc., to be shared with Stripe. Only the minimal needed data required and allowed by HHS to process payments and transactions are used with Stripe.
Is Sessions Health ADA (Americans With Disabilities Act) Compliant?
Sessions Health values being inclusive and making our product a welcoming one for everyone. As a result, we aim to make our product accessible to those with disabilities. We have processes and testing that we undergo to help make our product accessible.
How we accomplish our accessibility goals
We follow standards for web accessibility, with a focus on public-facing areas, and strive to ensure we’re in compliance with all laws and guidelines.
- The Web Content Accessibility Guidelines (WCAG) 2.1 Level AA are recognized and acknowledged as the international standard measure of success. We test our site to ensure we meet or exceed that standard. ADA rules use these guidelines to determine accessibility compliance. By following these guidelines we stay compliant with both whether they apply to us or not.
- Our team collaborates with stakeholders to identify areas that need improvement.
- Accessibility is a process that we are always refining.
I use a specific type of assistive device. Do you support it?
While we hope that our site works with as many assistive devices as possible, it isn't possible for us to guarantee that our site works in a particular way with every assistive device out there. We use WCAG 2.1 AA standards as guidelines. If assistive devices and web browsers also follow these guidelines, they should work with our site. However, not every vendor interprets the guidelines the same way. We test our site in the latest major browsers that know how to render assistive code for assistive devices. We also use a subset of screen readers to test our software, though we can't guarantee that our web site works with your specific screen reader vendor or version.