Hearth is not a HIPAA covered entity. It does not collect, store, or transmit Protected Health Information. The tool is specifically designed to avoid all 18 HIPAA Safe Harbor identifiers. Users are instructed not to enter names, dates of birth, addresses, record numbers, or insurance IDs. No data is retained after the session ends.
The optional FHIR R4 integration connects to a FHIR-compatible endpoint to pre-fill medical fields in the current session. Data fetched via FHIR is never stored, logged, or transmitted beyond the browser session. The integration uses the HAPI FHIR R4 sandbox for demonstration purposes.
Hearth falls within the FDA's published enforcement discretion category for software that helps patients and caregivers organize and record health information. It does not diagnose, treat, or interpret medical information. The AI organizes and formats only what the caregiver provides.
Hearth does not operate as a vendor of personal health records under the FTC Health Breach Notification Rule. Nothing is stored, so there is nothing to breach. This tool complies with the FTC Act's prohibition on deceptive practices.
Hearth uses the Anthropic Claude API to organize and summarize what caregivers share. The AI does not add information, give medical advice, or make clinical judgments. Input is not used to train any model. AI output should always be reviewed before sharing.
No names. No personal identifiers. No stored sessions. No analytics that capture form content. No advertising. No data sharing. When your session ends, everything is gone. We cannot retrieve it because we never saved it.