Our commitment
HIPAA Pulse is published by a security and privacy company. That means our standard for handling visitor information should be higher than the standard we recommend to our customers. We do not track you across the internet for advertising auctions. We do not sell or rent personal information. We collect what we need to operate the publication, we tell you exactly what we use it for, and we retain it only as long as we need to. What follows is the formal policy.
Patient Protect LLC (“Patient Protect,” “we,” “us”) operates HIPAA Pulse to publish editorial coverage of healthcare cybersecurity, OCR enforcement, and HIPAA regulation. This Privacy Policy describes the information we collect through hipaapulse.com, how we use it, and your choices.
1. Information We Collect
1.1 Information you provide
HIPAA Pulse does not run its own newsletter list, contact forms, or account system. Visitors interact with the publication primarily by reading. The information you may voluntarily provide includes:
- Email correspondence: When you email editor@hipaapulse.com for editorial inquiries, story tips, corrections, or embed licensing, we receive the email content, your email address, and any information you choose to include.
- Newsletter subscriptions: The HIPAA Pulse briefing is operated by Patient Protect LLC at patient-protect.com. If you subscribe, your email address is collected and processed under the Patient Protect Privacy Policy, not this one.
1.2 Information collected automatically
When you visit hipaapulse.com, we automatically collect:
- Browser type and version
- Device type and operating system
- IP address (used for abuse prevention and approximate geographic routing)
- Pages viewed, time on page, and navigation path
- Referring URL
- Approximate geographic location (country level)
We use this information for security monitoring, content analytics, and to detect and block scraping or abusive automated access.
1.3 Information we do not collect
HIPAA Pulse does not collect sensitive personal information categories including precise geolocation, biometric data, health information, genetic data, or financial account numbers. No Protected Health Information (PHI) is collected, processed, or stored on hipaapulse.com.
2. How We Use Your Information
We use collected information to:
- Respond to editorial correspondence, story tips, and corrections
- Process embed-license inquiries
- Analyze publication traffic and improve coverage
- Detect and prevent scraping, automated abuse, and unauthorized access
- Comply with legal obligations
We do not sell personal information for monetary consideration. We do not run cross-site advertising on this publication. We do not share visitor information with advertisers.
3. Third-Party Service Providers
We use the following third-party services to operate HIPAA Pulse. Each processes data only as necessary to provide its service:
- Netlify: Website hosting and serverless edge functions. Netlify Privacy Policy.
- Google Analytics 4:Aggregate publication traffic analysis. May be added in the future; not currently enabled. If added, governed by Google’s privacy policy and disclosed via this page.
- Supabase: Backend data store for the breach intelligence tracker. Supabase Privacy Policy. The data we read from Supabase is the multi-source breach intelligence database; no visitor data is written there.
- Anthropic:AI editorial assistance for aggregator briefs is processed through Anthropic’s commercial API under terms that prohibit use of inputs for model training. No visitor data is sent to Anthropic. Anthropic Privacy Policy.
All data is processed in the United States.
4. Cookies
HIPAA Pulse uses minimal cookies. No tracking, advertising, or cross-site cookies are set by this publication. The cookies we may set are:
- Essential cookies: Required for site functionality (session continuity, security headers). These cannot be disabled without breaking the site.
We do not use third-party advertising cookies on hipaapulse.com. If we add analytics cookies in the future, this section will be updated and a consent notice will be presented.
5. Data Retention
- Email correspondence: Retained for up to 24 months for editorial workflow and follow-up, then deleted.
- Server logs: Retained for up to 90 days for security monitoring and abuse prevention.
- Newsletter subscriptions: Operated by Patient Protect; retention governed by the Patient Protect Privacy Policy.
6. Your Rights and Choices
- Opt out of newsletter:Click “Unsubscribe” in any briefing email, or email info@patient-protect.com.
- Global Privacy Control: We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of sale and sharing of personal information for residents of states where such signals are legally recognized.
- Request data deletion or export:HIPAA Pulse is published by Patient Protect LLC, and formal data subject requests are processed through Patient Protect’s registered request channel. See the formal process in the Patient Protect Privacy Policy. For HIPAA Pulse-specific editorial questions (e.g., a tip you sent to the editor), email editor@hipaapulse.com.
State privacy rights
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of sharing for cross-context behavioral advertising. Residents of other US states with comprehensive privacy laws — including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, and Oregon — may have similar rights to access, correct, delete, and port their personal information, and to opt out of certain processing. To exercise these rights, follow the process documented in the Patient Protect Privacy Policy.
EU/UK visitors
HIPAA Pulse is intended for readers in the United States. If you access the publication from the European Union or United Kingdom, you do so on your own initiative. We do not target the publication to EU/UK residents and do not maintain GDPR-specific consent infrastructure. Server logs containing IP addresses are retained as described in Section 5.
7. Children’s Privacy
HIPAA Pulse is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe we have inadvertently collected information from a child, email editor@hipaapulse.com and we will delete it. Formal regulatory inquiries should be directed through the process documented in the Patient Protect Privacy Policy.
8. Security
We use commercially reasonable security measures to protect the information we collect, including TLS encryption in transit, encrypted storage, and access controls. No system is perfectly secure. In the event of a security incident affecting personal information, we will notify affected individuals and regulators as required by applicable law.
9. International Data Transfers
Data is processed and stored in the United States. If you access this website from outside the United States, you consent to the transfer of your information to the United States, which may have data protection laws different from your jurisdiction.
10. Changes
We may update this Privacy Policy at any time. The “Last revised” date reflects the most recent version. Material changes will be highlighted at the top of the publication for at least 14 days.
11. Contact
Editorial-related privacy questions or HIPAA Pulse-specific issues: editor@hipaapulse.com.
Formal data requests, designated Privacy Officer contact, and corporate notice procedure: HIPAA Pulse is published by Patient Protect LLC. The formal request process and registered Privacy Officer are documented in the Patient Protect Privacy Policy.