The AI Addiction Center – HIPAA Compliance Statement

The AI Addiction Center
Effective Date: August 3, 2025
Last Updated: August 3, 2025

HIPAA Applicability and Our Commitment

Our HIPAA Status

The AI Addiction Center is not a HIPAA-covered entity under the Health Insurance Portability and Accountability Act of 1996. This is because we:

  • Do not provide direct medical treatment or healthcare services
  • Do not maintain medical records or protected health information (PHI) as defined by HIPAA
  • Do not conduct healthcare transactions electronically in the manner covered by HIPAA regulations
  • Are not a health plan, healthcare clearinghouse, or healthcare provider as defined under HIPAA

What This Means for You

As an educational and assessment platform focused on AI dependency awareness, we operate outside the scope of HIPAA’s requirements. However, we recognize the sensitive nature of the information we collect and have voluntarily implemented HIPAA-inspired privacy practices to protect your data.

Our Voluntary Privacy Protections

Despite not being legally required to comply with HIPAA, we have adopted many of the same privacy and security practices to ensure your information is protected:

Data Protection Standards

Information Security

  • All data transmission uses SSL/TLS encryption
  • Assessment responses are stored on secure, encrypted servers
  • Access to personal information is limited to authorized personnel only
  • Regular security monitoring and vulnerability assessments

Privacy Practices

  • Minimum necessary access principles for staff
  • Regular privacy training for all personnel
  • Incident response procedures for potential data breaches
  • Clear policies governing data use and disclosure

Data Handling

  • Personal information is never sold or shared for marketing purposes
  • Assessment data is used only for providing personalized recommendations
  • Aggregated, anonymized data may be used for research purposes
  • Individual responses are kept confidential

Types of Information We Collect

Assessment Data

  • Responses to our AI dependency evaluation questionnaires
  • Personalized recommendations based on your results
  • Usage patterns and engagement with our resources

This information is educational in nature and not considered Protected Health Information (PHI) under HIPAA.

Personal Information

  • Contact information (name, email, phone number)
  • Communication records and support requests
  • Payment information (processed securely through Stripe)
  • Website usage analytics (through Google Analytics)

Information We Do NOT Collect

  • Medical diagnoses or treatment information
  • Prescription medication details
  • Medical history or clinical records
  • Insurance or billing information for healthcare services

How We Protect Your Information

Administrative Safeguards

Privacy Officer

  • Designated privacy officer responsible for data protection policies
  • Regular review and updates of privacy procedures
  • Staff training on privacy and security best practices

Access Management

  • Role-based access controls for all systems
  • Regular access reviews and user account management
  • Secure authentication procedures for staff

Incident Response

  • Documented procedures for responding to potential data breaches
  • Immediate notification protocols if a security incident occurs
  • Corrective action plans to prevent future incidents

Physical Safeguards

Facility Security

  • Restricted access to areas containing personal information
  • Secure disposal of physical documents containing personal data
  • Environmental controls to protect electronic equipment

Device Controls

  • Secure handling of devices that access personal information
  • Encryption requirements for portable devices
  • Remote wipe capabilities for lost or stolen devices

Technical Safeguards

Data Encryption

  • All personal information encrypted in transit and at rest
  • Strong encryption standards (AES-256) for stored data
  • Secure key management procedures

Access Controls

  • Unique user identification and authentication
  • Automatic logoff procedures for inactive sessions
  • Audit logs tracking all access to personal information

Network Security

  • Firewalls and intrusion detection systems
  • Regular security updates and patch management
  • Network segregation to isolate sensitive data

Third-Party Services and Business Associates

Service Providers We Use

While we are not required to have HIPAA Business Associate Agreements, we carefully vet all third-party services:

JotForm (Assessment Platform)

  • Processes assessment responses securely
  • Data encrypted in transit and at rest
  • Regular security audits and compliance certifications

Stripe (Payment Processing)

  • PCI DSS compliant payment processing
  • No storage of credit card information on our servers
  • Industry-standard fraud detection and prevention

Google Analytics (Website Analytics)

  • IP address anonymization enabled
  • Data retention limits configured
  • No personally identifiable information collected

Email Service Providers

  • Secure transmission of communications
  • Data encryption and access controls
  • Regular security monitoring and updates

Our Requirements for Vendors

All service providers must:

  • Implement appropriate security measures for data protection
  • Limit use of data to specified purposes only
  • Provide breach notification within required timeframes
  • Allow us to audit their security practices when necessary

Your Rights and Choices

Even though HIPAA doesn’t apply to us, we provide you with similar rights:

Access Rights

  • View Your Data: Request access to personal information we maintain
  • Data Portability: Receive a copy of your assessment results and data
  • Correction: Request correction of inaccurate information

Control Rights

  • Deletion: Request removal of your personal information
  • Opt-Out: Unsubscribe from marketing communications
  • Data Use Limitations: Request restrictions on how we use your information

How to Exercise Your Rights

Contact us at help@amiaddictedtoai.com or +1 (914) 893-2821 to:

  • Request access to your information
  • Update or correct your data
  • Delete your account and associated data
  • Ask questions about our privacy practices

Data Breach Response

Our Commitment

If a data breach occurs involving your personal information, we will:

  • Immediate Response: Contain the breach and assess the scope
  • Investigation: Determine what information was involved
  • Notification: Inform affected individuals within 72 hours when possible
  • Remediation: Take steps to prevent similar incidents
  • Support: Provide assistance and resources to affected individuals

What We’ll Tell You

Breach notifications will include:

  • Description of what happened
  • Types of information involved
  • Steps we’re taking to address the breach
  • Recommended actions you can take
  • Contact information for questions

Compliance Monitoring and Auditing

Regular Reviews

We conduct annual reviews of:

  • Privacy and security policies and procedures
  • Access controls and user permissions
  • Technical safeguards and system security
  • Staff training and awareness programs
  • Vendor compliance and security practices

Continuous Improvement

We regularly update our practices based on:

  • Changes in technology and security threats
  • Feedback from users and security assessments
  • Industry best practices and standards
  • Regulatory guidance and recommendations

Comparison with HIPAA Requirements

How We Exceed Standard Website Privacy

While most websites only provide basic privacy policies, we implement healthcare-grade protections:

Standard Website Privacy

  • Basic SSL encryption
  • Generic privacy policy
  • Limited user rights
  • Basic security measures

Our Healthcare-Inspired Approach

  • Advanced encryption and security controls
  • Comprehensive privacy protections
  • Enhanced user rights and access
  • Regular security audits and monitoring
  • Staff privacy training
  • Incident response procedures

Contact Information

Privacy Questions and Requests

Privacy Officer
The AI Addiction Center
175 Commerce Dr
Hauppauge, NY 11788

Email: help@amiaddictedtoai.com
Phone: +1 (914) 893-2821
Website: https://theaiaddictioncenter.com

Business Hours

Monday – Friday: 9:00 AM – 5:00 PM EST
Emergency data breach notifications: Available 24/7

Updates to This Statement

We may update this HIPAA Compliance Statement periodically to reflect:

  • Changes in our services or business practices
  • Updates to privacy regulations or industry standards
  • Improvements to our security measures
  • Feedback from users and privacy assessments

We will notify you of material changes via:

  • Email notification to registered users
  • Prominent notice on our website
  • Updated effective date on this document

Additional Resources

For More Information About HIPAA

  • HHS Office for Civil Rights: https://www.hhs.gov/hipaa
  • HIPAA Privacy Rule: https://www.hhs.gov/hipaa/for-professionals/privacy
  • Your Rights Under HIPAA: https://www.hhs.gov/hipaa/for-individuals

    This statement demonstrates our commitment to protecting your privacy using healthcare-grade security measures, even though we are not legally required to comply with HIPAA. Your trust is important to us, and we strive to exceed industry standards for data protection.