Compliance
HIPAA Compliance
Last updated: May 2026
Encrypted at Rest
AES-256 encryption for all stored documents and health data.
Encrypted in Transit
TLS 1.3 for all data in motion between your browser and our servers.
Access Controls
Role-based access controls and multi-factor authentication options.
Our Commitment
Jengu Health is committed to protecting the privacy and security of health information as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Protected Health Information (PHI)
Medical bills, insurance explanations of benefits, VA medical records, and other documents you upload to Jengu Health may contain PHI. We treat all uploaded documents as PHI and apply the full suite of HIPAA technical, physical, and administrative safeguards.
Technical Safeguards
All PHI is encrypted at rest using AES-256 and in transit using TLS 1.3. We enforce access controls so only authenticated users can access their own data. We maintain audit logs of all access to PHI. Our infrastructure uses automatic idle timeout and session management controls.
Administrative Safeguards
We maintain a written HIPAA compliance policy, conduct regular risk assessments, and train team members on PHI handling procedures. We designate a Privacy Officer responsible for HIPAA compliance.
Business Associate Agreements
We have Business Associate Agreements (BAAs) in place with all third-party vendors that may process PHI on our behalf, including cloud infrastructure providers and AI model providers.
Minimum Necessary Standard
We apply the Minimum Necessary standard, meaning we only collect, use, and share PHI to the extent required to provide our services. We do not use your health information for marketing, advertising, or AI model training without your explicit written consent.
Breach Notification
In the event of a breach of unsecured PHI, we will notify affected users within 60 days of discovery, consistent with HIPAA's Breach Notification Rule. We will also notify the Secretary of the U.S. Department of Health and Human Services as required.
Your HIPAA Rights
You have the right to request access to your PHI, request corrections, request restrictions on use, receive an accounting of disclosures, and file a complaint. Contact privacy@jengu.health to exercise any of these rights.
Filing a Complaint
If you believe your privacy rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr. We will not retaliate against you for filing a complaint.