Back to Home

Privacy Policy, HIPAA Notice & Terms of Service

Effective Date: June 17, 2025

Last Updated: June 17, 2025

Owner/Operator: VA CLAIM BUDDY, LLC (doing business as VA Claim Buddy)

IMPORTANT LEGAL DISCLAIMERS

BY USING THIS SERVICE, YOU ACKNOWLEDGE AND AGREE TO THE FOLLOWING:

  • EDUCATIONAL PURPOSES ONLY: This service is for informational and educational purposes only and does not constitute legal, medical, or professional advice.
  • NO PROFESSIONAL RELATIONSHIP: Use of this service does not create any attorney-client, doctor-patient, or professional service relationship.
  • NO GUARANTEES: We make no warranties or guarantees regarding VA claim outcomes, disability ratings, benefit approvals, or accuracy of AI analysis.
  • USER RESPONSIBILITY: You are solely responsible for verifying all information and consulting with qualified professionals before making any legal or medical decisions.

HIPAA Compliance Notice

VA Claim Buddy is HIPAA compliant and committed to protecting your Protected Health Information (PHI). This privacy policy explains how we collect, use, protect, and disclose your medical information when you use our AI-powered medical record analysis service.

1. Acceptance of Terms and Liability Limitations

By accessing or using VA Claim Buddy services, you agree to be bound by these terms and acknowledge the following limitations:

LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

  • VA CLAIM BUDDY, LLC (doing business as VA Claim Buddy), and its service providers SHALL NOT BE LIABLE for any direct, indirect, incidental, consequential, special, or punitive damages arising from your use of this service
  • Our total liability to you for any claims shall not exceed the amount you paid for our services in the 12 months preceding the claim
  • We disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement
  • You use this service entirely at your own risk

INDEMNIFICATION

You agree to indemnify, defend, and hold harmless VA CLAIM BUDDY, LLC (doing business as VA Claim Buddy), and our service providers from any claims, damages, losses, or expenses (including attorney fees) arising from:

  • Your use of our service
  • Your violation of these terms
  • Your violation of any third party rights
  • Any decisions you make based on information from our service

2. Service Description and Disclaimers

What Our Service Does

VA Claim Buddy provides AI-powered analysis of medical records to help identify potential medical conditions for informational purposes only.

SERVICE DISCLAIMERS

  • NOT MEDICAL OR LEGAL ADVICE: Our service does not provide medical diagnoses, treatment recommendations, medical advice, or legal advice regarding VA claims
  • NOT VA AFFILIATED: We are not affiliated with the Department of Veterans Affairs and do not represent the VA's position
  • AI LIMITATIONS: AI analysis may contain errors, omissions, or inaccuracies and does not guarantee claim success
  • CONSULT PROFESSIONALS: Always consult qualified medical and legal professionals for advice regarding your specific situation

3. Information We Collect and HIPAA Compliance

Protected Health Information (PHI)

When you upload medical records to our service, we temporarily process:

  • Medical diagnoses and conditions
  • Treatment histories and medical procedures
  • Healthcare provider information
  • Dates of medical services
  • Any other health information contained in your uploaded documents

Technical Information

  • File names and upload timestamps
  • Processing session information
  • System usage logs (anonymized)
  • Error logs and system performance data

IMPORTANT: USER RESPONSIBILITY FOR PHI

You are solely responsible for:

  • Ensuring you have the legal right to upload and process the medical records you submit
  • Obtaining any necessary consents or authorizations
  • Complying with all applicable privacy laws in your jurisdiction
  • Verifying the accuracy and completeness of uploaded information

4. How We Use Your Information

Primary Use - Medical Record Analysis

We use your PHI solely for the purpose of:

  • Analyzing your medical records using AI technology
  • Identifying potential medical conditions for informational purposes
  • Generating informational summaries and reports
  • Providing you with organized information for your review

LIMITATIONS ON USE

We explicitly DO NOT:

  • Make medical diagnoses or provide medical opinions
  • Provide legal advice or representation
  • Act as your agent or representative in any capacity
  • Make any warranties about the suitability of our analysis for your purposes

5. HIPAA Business Associate Relationship

Google Cloud Platform HIPAA Compliance

VA Claim Buddy uses Google Cloud Platform's Vertex AI service for AI processing. We have executed a HIPAA Business Associate Agreement (BAA) with Google Cloud Platform.

Key Protections:

  • Google acts as our Business Associate under HIPAA
  • Google is bound by HIPAA protections and safeguards
  • Your PHI is processed using HIPAA-compliant infrastructure only
  • Google maintains appropriate technical and administrative safeguards
  • All processing is logged and auditable

Data Processing Limitations:

  • Your data is NOT used to train or improve AI models
  • No permanent storage of PHI in cloud systems
  • Automatic deletion of processing data upon completion
  • No human review of your PHI except for technical troubleshooting when authorized

6. Information Security and Data Protection

Technical Safeguards

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Secure Processing: Google Cloud's HIPAA-compliant infrastructure
  • Access Controls: Restricted access with multi-factor authentication
  • Audit Logging: Comprehensive logging of all system access and activities
  • Network Security: Firewall protection and intrusion detection

Administrative Safeguards

  • HIPAA Training: Ongoing compliance training and updates
  • Business Associate Agreements: All service providers bound by HIPAA BAAs
  • Incident Response: Documented procedures for security incidents
  • Risk Assessments: Regular security and privacy assessments
  • Policy Updates: Regular review and update of security policies

SECURITY LIMITATIONS AND USER RESPONSIBILITY

While we implement industry-standard security measures, you acknowledge that:

  • No system is 100% secure and data breaches can occur despite our best efforts
  • You are responsible for maintaining the security of your own devices and networks
  • You should not upload PHI if you are not comfortable with the inherent risks of internet transmission

7. Data Retention and Automatic Deletion

Automatic Data Deletion Policy

  • Raw Medical Records: All uploaded raw PDF files are immediately deleted from our systems upon report generation (Data Minimization).
  • Final Reports: Your generated analysis report is securely encrypted and retained for 1 year to allow for re-download. You may manually delete this at any time.
  • System Logs: Technical logs are retained for security purposes but contain no PHI.

Your Data Control

You maintain complete control over your information:

  • You can request immediate deletion of any remaining data
  • You can access any data we have about you
  • You control how long to keep your local copies
  • You can terminate your use of our service at any time

8. Prohibited Uses and User Responsibilities

YOU AGREE NOT TO:

  • Upload medical records you do not have legal authority to process
  • Use our service for any illegal or unauthorized purposes
  • Attempt to reverse engineer, modify, or interfere with our systems
  • Share your account access or credentials with others
  • Use our analysis as the sole basis for any legal or medical decisions
  • Attempt to hold us liable for any outcomes related to your VA claims

User Warranties

By using our service, you warrant that:

  • You have the legal right to upload and process all submitted medical records
  • All information you provide is accurate and complete
  • You will not use our service for any unlawful purposes
  • You understand the limitations and disclaimers of our service

9. Your Rights and Our Obligations Under HIPAA

Your Rights

  • Right to Access: Request access to your PHI in our systems
  • Right to Amendment: Request corrections to inaccurate PHI
  • Right to Restriction: Request limitations on use or disclosure
  • Right to Complaint: File complaints about privacy violations
  • Right to Breach Notification: Be notified of any PHI breaches

Our Obligations

  • Maintain appropriate safeguards for your PHI
  • Provide breach notifications within required timeframes
  • Allow you to exercise your HIPAA rights
  • Maintain business associate agreements with all service providers
  • Comply with all applicable HIPAA requirements

10. Breach Notification and Incident Response

In the event of a suspected or confirmed breach involving your PHI, we will:

  • Immediate Assessment: Conduct immediate investigation and risk assessment
  • Containment: Take immediate steps to contain and minimize the breach
  • Notification: Notify affected individuals within 60 days of discovery
  • Reporting: Report to HHS Office for Civil Rights within 60 days
  • Media Notification: Provide media notification if breach affects 500+ individuals
  • Remediation: Implement corrective measures to prevent future breaches

LIMITATION OF LIABILITY FOR BREACHES

While we will comply with all legal notification requirements, our liability for any breach is limited to:

  • The cost of notification as required by law
  • Reasonable remediation efforts as determined by us
  • No liability for consequential, punitive, or special damages
  • Maximum liability not to exceed $1,000 per incident

11. Governing Law and Dispute Resolution

Governing Law: These terms are governed by the laws of the State of Maryland, without regard to conflict of law principles.

Dispute Resolution: Any disputes arising from your use of our service shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association, conducted in our home jurisdiction.

Class Action Waiver: You agree to resolve disputes individually and waive any right to participate in class action lawsuits.

Limitation Period: Any claims must be brought within one (1) year of the date the claim arose.

12. Changes to Terms and Service Termination

Changes to This Policy

We reserve the right to modify these terms at any time. Changes will be effective immediately upon posting. Continued use of our service constitutes acceptance of modified terms.

Service Termination

We may terminate or suspend your access to our service at any time, for any reason, without notice. Upon termination:

  • Your right to use our service immediately ceases
  • We will delete your PHI according to our retention policies
  • These terms remain in effect regarding past use of our service
  • You remain bound by all warranties, indemnifications, and limitations

13. Contact Information

VA CLAIM BUDDY, LLC
Owner/Operator of VA Claim Buddy
Email: vaclaimbuddy@gmail.com
LinkedIn: https://www.linkedin.com/in/davidstergion

Privacy Officer Contact:
Email: vaclaimbuddy@gmail.com
Subject Line: "Privacy/HIPAA Inquiry"

For HIPAA Complaints:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/

ACKNOWLEDGMENT AND AGREEMENT

BY USING VA CLAIM BUDDY'S SERVICES, YOU ACKNOWLEDGE THAT:

  • You have read, understood, and agree to be bound by this Privacy Policy and Terms of Service
  • You understand this service is for informational purposes only
  • You will not rely solely on our analysis for any legal or medical decisions
  • You accept all risks associated with using our service
  • You agree to the liability limitations and dispute resolution procedures
  • You consent to the collection, use, and disclosure of your PHI as described herein

If you do not agree to these terms, you must not use our service.