HIPAA Statement

Our approach to HIPAA

PowerFrame is deliberately architected to avoid handling Protected Health Information (PHI). For dental, medical, mental health, and chiropractic practices, we handle only non-PHI operational touchpoints. Your EMR stays in your EMR.

What PowerFrame handles for healthcare verticals

• Appointment scheduling (date, time, provider, service type — not condition)
• Reminder calls and texts (no diagnosis or treatment details)
• New patient intake (contact info, preferred appointment time — not medical history)
• Post-visit review requests (rating and testimonial — no treatment details)
• Insurance verification triage ("we accept Delta Dental" — yes/no routing only)
• Recare and recall scheduling ("time for your 6-month cleaning")

What PowerFrame does NOT handle

• Medical records access
• Prescription information
• Diagnoses, symptoms, treatment plans
• Lab results or imaging
• Mental health session content
• Insurance claim details
• Payment details tied to specific treatments

Business Associate Agreements

Because PowerFrame does not process PHI, we are not technically a Business Associate under HIPAA for most engagements. However, for customers who want belt-and-suspenders compliance, we will sign a BAA on request. Email compliance@powerframe.ai.

Safeguards

• All communications encrypted in transit (TLS 1.2+)
• All stored data encrypted at rest (AES-256)
• Role-based access with least-privilege principle
• Audit logs retained 6 years
• Employee training on HIPAA-adjacent handling
• Incident response and breach notification procedures

Your responsibilities

• Do not configure agents to discuss PHI — we will flag this during onboarding
• Keep your EMR separated from our platform
• Ensure your staff does not push PHI through our channels
• Report any suspected PHI exposure to compliance@powerframe.ai immediately

Contact

Email: compliance@powerframe.ai