HIPAA
HIPAA-aligned care, with transparent safeguards.
This page is a living, plain-language summary of how Directly is designing its platform to support HIPAA-aligned workflows. It is not legal advice and will evolve as we complete formal reviews and operational controls.
Last updated: February 17, 2026
What We Handle
Directly is built to facilitate care coordination, scheduling, and secure communications between patients and clinicians. When protected health information (PHI) is stored or transmitted, it is treated as sensitive and access is restricted.
Privacy & Access
We enforce role-based access control, strong authentication, and audit-ready activity logging. Only authorized personnel with a need-to-know can access patient data.
Security Safeguards
Our engineering roadmap includes encryption in transit and at rest, segmented environments, centralized monitoring, and proactive incident response playbooks.
Commitment In Progress
Directly is still completing full HIPAA program readiness, including policies, business associate agreements (BAAs), and ongoing risk assessments. We are prioritizing this work as we expand clinical operations.
- Security and privacy policies in review
- Vendor and subprocessors being vetted for compliance
- Access and incident-response procedures being documented
How Members Can Help
Keep your account secure, avoid sharing sensitive details over email, and notify us if you believe your information has been accessed improperly. We will support you with guidance and timely updates.
Questions? Contact the privacy team at directlyhealthcare@gmail.com.
Scope Notice
This page summarizes our intent and progress; it does not represent a guarantee of HIPAA compliance or a substitute for contractual terms between covered entities and Directly. We will publish updated details as our program matures.