HIPAA Notice of Privacy Practices

Are we a HIPAA covered entity?

Tuesdays' core price-comparison service is not a HIPAA covered entity — we do not bill insurance, dispense medication, or provide treatment. Most of what we store is publicly available drug-pricing data plus your account email.

When HIPAA does apply

If you connect a clinical service through Tuesdays (telehealth visit, prescription upload), the protected health information (PHI) generated by that service is governed by the providing pharmacy or clinician's HIPAA practices, not ours. Tuesdays acts as a Business Associate to those entities under written BAAs.

Your rights regarding PHI

• Right to inspect and copy your PHI.
• Right to request amendments.
• Right to an accounting of disclosures.
• Right to request restrictions on use.
• Right to a paper copy of this notice.

How we protect PHI

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Role-based access; least-privilege by default.
• Audit logs retained 6 years per HIPAA requirements.
• Annual security review and penetration testing.

Complaints

Concerns? Email privacy@jointuesdays.com. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights without retaliation.