Legal

HIPAA

Last Updated: 2026-05-16

This page summarizes Run Wild's approach to HIPAA-aligned processing for Covered Entities and Business Associates. Operative terms are set out in the Business Associate Agreement.

At a Glance

  • Business Associate — Run Wild can act as a Business Associate for Covered Entities and other Business Associates, with a signed BAA in place before any PHI is exchanged.
  • Safeguards — Administrative, physical, and technical safeguards consistent with the HIPAA Security Rule, including encryption, access controls, and audit logging.
  • Eligible Verticals — Med spas, dental, and other healthcare-adjacent verticals. PHI may only be processed in the Service after a BAA is executed.

1. Overview

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, regulates the use and disclosure of Protected Health Information (PHI) by Covered Entities and their Business Associates.

Run Wild is structured to operate as a Business Associate for eligible customers in the dental, med spa, and broader healthcare space. PHI may only be transmitted through the Service after a Business Associate Agreement (BAA) has been executed.

2. Business Associate Agreement (BAA)

Customers requiring HIPAA-aligned processing must execute a BAA with Run Wild before processing PHI on the Service. Contact compliance@runwild.ai to request a BAA.

The BAA sets out the parties' obligations regarding permitted uses and disclosures of PHI, safeguards, breach notification, subcontractor terms, and return or destruction of PHI on termination.

3. Safeguards

Run Wild implements administrative, physical, and technical safeguards designed to align with the HIPAA Security Rule, including:

  • Encryption of PHI in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls and least-privilege principles for internal access.
  • Audit logging and monitoring of access to systems containing PHI.
  • Workforce training and confidentiality obligations for personnel with access to PHI.
  • Regular vulnerability assessments and patch management.

4. Permitted uses and disclosures

Run Wild uses and discloses PHI only as permitted by the BAA and HIPAA — to perform the Service, for proper management and administration, and to carry out Run Wild's legal responsibilities, and only when the disclosure is required by law or where Run Wild obtains reasonable assurances regarding confidentiality.

5. Breach notification

Run Wild notifies affected Customers of any Breach of Unsecured PHI as required by 45 CFR § 164.410, in coordination with the Customer and applicable law.

6. Subcontractors

Run Wild ensures that any subcontractor that creates, receives, maintains, or transmits PHI on its behalf agrees in writing to substantially the same restrictions and conditions that apply to Run Wild with respect to such information.

7. Customer responsibilities

Customers acknowledge that:

  • They are responsible for obtaining all necessary authorizations and consents from patients and clients before using the Service to communicate PHI.
  • They must configure the Service appropriately for HIPAA use, including disabling sub-features that are not BAA-covered if such features exist.
  • They will not transmit PHI through the Service before a BAA is in place.

8. Contact

For HIPAA-related inquiries, including BAA requests, contact compliance@runwild.ai.