HIPAA Compliance
Last updated: June 2026
Important Notice
AquariusAI is a career intelligence platform for healthcare professionals. It is not a clinical system, EHR, or patient management tool. No patient health information (PHI) should be entered into AquariusAI. This page describes our approach to data privacy for healthcare professionals using our career tools.
AquariusAI serves thousands of healthcare and MediTech professionals including nurses, doctors, medical administrators, and health technology workers. We take the privacy of healthcare professionals extremely seriously and have designed our platform with strong data protection principles that align with the spirit of HIPAA — even where specific HIPAA obligations may not directly apply to a career platform.
Understanding HIPAA Scope
The Health Insurance Portability and Accountability Act (HIPAA) primarily governs covered entities (hospitals, clinics, health plans) and their business associates when handling Protected Health Information (PHI) — information about patients.
AquariusAI is not a covered entity or business associate under HIPAA. We do not process patient health information. Our platform handles career data about healthcare professionals — their resumes, job applications, and career goals — not patient data. Healthcare professionals should never enter patient information, clinical records, or PHI into AquariusAI.
Our Data Protection Practices
While AquariusAI is not a HIPAA covered entity, we have implemented strong data protection measures consistent with healthcare industry expectations:
Encryption in Transit
All data transmitted between your browser and our servers uses TLS 1.3 encryption. No data is sent over unencrypted connections.
Encryption at Rest
User data stored in Google Firebase is encrypted at rest using AES-256 encryption managed by Google Cloud Platform.
Access Controls
Role-based access controls ensure that only authorised personnel can access platform data. Admin access is strictly restricted.
Data Minimisation
We collect only the data necessary to provide career intelligence. We do not collect clinical, medical, or patient information.
For Healthcare Organisations
If you are a healthcare organisation using AquariusAI's Recruiter Portal to post jobs and find candidates, please note that the portal is designed for job posting and candidate management only. No patient data should be processed through our recruiter tools.
For organisations that require a formal Business Associate Agreement (BAA), please note that as a career platform handling only professional career data (not PHI), a BAA is typically not applicable to AquariusAI services. For specific compliance questions, contact [email protected].
AI Processing and Healthcare Data
AquariusAI uses Anthropic's Claude AI for chat responses, resume analysis, and job eligibility scoring. When you use our MediTech chat mode, you are getting industry-contextual answers about your career — not clinical advice.
Use for:
- ✓ Career advice and job searching
- ✓ Resume analysis and improvement
- ✓ Interview preparation
- ✓ Industry news and insights
Do NOT use for:
- ✗ Clinical decision making
- ✗ Patient diagnosis or treatment
- ✗ Storing or sharing patient records
- ✗ Any purpose involving patient PHI
Compliance Enquiries
For compliance-related questions or to report a concern, contact our team at [email protected]. We take all compliance enquiries seriously and respond within 2 business days.