Skip to main content
Legal

HIPAA Notice

Effective date: February 12, 2026 · Last updated: February 12, 2026

Important. BioContext7 is a free, open-access bioinformatics documentation platform. It is not designed to process, store, or transmit Protected Health Information (PHI). No Business Associate Agreement (BAA) is available. Do not submit PHI through the Service.

1. Overview

BioContext7 aggregates publicly available bioinformatics tool metadata from authoritative registries and delivers it to AI coding assistants. The Service processes tool documentation, not patient data.

This notice describes our position on HIPAA and the Health Insurance Portability and Accountability Act of 1996, including the Privacy Rule, Security Rule, and Breach Notification Rule.

2. No Business Associate Agreement

BioContext7 does not offer a Business Associate Agreement (BAA). The Service is not intended for use as a component in clinical workflows that involve PHI. Covered entities and business associates should not use BioContext7 to process data subject to HIPAA regulations.

3. Data Handling

BioContext7 is designed to process tool metadata, not patient data. We implement data minimization principles:

  • API queries contain tool search terms, not clinical data
  • No user-submitted data is stored beyond session scope
  • Usage logs record access patterns, not query content

If PHI is inadvertently included in an API query, it is not persisted or indexed. However, users are responsible for ensuring PHI is not submitted to the Service.

4. Security Safeguards

While BioContext7 is not HIPAA-compliant, we implement industry-standard security practices to protect all user data:

Technical Safeguards
  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls with least-privilege principles
  • Multi-factor authentication for administrative access
  • Automated vulnerability scanning and penetration testing
Administrative Safeguards
  • Documented policies and procedures for data handling
  • Regular risk assessments and compliance audits
  • Incident response plan with defined notification timelines
Audit Controls
  • Logging of access events for security monitoring
  • Real-time alerting for anomalous access patterns
  • Periodic log review and security reporting

5. Incident Response

In the event of a security incident affecting user data, Hordago Labs will:

  • Investigate and contain the incident promptly
  • Notify affected users within 72 hours of discovery
  • Provide a detailed incident report
  • Implement remediation measures to prevent recurrence

6. Contact

For security-related inquiries or to report a security concern:

← Back to Legal