Why HIPAA is currently out of scope and how we approach security regardless
JourneyLoop does not currently handle Protected Health Information (PHI) as defined by HIPAA regulations. As a result, HIPAA compliance is not required for our current operations and is considered out of scope at this time.
We recognize that many independent coaches work in healthcare-adjacent contexts, and we're open to considering HIPAA compliance in the future if the platform evolves to handle medical information. However, this is not part of our current roadmap.
Important: While HIPAA doesn't apply to us now, we still take security and privacy extremely seriously. See our Security Practices section for details on how we protect your data.
HIPAA applies specifically to Protected Health Information (PHI), which includes medical diagnoses, treatment plans, prescriptions, and medical records created by healthcare providers.
JourneyLoop is designed for professional coaching relationships, not medical or therapeutic treatment. The platform handles coaching session notes, goals, progress tracking, and personal reflections—not medical information.
The types of data we currently process include:
None of these constitute Protected Health Information under HIPAA regulations.
We understand that some coaches work with clients who have health-related goals (wellness coaching, lifestyle changes, stress management), but this doesn't automatically trigger HIPAA requirements unless the coach is operating as a healthcare provider or handling actual medical records.
If you're a coach who works in a clinical setting or handles PHI as part of your practice, please consult with your compliance advisor about whether JourneyLoop is appropriate for your use case.
Just because HIPAA doesn't apply doesn't mean we take security lightly. Coaching data is sensitive and personal, and we've implemented enterprise-grade security practices to protect it.
HIPAA compliance would become necessary if JourneyLoop evolves in certain ways:
If we integrate directly with Electronic Health Record (EHR) systems or enable coaches to store medical diagnoses and treatment plans.
If we add features that allow coaches to document medical information, prescriptions, or treatment recommendations as part of a healthcare provider relationship.
If we receive significant demand from coaches who need HIPAA-compliant features for their practice, we would evaluate the business case for pursuing compliance.
Your Feedback Matters: If HIPAA compliance is important to your coaching practice, we'd love to hear from you. Contact us at support@journeyloop.ai.
