What is HIPAA? How does Comma treat my data?

Why We Benchmark to HIPAA Standards

At Comma, we believe your menstrual health data deserves the same protection as any other medical information. Period data can reveal deeply personal insights and everyone has the right to keep that information private and secure. That’s why we’ve chosen to benchmark Sara™ to HIPAA standards, the same federal privacy and security framework that hospitals and healthcare providers follow. Unlike other period tracking apps, we hold ourselves to these standards because we believe your body deserves medical-grade privacy.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a U.S. federal law that sets national standards to protect sensitive patient health information. HIPAA works to make sure health information stays in the hands of trusted entities, keeping it safe from unauthorized access or disclosure.

Key Aspects of HIPAA

1. The Privacy Rule

   • HIPAA’s Privacy Rule protects your personal health information (PHI)—things like medical records, test results, or details about your care. It limits who can see or share that information, and gives you rights to view your records, ask for corrections, and decide who else can access them. In short, it’s all about control and consent.
     

2. The Security Rule

   • The Security Rule focuses on keeping your digital health data safe. It requires healthcare providers and insurers to use safeguards like encryption, secure passwords, and access controls to protect against hacking or unauthorized access. Think of it as the tech-side of privacy—making sure your electronic health information stays protected wherever it’s stored or shared.
     
     

Why HIPAA Matters for Sara™

Unfortunately, period data has not yet been protected as healthcare information. At Comma, we believe period data should be treated as medical data. So, Sara does just that. Sara gives you control over your period data, protects your period data with the same best practices as your medical providers, and relies on your consent prior to sharing your data with trusted partners.

How does this make Sara unique?

1. Sara is the most secure cycle tracking app out there. By looking to the same standards applicable to hospitals and other healthcare providers, Comma holds itself accountable to the highest measures of privacy and security. We benchmark to HIPAA, which means—if and only if you ask us—your data can be shared with healthcare providers, like your OB-GYN.

2. Sara puts you in control of your data, allowing you to decide who has access to your health insights.

3. We do not sell, share, or trade your data with any third parties without your explicit consent. And if you’re ever concerned about your data, you can delete it completely with our safety switch.
   
   

Our Values

Transparency and trust are core values for us, so you can feel confident that your health insights are safe and secure in Sara. It’s time for period data to have the security it deserves, which is why we are thrilled to lead the way.

Your data is yours, and we’re committed to protecting it. Together, we can transform this space so security is at the center.

Sources:

Centers for Disease Control and Prevention: Health Insurance Portability and Accountability Act of 1996 (HIPAA)

U.S. Department of Health and Human Services: Summary of the HIPAA Privacy Rule

TechTarget: What is HIPAA (Health Insurance Portability and Accountability Act)?

National Center for Biotechnology Information: Health Insurance Portability and Accountability Act (HIPAA) Compliance