Last updated: April 27, 2026. This is a product summary, not a substitute for legal review.
Waive Help is designed for families navigating Medicaid HCBS waivers. It may store and process identifiers and health-related content you upload (for example: medical records, letters, eligibility information). Treat the service as handling sensitive health information.
In California, the Confidentiality of Medical Information Act (CMIA) may apply in addition to other rules. Our security and data practices are documented for internal and customer review in docs/compliance/HIPAA-CMIA-CONTROLS.md.
Waive Help is built with HIPAA- and CMIA-oriented security practices, including authenticated access, household-scoped records, private document workflows, audit logging patterns, and no advertising trackers in authenticated areas. Production deployments involving PHI still require signed BAAs, vendor review, policies, workforce controls, and legal sign-off.
We do not describe the product as “HIPAA certified.” Covered deployments should request BAA and compliance review before storing live client records.
Upload only what is necessary for your case. We use industry-standard encryption in transit (TLS) and rely on Supabase for storage and access control per our configuration.
You can request access, correction, or deletion of your account data subject to legal and operational retention requirements. Contact support through the channel your organization provides for Waive Help.
Authenticated areas avoid third-party advertising trackers. Optional error monitoring may use Sentry when configured; PHI must not be placed in client-visible logs (see compliance checklist).