HIPAA Notice


The Vitala Group (hereinafter referred to as "the Vitala Group") consists of the following companies:  

(a) Aasa Health AB, org. no. 559116-7936, with address Ola Hanssonsgatan 4, apt 1004, 112 52 Stockholm, Sweden (hereinafter referred to as “Vitala Europe”);  

(b) Vitala Health Inc. located at 16192 Coastal Highway, Lewes, Delaware 19958, EIN 38-4243867, info@vitala.health (hereinafter referred to as “Vitala US” or “we”).

The Vitala Group is represented by Vitala Europe in case representation of the Vitala Group is necessary. Vitala Europe is the representative of Vitala US in Europe. For obligations and representation before the client or user, the company from the Vitala Group that incurred the obligations or on which obligations rest is responsible.

The Vitala Group is part of a group of companies that have a legitimate interest in
transmitting personal data within their own group of companies for internal administrative purposes, including the processing of personal data of clients and employees (data is transferred within the Vitala Group).

Vitala US provides the Application and Care Portal in the United States of America. Patients can manage their data through the Application and delete information. Healthcare providers create patient accounts in the Application and can make modifications to the data, including issuing recommendations and monitoring progress. Patients are also informed about their progress.

The data is processed using AWS architecture. Please red more about the requirements and restrictions of AWS regarding HIPAA: https://aws.amazon.com/compliance/hipaa-compliance/

The term "Personal Data" encompasses any information that can be used on its own or in combination with other information to identify an individual or contact a specific person. Some Personal Data may be considered "health data" (i.e., data related to your physical or mental health), "protected health information" or "PHI" (i.e., information that relates to your past, present, or future physical or mental health or condition(s), the provision of healthcare to you, or past, present, or future payments for your healthcare), and/or medical records as defined by law.

If you have any questions or concerns after reading this document please do not hesitate to contact us. We appreciate your feedback. You can contact by email


7.1 Saatamme luovuttaa henkilötietojasi henkilötietoavustajillemme, kuten IT- ja pilvipalveluiden tai maksuhallinnon palveluita tarjoaville yrityksille.

7.2 Jos epäillään lain tai yleisten käyttöehtojemme rikkomista, saatamme luovuttaa henkilötietojasi lainvalvontaviranomaisille ja lainopillisille neuv

1. How can we Use or disclose Your Health Data or PHI?

We utilise data processed through the Application and Care Portal in connection with the provision of medical services by healthcare providers. We do not provide such services ourselves, and therefore, we do not have the authority to interfere with your Health Data or PHI (Protected Health Information), particularly in terms of disclosing it to anyone.

We collaborate with entities that provide integration, operation, and software development. Each of our entities operates based on appropriate agreements.

2. When we are not allowed to disclose Your Health Data or PHI?

We are not authorised to disclose your data to any authorities or entities. The decision on when and how your data may be disclosed is solely determined by your Healthcare Provider. Remember, we will not use your information to notify anyone.

3. Your rights  

Right to Request Special Privacy Protections. You have the right to request restrictions on certain uses and disclosures of your health information by a written request specifying what information you want to limit, and what limitations on our use or disclosure of that information you wish to have imposed. We reserve the right to accept or reject your request, and will notify you of our decision.

Right to Request Confidential Communications.  You have the right to request that you receive your health information in a specific way or at a specific location. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications. Communication in the Application and Care Portal is encrypted. We do not transmit data in any form other than encrypted. It is not possible for us to send you any data. You have access to your data through the Application, and Healthcare Providers have access through the Care Portal. Reports are only provided in relation to the Care Portal, as regulated by the appropriate agreement between us and the Healthcare Provider.

Right to Inspect and Copy.  You have the right to inspect and copy your health information, with limited exceptions. To access your medical information, you can access the App. We may require re-login for specific data zones due to security reasons. You can always ask your Healthcare Provider to send you a copy of the data. We do not provide you with any Health Data, including PHI.

Right to Amend or Supplement. You have the right to change personal data in the
Application, but only your Healthcare Provider can change Health Data and PHI. You have the right to request them to modify your data.

Right to an Accounting of Disclosures. We do not disclose information. The only entity that can do so is your Healthcare Provider. You should contact them or refer to information on how to exercise this right.

4. Security 

We implement various security measures. Here are some examples:

  • Access control;
  • Unique user identification;
  • Emergency access procedure;
  • Automatic logoff;
  • Encryption;
  • Anonymization;
  • Limited processing time;
  • Audit Controls;
  • Integrity;
  • Person or entity authentication;
  • Transmission Security;
  • Implementation of procedures;
  • Ensuring confidentiality, integrity, and availability (CIA);
  • Risk Based Approach;
  • Testing.