Hipsana

Privacy

What we collect, and who we share it with.

Last updated: June 3, 2026

Hipsana (“we,” “us”) publishes educational content about cybersecurity and HIPAA compliance for healthcare practices, and offers a free HIPAA Security Risk Scorecard and review. This policy explains what information we collect when you use this site or our Scorecard, why we collect it, and who we share it with.

If you have any question about this policy, email us at hello@hipsana.com.

What we collect

When you use our Scorecard or book a review, you give us:

  • Your practice name and the U.S. state your practice is in.
  • Your email address.
  • Your answers to the Scorecard questions (yes / no / not sure).
  • If you book a call: your name and the time you select.

When you visit the site, we also automatically receive standard technical information such as your IP address, browser type, and the pages you view. This is normal for any website and helps it run and stay secure.

What we do not collect

We do not collect patient information or any Protected Health Information (PHI). The Scorecard asks only about how your practice handles security, never about your patients. Please do not send us patient data. We are an educational publisher and a referral service; we are not a HIPAA “covered entity” or “business associate,” and we do not handle PHI.

Why we collect it

We use your information to:

  • Calculate and send you your Scorecard result and a written review.
  • Schedule and hold your free risk review.
  • Connect you with a vetted specialist partner who conducts the review (see below).
  • Respond to your messages.
  • Understand how the site is used so we can improve it.

Who we share it with

To deliver the free review, we share your details with one vetted specialist partner who carries out the assessment and may follow up with you. We share your information with that one partner only. We do not sell your information or pass it to multiple companies.

We may also share information with the service providers that run our tools (for example, our form, scheduling, email, and analytics providers) strictly so those tools work, and with authorities if the law requires it.

Analytics and cookies

We use Google Analytics to see, in aggregate, how visitors use the site, such as which pages are read. We also use Microsoft Clarity, which produces heatmaps and session recordings (replays of how visitors move through our pages) so we can find where the site is confusing and improve it. These tools may set cookies. You can block or delete cookies in your browser settings, and you can opt out of Google Analytics using Google’s browser add-on.

How long we keep it

We keep your information for as long as we need it to provide the review and stay in touch about it, and in any case no longer than 24 months after your last contact with us, unless you ask us to delete it sooner.

Your choices

You can ask us to show you the information we hold about you, correct it, or delete it. Email hello@hipsana.com and we will act on your request within a reasonable time. You can also unsubscribe from any email we send using the link in that email.

Changes to this policy

If we change how we handle your information, we will update this page and change the “Last updated” date above.

Contact

Hipsana. For any question about your data, email hello@hipsana.com.