HIPAA & HBNR Applicability Statement

At DESKi, the security of your personal data is our primary commitment. Before using HeartFocus via the HeartFocus Portal or the HeartFocus App ( together “HeartFocus”) please read this Privacy Policy ("the Policy") which explains how we process your personal data collected via HeartFocus

DESKi – August 20, 2025

DESKi confirms that HeartFocus is not subject to HIPAA under U.S. law.

• As part of Heartfocus operations, DESKi does not create, receive, maintain, or transmit Protected Health Information (PHI) on behalf of any healthcare entity.
• As part of Heartfocus operations, DESKi does not access or store any patient data, whether identifiable or de-identified.
• As such, HIPAA regulations do not apply to HeartFocus operations.
• As part of Heartfocus operations, DESKi is also not subject to the FTC Health Breach Notification Rule (HBNR), as our services do not involve personal health records (PHRs) or consumer-facing health applications as defined by the rule.

This position aligns with the definitions provided under 45 CFR § 160.103 (HIPAA) and the FTC’s interpretation of the HBNR.

Authorized by:

Kelly Porfirio, Security Officer at DESKi