Effective date: 2026-05-02. Last reviewed: 2026-05-02.
This Policy describes activities that are not permitted on HealthDash. Violations may result in suspension, termination, or legal action.
1. Compliance
- You must comply with all applicable law, including HIPAA, FDA, DEA, and state-level health and pharmacy regulations.
- You must accurately represent the regulatory status of products (research-only, prescription-required, etc.).
- You must obtain valid prescriptions and licensure where required before fulfilling any clinical product order.
2. Security
- No probing, scanning, or testing the security of the platform without prior written authorization from [email protected].
- No bypassing rate limits, authentication, or audit-log mechanisms.
- No introducing malicious code, ransomware, or unauthorized monitoring tools.
3. Data handling
- Workforce members with PHI access must complete HIPAA training on hire and annually thereafter (§164.308(a)(5)).
- No storing PHI on dev/personal devices outside the platform.
- No exporting PHI to non-BAA-covered destinations.
- No printing PHI except as permitted by your organization's Physical Safeguards Policy.
4. Operational
- No reverse engineering, decompiling, or extracting source code.
- No competitive benchmarking without written authorization.
- No reselling or sublicensing the platform.
5. Enforcement
We investigate reports of policy violation. Violations may result in:
- Warning + remediation request.
- Account suspension pending investigation.
- Termination of subscription with no refund of prepaid fees.
- Referral to law enforcement where applicable.
Report violations to [email protected].