While the majority of our technical and physical safeguards meet or exceed compliance requirements, Mango has not sought to actively comply with U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and therefore we do not recommend covered entities use Mango to process or store ePHI.
Where data uploaded to Mango is de-identified in accordance with the HIPAA Privacy Rule, that data is not considered ePHI and Mango is not considered a business associate, and therefore there are no restrictions for using Mango for analysis of health data.