HIPAA Non-Applicability Statement

Last Updated: December 8, 2025

1. Purpose of This Statement

This HIPAA Non-Applicability Statement (“Statement”) explains that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including its Privacy, Security, and Breach Notification Rules, does not apply to the use of TaxWallet.

This Statement is issued to eliminate misunderstanding, prevent regulatory misclassification, and protect TaxWallet (“Company”, “we”, “our”) from claims or obligations arising under laws that do not govern our Services.

2. TaxWallet Is Not a HIPAA-Covered Entity

Under 45 CFR §160.103, HIPAA applies only to:

  • Health care providers,
  • Health plans,
  • Health care clearinghouses,

collectively referred to as “Covered Entities.”

TaxWallet does not perform health care functions, does not process medical services, and does not engage in activities regulated as health care operations.

Therefore, TaxWallet is not a Covered Entity under HIPAA.

3. TaxWallet Is Not a HIPAA Business Associate

A “Business Associate” under HIPAA is an entity that processes, stores, or transmits Protected Health Information (“PHI”) on behalf of a Covered Entity.

TaxWallet does not provide services to Covered Entities involving PHI.

TaxWallet provides tax preparation workflow software, document management, identity verification tools, communications, and related financial services — none of which constitute HIPAA-covered activities.

Therefore, TaxWallet is not a Business Associate under HIPAA.

4. Prohibited Use: Uploading Protected Health Information (PHI)

Users must not upload, store, or transmit PHI or medical records through TaxWallet unless specifically required for tax preparation (e.g., disability documentation, dependent qualification letters, or financial statements containing incidental health information).

Strictly prohibited uploads include, but are not limited to:

  • Medical charts or full health records,
  • Treatment plans, diagnoses, or clinical notes,
  • Hospital documentation unrelated to tax eligibility,
  • Insurance benefit statements not required for tax filing.

Uploading such documents constitutes a violation of the Acceptable Use Policy and may result in immediate removal or data deletion.

5. GLBA and IRS Regulations Apply Instead of HIPAA

Although HIPAA does not apply, TaxWallet remains subject to:

  • The Gramm-Leach-Bliley Act (GLBA),
  • IRS Publication 4557 (Safeguarding Taxpayer Data),
  • IRS e-File regulations,
  • FTC Safeguards Rule,
  • State privacy laws regarding financial data.

These frameworks govern how we protect taxpayer information, identity records, e-signatures, documents, and communications.

6. User Responsibilities

Users agree that they:

  • Understand HIPAA does not apply to TaxWallet,
  • Will not upload PHI except as strictly necessary for tax preparation,
  • Will not store medical data beyond what is required for lawful return preparation,
  • Will ensure staff members follow these restrictions,
  • Will indemnify TaxWallet against any claims arising from improper PHI upload.

Users are solely responsible for screening and validating all documents they upload to TaxWallet.

7. No HIPAA Warranties or Representations

TaxWallet does not represent or warrant that:

  • Its platform is HIPAA-compliant,
  • Its security controls satisfy HIPAA standards,
  • It will sign HIPAA Business Associate Agreements (BAAs),
  • It provides protections required for PHI under HIPAA.

Users acknowledge and agree that TaxWallet expressly disclaims any obligation under HIPAA.

8. Data Uploaded in Violation of HIPAA Restrictions

If a user improperly uploads PHI:

  • TaxWallet is not obligated to maintain, secure, or process it under HIPAA,
  • TaxWallet may terminate or suspend the user’s account,
  • TaxWallet may delete the data without notice,
  • TaxWallet is not liable for any breach, exposure, or misuse relating to such data,
  • The user assumes full responsibility for regulatory and legal consequences.

9. Mobile App Non-Applicability

HIPAA does not apply to the TaxWallet mobile app. The app:

  • Captures tax documents, IDs, financial statements, and signatures,
  • Sends mobile notifications and two-factor authentication codes,
  • Allows taxpayers to interact with their preparers.

None of these functions constitute HIPAA-covered activities, even when the app operates on personal mobile devices.

10. No Third-Party HIPAA Obligations

TaxWallet’s third-party vendors (cloud hosting, analytics, monitoring, identity verification, banking partners) are not processing PHI on behalf of Covered Entities.

Users agree TaxWallet is not responsible for third-party compliance with HIPAA nor required to flow down HIPAA restrictions to vendors.

11. Enforcement & Termination

Violations of this Statement may result in:

  • Suspension of access,
  • Permanent account termination,
  • Deletion of improperly stored PHI,
  • Reporting of unlawful activity to authorities, when required.

Refunds will not be issued for accounts terminated due to PHI violations.

12. Updates to This Statement

TaxWallet may update this HIPAA Non-Applicability Statement at any time to reflect changes in applicable laws or service operations.

Continued use of the Services after updates constitutes acceptance of the revised Statement.

13. Contact

TaxWallet Security & Compliance Office

Email: security@taxwallet.ai

We respond promptly to compliance inquiries.

HIPAA Non-Applicability Statement | TaxWallet