Your Health Data Is Never Stored, Transmitted, or Accessible to Anyone
Quantitative Health, LLC is built on privacy by design. This page documents our HIPAA compliance posture — how we protect your information and why our architecture eliminates risk at the source.
Formal Compliance Statement: Quantitative Health, LLC, operating as drpaulkilgore.com, is committed to full compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and all applicable federal and state health privacy regulations. As a physician-led organization, we hold ourselves to the highest standard of patient privacy — not as a regulatory obligation, but as a clinical and ethical imperative.
Our platform is designed from the ground up to minimize the collection, storage, and transmission of protected health information (PHI). Where PHI is necessarily involved — such as during telehealth consultations — we maintain appropriate Business Associate Agreements and employ HIPAA-compliant technology platforms.
Privacy by Design: How It Works
Unlike most digital health platforms, Quantitative Health does not operate a central database of user health information. Our architecture was designed to eliminate PHI exposure at the infrastructure level — not to manage it after the fact.
All 28+ health tools — calculators, analyzers, and assessments — process data entirely within the user's own web browser. No health data is sent to our servers.
We do not store, retain, cache, or log any health information entered into our tools. When a user closes their browser, the data ceases to exist.
Health data entered into our calculators and analyzers is never transmitted to our servers, third-party servers, or any external system.
For corporate wellness clients: no employer, HR department, or administrator can see, access, or retrieve any health data entered by individual employees.
AI-Powered Tools
Certain health tools use artificial intelligence (Anthropic Claude) to generate personalized educational health content. In these cases, user-entered data is transmitted via encrypted HTTPS to our Cloudflare Workers backend for AI processing. This data is not stored, cached, or linked to the user's identity after the session ends. AI-generated results do not constitute medical advice. For full details, see our AI Use Disclosure.
Telehealth Consultations
All telehealth consultations conducted by Dr. Paul Kilgore are held via HIPAA-compliant Zoom for Healthcare. Quantitative Health, LLC maintains a signed Business Associate Agreement (BAA) with Zoom Communications, Inc., ensuring that all protected health information transmitted during consultations is subject to the administrative, physical, and technical safeguards required by the HIPAA Privacy Rule and Security Rule (45 CFR Parts 160 and 164).
Quantitative Health, LLC maintains a signed BAA with Zoom Communications, Inc., effective May 15, 2023, as required under HIPAA and the HITECH Act. Consultation sessions are not recorded unless the client provides explicit written consent. No PHI is shared with third parties except as permitted under HIPAA or as required by law.
Safeguards
Administrative Safeguards
Physician oversight. All health content, tools, and clinical recommendations are authored and maintained by Dr. Paul Kilgore, MD, MPH, FACP — a board-certified internist with 36 years of clinical experience.
Privacy policies documented. Written privacy policies govern the collection, use, and disclosure of all personal and health-related information. Policies are reviewed and updated annually.
Business Associate Agreements in place. BAAs are maintained with all third-party vendors that may access or process PHI, including Zoom Communications, Inc.
Breach notification procedures established. In the unlikely event of a data breach involving PHI, affected individuals and relevant authorities will be notified in accordance with HIPAA Breach Notification Rule requirements.
Technical Safeguards
HTTPS encryption site-wide. All data transmitted to and from drpaulkilgore.com is encrypted via TLS/SSL. No unencrypted connections are permitted.
Client-side architecture eliminates server-side PHI risk. Health tools run entirely in the user's browser. No PHI traverses our servers or is stored in any database.
HIPAA-compliant telehealth platform. Zoom for Healthcare with signed BAA provides end-to-end encryption for all video consultations.
Access controls. Administrative access to the Quantitative Health platform is restricted to authorized personnel only, secured with strong authentication.
Physical Safeguards
No on-premise PHI storage. Quantitative Health does not maintain physical servers or on-premise systems containing protected health information. All infrastructure is cloud-based with enterprise-grade security.
Secure workspace. All administrative and clinical work, including telehealth consultations, is conducted from a physically secured private office environment.
What This Means for Corporate Wellness Clients
Organizations licensing Quantitative Health's tools and content for their employees face zero HIPAA exposure from our platform. Because our health tools process data client-side with no storage or transmission, there is no PHI for employers to manage, protect, or report.
No integration with your HRIS. No data processing agreements beyond what is already covered. No risk of employee health data being visible to management, HR, or IT departments. For organizations that include telehealth consultations (Corporate tier and above), all sessions are conducted under our existing BAA with Zoom.
Fellow, American College of Physicians
Member, American College of Lifestyle Medicine
Founder & Privacy Officer, Quantitative Health, LLC
April 2026
