HIPAA Disclaimer | CLAS by Fred Saraiva

§ 1 Purpose of This Disclaimer

CLAS by Fred Saraiva ("CLAS," "we," "our," or "us") provides cybersecurity, compliance, and advisory services designed to help organizations strengthen their compliance posture and prepare for audits.

This page clarifies our role in relation to the Health Insurance Portability and Accountability Act (HIPAA) and the handling of Protected Health Information (PHI).

§ 2 Advisory Role — Not a Covered Entity

CLAS is:

Not a healthcare provider
Not a health plan
Not a healthcare clearinghouse

We operate strictly as an independent compliance and security advisory firm. Our services are designed to guide, assess, and support — but not to assume operational control of your compliance program.

§ 3 No Handling of PHI by Default

Unless explicitly agreed in writing:

Do not submit or transmit Protected Health Information (PHI) to CLAS through our website, email, forms, or general communications
CLAS does not collect, store, or process PHI as part of standard engagements

This policy is intentional and aligned with our risk-minimization and security-first approach.

§ 4 Business Associate Agreement (BAA)

In cases where services may require access to PHI:

A signed Business Associate Agreement (BAA) is required before any PHI is shared
The scope, responsibilities, and safeguards will be clearly defined in that agreement

Without a signed BAA: CLAS will not access, process, or be responsible for PHI in any capacity.

§ 5 Shared Responsibility for Compliance

HIPAA compliance is a shared responsibility. CLAS provides:

Risk assessments
Gap analysis
Policy frameworks
Advisory guidance

However, final implementation decisions remain with the client. Ongoing compliance, monitoring, and enforcement are the client's responsibility.

§ 6 No Guarantee of Compliance or Audit Outcome

While CLAS applies structured methodologies and best practices:

We do not guarantee regulatory compliance
We do not certify HIPAA compliance
We do not guarantee audit outcomes

Our role is to help you identify gaps, reduce risk, and improve readiness.

§ 7 Secure Communication Practices

We encourage all clients and prospects to:

Avoid sharing sensitive or regulated data through unsecured channels
Use approved, secure communication methods when necessary
Follow internal data protection policies when engaging with external advisors

§ 8 Positioning Statement

"Compliance is not about handling sensitive data — it is about structuring systems so that sensitive data is protected."

Our focus is on:

Governance Structure Audit Readiness Risk Reduction

CLAS is built on the principle that our value lies in structuring your compliance program — not in acting as a data processor.

§ 9 Contact

If you have questions regarding HIPAA scope, PHI handling, or engagement structure, please contact:

CLAS BY FRED SARAIVA

Email: fred@clasbyfred.com

Location: Northeast Florida, United States

§ 10 Updates to This Disclaimer

This page may be updated periodically to reflect regulatory or operational changes. Updates will be posted with a revised effective date.