Is Apotheo HIPAA Compliant?

Short Answer

Apotheo is not HIPAA compliant and does not sign Business Associate Agreements (BAAs). Most Apotheo users — personal trainers, nutritionists, and online coaches — are not covered entities under HIPAA, so this typically doesn't apply.

What Is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act) applies to covered entities — health care providers, health plans, and health care clearinghouses — and their service providers. If you're a personal trainer or nutrition coach, you're generally not a covered entity.

Do I Need HIPAA Compliance?

If you're a personal trainer, nutritionist, or online fitness coach, you most likely do not fall under HIPAA. You should still handle client data responsibly, but you're not legally required to use HIPAA-compliant software.

If you are a covered entity (for example, a licensed dietitian working within a health care organization), you would need your software vendors to sign a Business Associate Agreement (BAA). Apotheo does not currently offer BAAs.

What Apotheo Does for Data Security

While we are not HIPAA compliant, we follow many industry best practices for protecting your data:

• All data is transmitted over encrypted connections (HTTPS/TLS)
• Client data is stored securely with access controls
• Payments are processed through Stripe, which is PCI DSS Level 1 certified
• We do not sell or share client data with third parties

Updated on: 20/03/2026