Back to Partners Hub

Compliance & Legal Framework

Clear operational boundaries, data handling protocols, and regulatory compliance standards for B2B partnerships

Scope of Practice

What we do—and what we don't do—to maintain clear operational boundaries

What We Provide

  • Performance coaching: Strength training programming, nutrition frameworks, behavior change support
  • Lifestyle education: Evidence-based content on exercise, nutrition, sleep, stress management, habit formation
  • Accountability systems: Weekly check-ins, progress tracking, adherence monitoring
  • Program optimization: Adjusting training/nutrition based on member feedback and progress
  • Red flag identification: Recognizing concerning symptoms that require provider consultation
  • Care coordination: Escalating health concerns to appropriate clinical teams via established protocols

What We Don't Provide

  • Medical advice: We do not diagnose, treat, or prescribe for any medical condition
  • Clinical oversight: We are not medical providers and do not supervise medical care
  • Medication management: We do not adjust, recommend, or comment on medications
  • Emergency services: We are not an emergency response system (members directed to 911 for emergencies)
  • Meal planning: We provide nutrition frameworks, not prescriptive meal plans (no medical nutrition therapy)
  • Physical therapy: We provide performance training, not rehabilitation or injury treatment

Important Disclosure

Pierce Performance HQ provides wellness coaching and education services. We are not licensed healthcare providers and do not provide medical care, diagnosis, or treatment. All members are advised to consult with their healthcare providers before starting any fitness or nutrition program. Our services complement—but do not replace—medical care provided by licensed professionals.

PHI & Data Handling

Flexible data workflows designed for HIPAA compliance and privacy protection

Default Operating Model: No PHI Access Required

Our programs are designed to operate without access to Protected Health Information (PHI). This minimizes compliance burden and accelerates implementation.

What We Collect (Member-Entered Data):

  • Self-reported weight, body measurements, progress photos (optional)
  • Training adherence (workouts completed, effort ratings)
  • Nutrition compliance (protein intake, hydration, meal consistency)
  • Subjective feedback (energy levels, appetite, mood, sleep quality)
  • Goals, preferences, and program experience

What We Don't Collect:

  • Medical records, lab results, or clinical test data
  • Medication lists or prescription information
  • Diagnoses or medical history (unless voluntarily shared by member)
  • Clinical notes or provider communications

Partner reporting: All reports provided to partners are de-identified and aggregated. Individual member data is not shared unless specifically requested and authorized.

BAA-Covered Operations (When PHI Access Required)

For partners who require integrated clinical workflows, we can operate as a HIPAA Business Associate with appropriate safeguards.

When BAA is Required:

  • EMR/EHR integration where we receive or transmit PHI
  • Access to member medical records for care coordination
  • Writing progress notes back to clinical chart
  • Receiving lab results or clinical data from providers

Our HIPAA Safeguards:

  • SOC 2 Type II compliant infrastructure
  • End-to-end encryption for data at rest and in transit
  • Role-based access controls (only authorized personnel access PHI)
  • Audit logging of all PHI access
  • Annual HIPAA training for all staff
  • Regular security assessments and penetration testing
  • Incident response plan and breach notification protocols

BAA timeline: Standard BAA can be executed within 5-7 business days. Custom BAA reviews may take 2-3 weeks depending on legal team requirements.

Data Retention & Member Rights

Data Retention:

  • Active members: Data retained during enrollment
  • Post-enrollment: 7 years (standard record retention)
  • Partner reporting: Aggregated data retained indefinitely for analytics

Member Rights:

  • Access: Members can view all their data via app
  • Export: Data export available on request
  • Deletion: Account + data deletion available (except aggregate reporting data)

Liability & Insurance

Professional coverage and risk management protocols

Professional Insurance Coverage

General Liability

  • $2M per occurrence
  • $4M aggregate

Professional Liability

  • $1M per claim
  • $3M aggregate

Cyber Liability

  • $2M coverage
  • Includes breach response

Workers' Compensation

  • Statutory coverage
  • All staff covered

Certificates of Insurance: Available upon request for procurement/contracting purposes. Partners can be named as additional insured where required.

Standard Contract Terms

Mutual indemnification: Each party indemnifies the other for claims arising from their own negligence or breach of contract.

Limitation of liability: Neither party liable for indirect, incidental, or consequential damages. Total liability capped at fees paid in preceding 12 months.

Member waivers: All members sign liability waiver acknowledging voluntary participation and assumption of exercise-related risks.

Medical clearance: Members advised to obtain medical clearance before starting program. Partners can require medical clearance as enrollment condition.

Regulatory Compliance

Federal Compliance:

  • HIPAA (when applicable via BAA)
  • ADA (Americans with Disabilities Act)
  • CAN-SPAM Act (email communications)
  • TCPA (SMS communications with consent)

State/Privacy Laws:

  • CCPA / CPRA (California privacy)
  • GDPR (for EU members, if applicable)
  • State-specific privacy laws (VA, CO, CT, etc.)

Need to review insurance certificates or custom contract terms?

Schedule Legal/Compliance Review