Headspace · Headspace Terms and Conditions

Healthcare Provider Entity Separation

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Headspace the company says it is only a tech platform — the actual therapy, psychiatry, and coaching services are legally provided by separate affiliated medical entities. This distinction affects what legal protections apply to your health data.

Consumer impact (what this means for users)

Because Headspace positions itself as a technology platform rather than a healthcare provider, your mental health data collected through the app may have weaker federal privacy protections than data held by a traditional therapist or psychiatrist's office, even though the content of that data is equally sensitive.

Cross-platform context

See how other platforms handle Healthcare Provider Entity Separation and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This structural separation may mean Headspace Inc. does not consider itself a HIPAA-covered entity, potentially limiting your federal health privacy protections for mental health information processed through the platform.

View original clause language
Headspace is not a provider of healthcare or mental health services; rather, Headspace offers a technology platform through which the Providers provide telehealth services. For purposes of clarity, the Services are provided by coaches and licensed clinicians employed by or contracted with our affiliated entities, including but not limited to Headspace Medical Group (CA) P.C. (the "Providers").

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: HIPAA 45 CFR Parts 160 and 164 apply to covered entities and their business associates — the key question is whether Headspace Inc. qualifies as a Business Associate of Headspace Medical Group (CA) P.C. under 45 CFR §160.103. FTC Act Section 5 and the FTC Health Breach Notification Rule (16 CFR Part 318) apply to non-HIPAA health data platforms. California Confidentiality of Medical Information Act (CMIA) Cal. Civ. Code §56 et seq. may apply to mental health data collected by technology platforms. HHS OCR enforces HIPAA; FTC enforces the Health Breach Notification Rule. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • Hhs Ocr
    HHS OCR enforces HIPAA and has jurisdiction over covered entities and business associates handling protected health information, including telehealth platforms and their affiliated medical groups.
    File a complaint →
  • FTC
    FTC enforces the Health Breach Notification Rule against non-HIPAA health apps and has taken action against mental health platforms (e.g., BetterHelp) for improper health data sharing.
    File a complaint →

Provision details

Document information
Document
Headspace Terms and Conditions
Entity
Headspace
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003549
Document ID
CA-D-00215
Evidence Provenance
Source URL
https://www.headspace.com/terms-and-conditions
Wayback Machine
View archived versions →
SHA-256
d2b351fd9bb4e416fd700f54a0a519d35c0bcfcbb42a6eb72623b011df6be4a2
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Headspace | Document: Headspace Terms and Conditions | Record: CA-P-003549
Captured: 2026-04-27 14:27:30 UTC | SHA-256: d2b351fd9bb4e416…
URL: https://conductatlas.com/platform/headspace/headspace-terms-and-conditions/healthcare-provider-entity-separation/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document