Jason Kulatunga 
Fasten Health is renewing our annual commitment to the CARIN Alliance Code of Conduct, reinforcing our stance that trust isn’t optional, it’s required infrastructure.
The CARIN Code of Conduct outlines key principles for consumer-directed exchange, including:
- Clear, patient-directed consent
- No secondary use without approval
- Understandable privacy policies
- The ability to revoke access and delete data
- Full transparency in the event of data misuse
Why does this matter?
Under HIPAA, data sharing is governed by strict regulatory protections. But when a patient directs their data to a third party, HIPAA often no longer applies. Instead, the only safeguards are a company’s privacy policy and terms of use—many of which are opaque or overly permissive. They’re also living documents, that change over time, with little to no notice for patients.
The CARIN Code fills that gap. It offers a trust framework for companies handling patient-directed data exchange, ensuring patients aren’t unknowingly giving up control of their records.
We designed Fasten Health around these same principles. Every connection made through our platform is patient-initiated, traceable, and governed by explicit consent. And we only work with partners who share that standard.
Consumer-directed exchange should empower patients—not expose them. That’s why we’re proud to stand with the CARIN Alliance and help operationalize their vision for ethical, interoperable health data access.
Explore how Fasten Connect supports consent-driven data exchange. Book a call
TEFCA IAS - What Does it Actually Mean for Patients