I wouldn't be so sure... you need to be really careful, especially if you're in the US. HIPAA can be tricky to navigate. I doubt your TOS will trump HIPAA in court.
I'd be very, very wary of storing any sort of patient information on my own server (e.g., what medications people take, mapped back to identities of patients).
This is pure speculation, but unless you designed your backend to be HIPAA compliant, I'd imagine you may be very liable.
I say all of this as a former medical imaging software engineer who dealt with many HIPAA compliance issues.
I'd be very, very wary of storing any sort of patient information on my own server (e.g., what medications people take, mapped back to identities of patients).
This is pure speculation, but unless you designed your backend to be HIPAA compliant, I'd imagine you may be very liable.
I say all of this as a former medical imaging software engineer who dealt with many HIPAA compliance issues.