In the USA, companies that deal with sensitive patient health information must comply with the Health Insurance Portability and Accountability Act (HIPAA).
Guild is not designed for the transfer or storage of protected health information (PHI) of US citizens so is not HIPAA-compliant and should not be used for this purpose.