HIPAA Compliance
ClinicalScribe is built with privacy and security at its core. While we are not yet a covered entity or business associate under HIPAA, our platform is designed to follow HIPAA-ready practices so healthcare teams can confidently evaluate and pilot our solution.
๐ Data Security
- All Protected Health Information (PHI) is encrypted in transit using TLS 1.2+.
- Data at rest is encrypted using AES-256 across our databases and storage buckets.
- Role-based access controls ensure users can only access their own data.
- Administrative actions are logged with full audit trails in
admin_actions.
๐งพ Compliance Practices
- Patient data is never shared with third parties without authorization.
- All infrastructure is hosted on HIPAA-ready, US-based cloud providers.
- We follow NIST and OWASP guidelines for secure coding and system hardening.
- Audit logging and monitoring are active across admin and system events.
๐ Business Associate Agreements (BAAs)
We are in the process of finalizing Business Associate Agreements (BAAs) with our infrastructure providers. For early pilots, we operate under a HIPAA-ready model to ensure PHI is handled with industry-standard security measures.
๐ฉ Contact Us
For questions about HIPAA compliance, audits, or security practices, contact us at support@clinicalscribe.com.
โ ๏ธ Disclaimer: ClinicalScribe is currently in Beta. While designed with HIPAA-ready safeguards, full HIPAA compliance depends on signed BAAs with providers and production deployments.