PatientNotes

Privacy Policy

Last updated: December 4, 2025

Introduction

PatientNotes ("we," "our," or "us") is committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered medical documentation service.

We are fully committed to HIPAA compliance and maintaining the highest standards of data protection for all protected health information (PHI) processed through our platform.

Information We Collect

Account Information

  • Name and professional credentials
  • Email address
  • Practice or organization name
  • Billing information
  • Professional license information (for verification)

Protected Health Information (PHI)

  • Audio recordings of patient encounters (temporarily processed)
  • Transcriptions of patient encounters
  • Generated medical notes and documentation
  • Patient demographic information included in encounters

Usage Information

  • Device and browser information
  • IP address and general location
  • Feature usage and interaction data
  • Error logs and performance data

How We Use Your Information

  • To provide and maintain our medical documentation service
  • To process audio recordings and generate clinical notes
  • To improve our AI models and service accuracy (using de-identified data only)
  • To communicate with you about your account and service updates
  • To process payments and manage subscriptions
  • To comply with legal obligations and healthcare regulations
  • To detect and prevent fraud or unauthorized access

HIPAA Compliance

PatientNotes operates as a Business Associate under HIPAA. We maintain comprehensive safeguards to protect PHI:

  • Administrative Safeguards: Workforce training, access controls, security policies, and incident response procedures
  • Physical Safeguards: Secure data center facilities with restricted access
  • Technical Safeguards: Encryption at rest and in transit, audit logging, automatic session timeouts, and multi-factor authentication

We execute Business Associate Agreements (BAAs) with all covered entities using our service.

Data Retention

  • Audio Recordings: Deleted immediately after transcription processing (within 24 hours)
  • Transcriptions and Notes: Retained for the duration of your subscription plus 30 days, unless you request earlier deletion
  • Account Information: Retained while your account is active and for up to 7 years after termination for legal compliance
  • De-identified Data: May be retained indefinitely for service improvement

Data Security

We implement industry-leading security measures:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular third-party security audits and penetration testing
  • Intrusion detection and monitoring systems
  • Redundant backups in geographically separate locations
  • Strict access controls and role-based permissions

Information Sharing

We do not sell your personal information or PHI. We may share information with:

  • Service Providers: Cloud hosting, payment processors, and other vendors who assist in operating our service (all bound by BAAs where applicable)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with advance notice)
  • With Your Consent: When you explicitly authorize sharing

Your Rights

You have the right to:

  • Access your personal information and PHI
  • Request correction of inaccurate information
  • Request deletion of your data (subject to legal retention requirements)
  • Export your data in a portable format
  • Opt out of non-essential communications
  • Receive notification of data breaches affecting your information

Children's Privacy

PatientNotes is designed for use by healthcare professionals and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the service at least 30 days before the changes take effect. Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

Contact Us

For questions about this Privacy Policy or our data practices, please contact:

PatientNotes Privacy Team
Email: privacy@patientnotes.ai
Address: [Company Address]

For HIPAA-related inquiries or to report a potential security incident, contact our Privacy Officer at hipaa@patientnotes.ai.