Your Patient Data, Protected
PatientNotes is built from the ground up with healthcare security and compliance in mind. We take the protection of patient data seriously.
Comprehensive Security Measures
Multiple layers of protection to keep your patient data secure
HIPAA Compliant
AI is fully compliant with HIPAA regulations for protected health information (PHI). We implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule.
256-bit AES Encryption
All data at rest is encrypted using 256-bit AES encryption, the same standard used by banks and government agencies. Your patient data is protected with the highest level of encryption available.
TLS 1.3 in Transit
All data transmitted between your device and our servers is encrypted using TLS 1.3, the latest and most secure transport layer protocol. This prevents any interception of data during transmission.
US-Based Data Centers
All patient data is stored in secure, HIPAA-compliant data centers located within the United States. Our infrastructure providers maintain strict physical security and compliance certifications.
Comprehensive Audit Logs
Every access to protected health information is logged with detailed audit trails. This ensures accountability and helps you meet compliance requirements for documentation access tracking.
Data Isolation
Your patient data is completely isolated from other customers. We maintain strict data segregation to ensure your information is never mixed with or accessible to other organizations.
Full HIPAA Compliance
PatientNotes implements all required safeguards under the HIPAA Security Rule to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI).
- Administrative safeguards including workforce training and access management
- Physical safeguards with secure data center facilities
- Technical safeguards including encryption, access controls, and audit logging
We conduct regular risk assessments and maintain policies and procedures to ensure ongoing compliance.
Business Associate Agreement
We sign BAAs with all paid customers at no additional cost
BAA Included with Every Plan
A Business Associate Agreement (BAA) is automatically included with all Professional and Enterprise subscriptions. We will sign your BAA at no additional cost, ensuring you meet HIPAA requirements for using third-party services.
Request BAAYour Data Privacy
We respect your data and give you control over how it's used
No AI Training on Your Data
Your patient data is never used to train AI models. Your documentation and recordings remain private and are only used to provide you with the PatientNotes service.
Data Retention Control
You control how long your data is retained. When you delete a recording or note, it is permanently removed from our systems within 30 days.
Data Portability
Export all your data at any time in standard formats. You always maintain ownership and control of your patient documentation.
Right to Deletion
Request complete deletion of your account and all associated data at any time. We will permanently remove all your information from our systems.
Questions About Security?
Our team is happy to discuss our security practices and answer any compliance questions you may have.