Ensuring Your Privacy and Security
At PatientNotes, safeguarding your privacy and the confidentiality of your clients' Private Health Information (PHI) is our top priority. Our system is built with a strong focus on security and privacy to provide peace of mind to practitioners and their patients.
To learn more about our terms of use, visit: PatientNotes Terms of Use
Our Commitment to Protecting Patient Information
HIPAA Compliance
We fully comply with all HIPAA regulations to ensure the confidentiality and security of Protected Health Information (PHI).
GDPR Compliance
We adhere to GDPR, UK GDPR, and the UK Data Protection Act, ensuring the privacy and security of personal data for individuals within the EU and UK.
Australian Privacy Act 1998
PatientNotes is compliant with the Australian Privacy Act 1998 and the Australian Privacy Principles, ensuring your data is handled with the highest standards.
To learn more about our privacy practices, visit: Privacy and Compliance
Frequently Asked Questions About Privacy at PatientNotes
Is PatientNotes HIPAA compliant?
Yes, PatientNotes complies with the Health Insurance Portability and Accountability Act (HIPAA), ensuring the confidentiality, integrity, and security of PHI.
Is PatientNotes GDPR, UK GDPR, and DPA compliant?
Yes, we follow the GDPR, UK GDPR, and the Data Protection Act (DPA) to ensure robust data protection for individuals in the EU and UK.
Is PatientNotes compliant with the Australian Privacy Act 1998?
Yes, PatientNotes meets all requirements of the Australian Privacy Act 1998, adhering to the Australian Privacy Principles to protect personal information.
Do you provide a Business Associate Agreement (BAA)?
Yes, we provide a BAA to our US-based customers upon request to ensure mutual compliance with HIPAA regulations. To request a BAA, email us at compliance@patientnotes.app.
Do you have a Data Processing Agreement (DPA)?
PatientNotes offers a DPA to our UK and EU-based customers upon request, outlining the responsibilities and scope of data processing in compliance with GDPR and other data protection laws. To request a DPA, email compliance@patientnotes.app.
What security measures does PatientNotes use?
We implement layered technical and organizational security measures to prevent unauthorized access, misuse, loss, or modification of data. Details can be found on our Security Page.
How long is patient data stored?
Patient data is securely stored for 30 days and is automatically deleted thereafter. Practitioners can also choose to delete patient data immediately after consultation.
Does PatientNotes use de-identified patient data for other purposes?
No, PatientNotes does not use patient data for AI model training or any other purpose beyond generating notes and letters for practitioners. We believe in stringent data deletion processes and do not rely on de-identification as a security measure.
Protecting Patient Health Data with Confidence
At PatientNotes, we prioritize security, recognizing the importance of protecting sensitive medical information. We employ advanced security measures to safeguard your clinical consults and notes.
Caring About Confidentiality
Our encryption protocols ensure that your data remains confidential and is accessible only to authorized parties. All communication between our systems is encrypted using HTTPS/TLS (TLS 1.2 or higher), and data at rest is secured with AES-256 encryption.
Consent is the Foundation
Every practitioner session begins with obtaining patient consent, ensuring that all participants are fully informed and comfortable with the recording and handling of their consultation data.
Global Compliance and Trusted Partners
Engagements with third-party vendors, such as Google and Microsoft, are governed by master service agreements to ensure adherence to HIPAA, Australian Privacy Standards, and other privacy obligations. We work exclusively with partners who meet stringent security, privacy, and governance requirements.
Encryption in Transit and at Rest
- HTTPS/TLS (TLS 1.2 or higher): Protects all data transmissions between client devices and services, maintaining data integrity and confidentiality.
- AES-256 Encryption: Automatically encrypts data before being written to disk, safeguarding it at rest.
Advanced Encryption and Key Management
We use Google Cloud's Key Management Service (KMS) for managing encryption keys, ensuring they are handled securely and regularly rotated according to industry best practices.
No Data Storage or AI Model Training
We maintain strict boundaries: our partners do not store or misuse your data. Patient data is never used to train AI models, ensuring complete privacy and security.
Data Retention and Deletion
Our system automatically deletes all patient information after 30 days. Practitioners can manually delete data sooner if needed.
Secure Access Control
Access to patient health information (PHI) is tightly controlled and monitored with robust access control measures, multi-factor authentication, and cloud-based anomaly detection systems.
Responsible Disclosure and Continuous Monitoring
We actively encourage responsible disclosure of vulnerabilities. Continuous monitoring, audit trails, and automated alerting systems are in place to detect and prevent unauthorized activities.
Contact Us
We prioritize safety and security with the same care you have for your patients. If you have any questions or concerns, or would like to learn more, please contact us at security@patientnotes.app.
For further details, visit our Security Page.
Comments
0 comments
Please sign in to leave a comment.