A blue and white logo for Patientnotes.
  • Healthcare Professions
  • Features
  • Scribe
  • Security
  • Privacy
  • Pricing
  • FAQs

Login
Start for Free
News
Jul 3, 2025

How PatientNotes secured HIPAA compliance in under 30 days

How PatientNotes secured HIPAA compliance in under 30 days

Key Summary

  • PatientNotes achieved HIPAA compliance in under 30 days, ensuring the highest standards for patient data storage and security, marking a significant milestone in the platform's commitment to privacy.
  • A dedicated focus on HIPAA controls and policies, led by the Head of Compliance, ensured the company met all necessary security and policy requirements, even making adjustments for a remote-first team.
  • HIPAA compliance demonstrates PatientNotes' commitment to security, reinforcing trust with US healthcare providers and paving the way for further compliance with international standards like GDPR.
  • PatientNotes now offers Business Associate Agreements (BAAs) to US healthcare partners, ensuring continued compliance and fostering stronger partnerships with healthcare providers.

We are very excited to announce PatientNotes is now HIPAA compliant ✅ In October, we set ourselves the stretch goal to secure HIPAA compliance within just 30 days. So we launched "Compliance Tuesdays", dedicated days where we zeroed in on the comprehensive requirements of HIPAA - 127 controls and 26 policies.

We're thrilled to share PatientNotes now achieves the highest standards for care of patient data storage. This marks a pivotal moment in our mission to empower healthcare providers with advanced AI-driven clinical note-taking tools, ensuring the highest standards of patient privacy and data security globally.

Our Journey to HIPAA Compliance:

We were confident with compliance as our founding team brings extensive experience in creating compliant platforms at scale. I worked at Zendesk for over 10 years and had experience working with some of the best compliance folks in the industry to implement SOC2 Type II, HIPAA, ISO 27001:2013, FebRAMP LI-SaaS Combined with Lachlan’s experience at Block (Cash App) and Buildkite we understood many of the controls that would need to be put in place.

Security and Compliance has been a core value of the company from day 1. With each system that we’ve built, purchased, or integrated with we have been thoughtful in the implementation to ensure that we are protecting the sensitive data we temporarily hold.  But there is a big difference between doing what you think is best practice and actually ensuring that you meet and maintain the industry requirements.

On first review of the controls for HIPAA, we met nearly all of the infrastructure and application security controls. But we missed many of the company policies and contracts that are required to ensure that our staff comply and understand how to handle working in a compliant fashion.

Tara, our Head of Compliance, led us through the policy drafting process. Many of the templates that we could find online and did purchase to assist in this process are incredibly outdated. The biggest theme is they are written for companies who all work in a single office building. Yet the PatientNotes team is a remote team. We spent the time to thoughtfully adjust each of the policies to be remote-first. The other adjustments we had to make were mostly due to out-dated policies. For example, our password policy follows the NIST guidelines.

The rigorous focus of dedicating  a whole day each week, combined decades of experience working in strong compliance environments allowed us to become HIPAA compliant in late December 2023. After monitoring our controls for a couple of months, we now feel confident that we’ll be able to consistently maintain HIPAA compliance going forward.Why is HIPAA Compliance Important to Us?

Achieving HIPAA compliance is more than a regulatory milestone; it's a reflection of our commitment to providing a trusted platform for US healthcare providers and a testament to the robustness of our security measures. HIPAA's global recognition underscores our dedication to adhering to the highest compliance standards, with GDPR on our roadmap next.

This achievement does not only signify our compliance with one of the most stringent privacy standards but also enhances our resolve to continuously improve and innovate. It's a testament to our commitment to security, privacy, and the trust placed in us by healthcare providers across the US and around the world.

We are now offering Business Associate Agreements (BAAs) to our US healthcare partners. We invite our US customers interested in learning more about our BAAs to reach out to compliance @ patientnotes.app.

Together, we're setting new standards for privacy and security in healthcare technology. Thank you for being a part of our journey.For a deeper dive into our security practices and how we protect your data, visit: https://www.patientnotes.app/security

Darren Ross

Darren Ross

CEO

Darren is a storied leader in healthcare technology who understands the needs of healthcare practioners.





A blue circle with a green background and a blue arrow pointing to the inside.

Subscribe for
PatientNotes news.

A.I. for healthcare tips, professional profiles, and industry knowledge tailored to elevate your practice.


Thanks for joining our newsletter.
Oops! Something went wrong.

Related posts

Browse all posts
Using PatientNotes in Compliance with Australian Legal Guidelines (AHPRA)
News

Using PatientNotes in Compliance with Australian Legal Guidelines (AHPRA)

Learn how to use PatientNotes AI while adhering to AHPRA guidelines.

Read more

Using PatientNotes in Compliance with Canadian Legal Guidelines
News

Using PatientNotes in Compliance with Canadian Legal Guidelines

Discover how PatientNotes' AI complies with Canadian regulations.

Read more


Ready to get started? Create an account today

Get started with a free trialBook a demo with our team
For Allied Health, Specialists, General Medical Professionals and beyond
  • Acupuncturist
  • Arts Therapist
  • Biokineticist
  • Cardiac Surgeon
  • Chiropractor
  • Dental Technician
  • Dentist
  • Dermatologist
  • Dietitian
  • Doctor
  • Exercise Physiologist
  • Eye Surgeon
  • General Practitioner
  • Hand Therapist
  • Massage Therapist
  • Medical Professional
  • Mental Health Counselor
  • Nurse
  • Nurse Practitioner
  • Occupational Therapist
  • Osteopath
  • Pediatrician
  • Physiotherapist
  • Podiatrist
  • Psychiatric Nurse Practitioner
  • Psychiatrist
  • Psychologist
  • Social Worker
  • Speech Pathologist
  • Veterinarian
Support
  • Help Center
  • PatientNotes Features
  • For Business Owners
  • For Practice Managers
  • Students - special offer
  • Webinars & Events
  • Privacy & Compliance
  • FAQs
  • Security
  • HIPAA
  • GDPR
  • Pricing
  • Request a Demo
Apps
  • iPhone
  • iPad
  • Mac
Company
  • About Us
  • News
  • Careers
  • Press
  • Privacy
  • Terms
A blue circle with a hand holding a pen.
Send an email:
Got questions? Email hello@patientnotes.app and we'll get back to you.
A blue circle with a green background and a blue arrow pointing to the inside.
Subscribe to our newsletter

A.I. for healthcare tips, professional profiles, and industry knowledge tailored to elevate your practice.  Subscribe for PatientNotes news.


Thanks for joining our newsletter.
Oops! Something went wrong.

PatientNotes Pty Ltd

A blue and white logo for Patientnotes.