A blue and white logo for Patientnotes.
  • Healthcare Professions
  • Features
  • Scribe
  • Security
  • Privacy
  • Pricing
  • FAQs

Login
Start for Free

Back to Help Center
Date - Webtech X Webflow Template
Aug 4, 2025

HIPAA

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a US-based federal law enacted in 1996, designed to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. While HIPAA is a U.S. regulation, its standards for protecting health information have been widely recognized and adopted as a global benchmark for managing Private Health Information (PHI).

HIPAA's main objectives are to safeguard the privacy and security of health information and apply to healthcare providers, health plans, healthcare clearinghouses, and business associates handling health information.

Ensuring Global Compliance and Building Trust

Ensuring compliance with HIPAA standards is vital for clinics worldwide, not just those based in the U.S. Adopting these standards helps build trust with your patients by demonstrating a serious commitment to protecting their PHI. Here are key steps to ensure your clinic is globally compliant:

  • Understand HIPAA Rules: Familiarize yourself with the Privacy, Security, and Breach Notification Rules under HIPAA.
  • Employee Training: Train all staff members on HIPAA regulations and the importance of PHI protection.
  • Secure Patient Records: Use secure electronic health record (EHR) systems with robust encryption and access controls.
  • Develop Privacy Policies: Enforce strict privacy policies for handling patient information.
  • Conduct Risk Assessments: Regularly assess risks to identify vulnerabilities in your information handling processes.
  • Implement Physical Security: Protect health information with secure storage and controlled facility access.
  • Manage Vendors Responsibly: Even if not legally required in your country, prioritize working with vendors who understand the importance of PHI protection and are willing to sign a Business Associate Agreement (BAA).
  • Develop an Incident Response Plan: Prepare for potential data breaches or unauthorized PHI disclosures.
  • Uphold Patient Rights: Respect patients' rights to access and request amendments to their health information.
  • Maintain Documentation: Keep detailed records of compliance efforts, training, audits, and policy updates.

Regular Audits and Compliance Checks

Regular auditing is crucial for maintaining HIPAA compliance and global PHI protection standards. Perform both internal and external audits to ensure adherence and use the findings to improve your practices.



What is a Business Associate Agreement (BAA)?

Understanding BAAs

A Business Associate Agreement (BAA) is a crucial legal document under HIPAA regulations. It specifically governs the handling of Protected Health Information (PHI) between parties, ensuring both adhere to HIPAA’s stringent privacy and security standards.

Role in HIPAA Compliance

The BAA is central to HIPAA compliance. It clarifies responsibilities and safeguards PHI, aligning all parties with the HIPAA Security Rule's requirements. This agreement is vital in maintaining the confidentiality and integrity of patient data.

Our Commitment

Our adherence to BAAs underlines our dedication to upholding the highest standards of PHI security and patient privacy, in full compliance with HIPAA.

Contact Us for a BAA

If you require a BAA for HIPAA compliance contact us at hello@patientnotes.app



New to PatientNotes?

Learn more about how it works or start your free trial.
‍

FAQs

Frequently asked questions

How does PatientNotes work?

Individual signs up, patient consents, session is recorded, transcribed, AI Model used to generate a draft of your clinical notes, then context gained to create a Patient Summary and any needed letters to medical professionals.

I've been told I can't use ChatGPT with patient information, is it ok to use this?

ChatGPT isn't safe to use with patient information. Data entered into ChatGPT is retained for wider language learning models and often patient information is being entered into ChatGPT without consent. PatientNotes is different. Explicit consent from the patient is required for each session. Transcripts are heavily protected with layers of encryption and strict policies, stored in Sydney in Google's HIPAA compliant data center, and automatically deleted after 30 days.

Is a special microphone required?

Most practitioners start using their default laptop microphone, however for the best results we recommend having a dedicated USB microphone on your desk. Omnidirectional USB microphones work great. Read all about our microphone recommendations on our microphone support page.

Can I use PatientNotes on my mobile phone?

Yes. Navigate to patientnotes.app on your web browser, login, and away you go. Recording works great on mobile devices and on most devices will continue even when the screen locks.

Where are PatientNotes servers located?

PatientNotes runs on servers located in Sydney, Australia. We have plans to have dedicated servers in each country with data stored locally for each user where possible eg. If a user sets their country to United States, their data will reside in the United States.

Does PatientNotes use encryption?

Absolutely. Security and Privacy is critical to protecting personal information. We encrypt all information in transit and at rest. Read more on our Security page.

Is the use of AI in healthcare safe and reliable?

We think of AI as an assistant to the medical practitioner rather than replacing the practitioner in any way. The role of our AI systems are to help produce a draft for the practitioner. Beyond that, it’s up to the practitioner to make the required changes to ensure that the notes are accurate before adding them to a patient record. More broadly, we believe AI has an incredible ability to analyse large amount of data and assist humans, but anything it produces must be validated by a qualified medical professional.

Can AI replace human doctors or healthcare providers?

No. Machines can’t replace doctors or healthcare professionals.

Does the system generate a diagnosis?

The system is fine tuned to not provide a diagnosis and focus just on the facts that were inputted by the healthcare provider during the consultation.

Does PatientNotes comply with all Australia privacy and data retention acts and legislation?

Yes. In Australia we comply with the Privacy Act 1988, Health Records Act 2001 (Victoria) and other national legislation with regards to the storage of personal information. Privacy and Security is critical to our business and we take both incredibly seriously. An important design consideration that we have built into the system is to remove data that isn’t needed anymore, which is why all patient information is automatically deleted after 30 days.

Is PatientNotes HIPAA Compliant?

PatientNotes is fully HIPAA compliant. A Business Associate Agreement (BAA) is available to all US customers. To request a BAA, please contact compliance@patientnotes.app

Do I really need to proofread the drafts PatientNotes produces?

Proofreading clinical notes and letters is of utmost importance to ensure their accuracy and reliability as a representation of the supplied information. Mistakes or inaccuracies in medical documentation can have serious consequences, leading to misdiagnosis, incorrect treatment plans, and compromised patient care. Thorough proofreading allows healthcare professionals to review and correct any errors, inconsistencies, or missing information, ensuring that the final notes and letters are a true reflection of the patient's condition and the provided information. This attention to detail enhances communication, promotes patient safety, and facilitates effective collaboration among healthcare teams.

Ready to get started? Create an account today

Get started with a free trialBook a demo with our team
For Allied Health, Specialists, General Medical Professionals and beyond
  • Acupuncturist
  • Arts Therapist
  • Biokineticist
  • Cardiac Surgeon
  • Chiropractor
  • Dental Technician
  • Dentist
  • Dermatologist
  • Dietitian
  • Doctor
  • Exercise Physiologist
  • Eye Surgeon
  • General Practitioner
  • Hand Therapist
  • Massage Therapist
  • Medical Professional
  • Mental Health Counselor
  • Nurse
  • Nurse Practitioner
  • Occupational Therapist
  • Osteopath
  • Pediatrician
  • Physiotherapist
  • Podiatrist
  • Psychiatric Nurse Practitioner
  • Psychiatrist
  • Psychologist
  • Social Worker
  • Speech Pathologist
  • Veterinarian
Support
  • Help Center
  • PatientNotes Features
  • For Business Owners
  • For Practice Managers
  • Students - special offer
  • Webinars & Events
  • Privacy & Compliance
  • FAQs
  • Security
  • HIPAA
  • GDPR
  • Pricing
  • Request a Demo
Apps
  • iPhone
  • iPad
  • Mac
Company
  • About Us
  • News
  • Careers
  • Press
  • Privacy
  • Terms
A blue circle with a hand holding a pen.
Send an email:
Got questions? Email hello@patientnotes.app and we'll get back to you.
A blue circle with a green background and a blue arrow pointing to the inside.
Subscribe to our newsletter

A.I. for healthcare tips, professional profiles, and industry knowledge tailored to elevate your practice.  Subscribe for PatientNotes news.


Thanks for joining our newsletter.
Oops! Something went wrong.

PatientNotes Pty Ltd

A blue and white logo for Patientnotes.