PatientNotes meets the regulations set out by HIPAA, GDPR, UK GDPR, UK Data Protection Act (DPA) and the Australian Privacy Act 1998.
PatientNotes meets all HIPAA requirements to ensure the confidentiality and security of Protected Health Information (PHI).
PatientNotes follows the data regulations established by the GDPR, UK GDPR and UK Data Protection Act to ensure the privacy and security of personal data for individuals within the EU and UK.
PatientNotes is fully compliant with the Australian Privacy Act 1998 and the Australian Privacy Principles.
Yes, PatientNotes is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA), ensuring the confidentiality, integrity, and security of protected health information (PHI).
PatientNotes adheres to the General Data Protection Regulation (GDPR), UK GDPR, and the Data Protection Act (DPA), providing robust data protection for individuals within the EU and UK.
Yes. PatientNotes complies with the Australian Privacy Act 1998, upholding the Australian Privacy Principles to safeguard personal information.
Yes. We provide a Business Associate Agreement (BAA) to our US-based customers on-request to ensure mutual compliance with HIPAA regulations. A BAA can be requested by emailing compliance@patientnotes.app
PatientNotes runs on servers located in Sydney, Australia. We have plans to have dedicated servers in each country with data stored locally for each user where possible eg. If a user sets their country to United States, their data will reside in the United States.
PatientNotes enters into a Data Processing Agreement (DPA) with UK-based and EU-based customers on-request to outline the responsibilities and scope of data processing in compliance with GDPR and other data protection laws. A DPA can be requested by emailing compliance@patientnotes.app
We implement technical and organizational security measures in a layered approach to prevent unauthorized misuse, interference, loss and unauthorised access, modification and disclosure. More details can be found in our security page.
All patient data are securely stored and then deleted after 30 days and cannot be accessed or recovered after this time. Practitioners can choose to delete patient data immediately after the consultation or anytime before 30 days.
We do not. Patient data is only used to generate notes and letters for you. No patient data is used for AI model training. Related to this, we believe that de-identification processes often do not consistently remove sensitive information when run at scale. We believe it is inappropriate to rely on de-identification as a security measure. Our layered and least-privileged approach to security combined with stringent data deletion processes ensures that we can deliver you a superior experience while meeting the highest standards of security.