Chartnote HIPAA Compliance: Ensuring Privacy and Security for Clinicians and Patients

Chartnote Privacy and Security (HIPAA)

Clinician and Patient Trust

At Chartnote, the trust of clinicians and patients is our top priority, with security at the core of everything we create. We apply HIPAA security standards to all data we collect and process, ensuring that patient data is safeguarded at every stage.


Internal Personnel Security

All Chartnote employees are required to:


  1. Undergo background checks before being hired.
  2. Complete annual security awareness training on HIPAA, privacy, and information classification.


Compliance

  1. Regular risk assessments ensure our policies are current and relevant.
  2. Our CTO is responsible for overseeing Privacy and Security.


Secure Development Lifecycle

  1. All software changes undergo compliance reviews.
  2. We practice infrastructure-as-code, with all infrastructure changes reviewed before deployment.
  3. Engineers complete secure development practices training.


Cloud Hosting and Availability

  1. All hosting services and data are stored and processed within Amazon Web Services (AWS) secure data centers.
  2. We have a HIPAA Business Associate Agreement with AWS.
  3. Chartnote leverages AWS' high-availability infrastructure to ensure data is always accessible.


Confidentiality and Data Encryption

  1. All data is encrypted at rest and in transit using standard encryption schemes.


Vendor Management

  1. All vendors who may process patient information are required to be HIPAA compliant and sign BAAs with Chartnote.
  2. We regularly review vendor security practices to ensure continued high standards.


Artificial Intelligence

  1. All AI models are HIPAA compliant and do not retain data.
  2. Protected health information is never used for AI training purposes.


Patient Information

  1. Patient information is encrypted at rest and in transit.
  2. Notes and recordings are securely saved in a HIPAA-compliant manner. Notes can be manually deleted at any time or set to automatically delete after 1-30 days. Recordings can also be set to automatically delete after 1-30 days.



For more information, please refer to:


  1. Chartnote’s Platform Terms of Use
  2. Chartnote’s Privacy Policy
  3. Chartnote’s Trust Center


Feel free to reach out if you need further details or assistance.


    • Related Articles

    • What is Chartnote Teams

      Chartnote TeamsCreate a Team Today! Chartnote Teams Increase your team’s documentation efficiency with shared snippets and voice recognition. Shared snippets and templates for you and your team. Create groups within your organization and share best ...

    • 🇨🇦 Understanding Consent Laws for Recording Clinical Visits in Canada

      Overview When using Chartnote’s AI Scribe feature to record and transcribe clinical visits in Canada, it is essential to understand the legal framework around recording conversations and handling personal health information. This article outlines key ...

    • How to Share Snippets and Notes - Chartnote Teams

      Chartnote TeamsCreate a Team Today Sharing a Note To share a note in the Team environment, follow these steps: Go to the "My Notes" section Click on the three dots next to the note title you want to share Select "Share" Click on the "+ Share" button ...

    • Mobile Notes

      Scan to download appDownload Chartnote Mobile On the App Store On Google Play Using Chartnote Mobile Notes Mobile notes are designed for healthcare professionals that need to create medical notes on the go. Anytime you are not in front of a computer, ...

    • How to Downgrade Your Chartnote Subscription

      This guide provides a step-by-step process to downgrade your Chartnote subscription. By following these instructions, you can easily switch to a lower plan and save money. Additionally, you will receive a prorated credit that will be applied to your ...