Chartnote HIPAA Compliance: Ensuring Privacy and Security for Clinicians and Patients

Chartnote Privacy and Security (HIPAA, PIPEDA, GDPR, SOC 2)

At Chartnote, the trust of clinicians and patients is our top priority. Security is at the core of everything we create. We adhere to HIPAA, PIPEDA, GDPR, and SOC 2 standards to ensure that all data we collect and process is safeguarded at every stage.

Internal Personnel Security


All Chartnote employees are required to:

  • Undergo background checks before being hired.

  • Complete annual security awareness training covering HIPAA, PIPEDA, GDPR, privacy, and information classification.

Certifications & Standards

  • HIPAA, PIPEDA, and GDPR compliance: We follow globally recognized regulations to protect sensitive health and personal data.

  • SOC 2 certification: Demonstrates our commitment to strong internal controls for security, availability, and confidentiality.

Compliance

  • Regular risk assessments ensure our policies remain current and relevant.

  • Our CTO is responsible for overseeing Privacy and Security.

Secure Development Lifecycle

  • All software changes undergo compliance reviews.

  • We use infrastructure-as-code, with all infrastructure changes reviewed before deployment.

  • Engineers complete secure development training to follow best practices.

Cloud Hosting and Availability

  • All hosting services and data are stored and processed within Amazon Web Services (AWS) secure data centers.

  • We maintain a HIPAA Business Associate Agreement (BAA) and a Data Processing Agreement (DPA) with AWS.

  • Chartnote leverages AWS’ high-availability infrastructure to ensure data is always accessible.

Confidentiality and Data Encryption

  • All data is encrypted at rest and in transit using standard encryption protocols.

Vendor Management

  • All vendors who may process patient information must be HIPAA, PIPEDA, and GDPR compliant.

  • Vendors are required to sign BAAs, DPAs, or equivalent agreements with Chartnote.

  • We regularly review vendor security practices to ensure ongoing compliance.

Artificial Intelligence

  • All AI models we use are HIPAA, PIPEDA, and GDPR compliant and do not retain data.

  • Protected health information (PHI) is never used for AI training purposes.

Patient Information

  • Patient information is encrypted at rest and in transit.

  • Notes and recordings are securely saved in a HIPAA, PIPEDA, GDPR, and SOC 2-compliant manner.

  • Users can:

    • Manually delete notes and recordings at any time.

    • Set notes and recordings to automatically delete after 1–30 days.

Additional Resources


For more details, please refer to:

Need Help?


If you have further questions about Chartnote’s security or compliance practices, please reach out to our support team—we’re here to help.


    • Related Articles

    • 🛡️ GDPR Compliance at Chartnote

      Overview At Chartnote, protecting user privacy and securing personal data is a top priority. As part of our ongoing commitment to global data protection standards, we adhere to the General Data Protection Regulation (GDPR) — a comprehensive privacy ...

    • Using Device Unlock (Face Recognition, Fingerprint, PIN) with Chartnote Mobile App

      Applies to: Chartnote Mobile App (Android and iOS) Overview To protect patient data and maintain security, Chartnote Mobile App uses your device’s existing secure unlock methods—such as face recognition, fingerprint, PIN, or pattern lock. This ...

    • 🇨🇦 Understanding Consent Laws for Recording Clinical Visits in Canada

      Overview When using Chartnote’s AI Scribe feature to record and transcribe clinical visits in Canada, it is essential to understand the legal framework around recording conversations and handling personal health information. This article outlines key ...

    • Control access to camera and microphone on iPhone

      This guide provides step-by-step instructions on how to control access to the camera and microphone on an iPhone. By following these steps, users can easily manage which apps have access to these features, enhancing privacy and security. Step-by-step ...

    • Fixing Frequent Logouts on Your Chartnote Account

      How to Enable Face ID on Chartnote Mobile 1. Understanding the Logout Issue 0:01 If your Chartnote account is logging out frequently, it may be due to Face ID not being enabled. Without Face ID, the app logs out every six hours. With multi-factor ...