HIPAA Compliance

Scribeable is fully HIPAA compliant. We implement all required administrative, physical, and technical safeguards to protect Protected Health Information (PHI).

Our HIPAA Security Officer oversees all compliance activities and can be reached at [email protected].

• Encryption: AES-256 at rest, TLS 1.3 in transit
• Access Controls: Role-based with MFA required
• Audit Logging: All PHI access is logged
• Automatic Logout: Sessions timeout after inactivity
• Data Backup: Encrypted backups with geo-redundancy

We provide a signed BAA to all customers on paid plans:

• Standard BAA included with Professional and Team plans
• Custom BAA terms available for Enterprise
• BAA covers all Scribeable services and subprocessors

We maintain signed BAAs with all our AI and data processing subprocessors including Anthropic (Claude) and Deepgram. View our complete subprocessor list for details.

Download our standard BAA from the Legal Hub or request a custom agreement.

We help you comply with patient rights under HIPAA:

• Access: Export patient data on request
• Amendment: Edit notes as needed
• Accounting: Access audit logs
• Restriction: Limit data sharing