Built by clinicians.
Impossibly secure.
Seriously.
Your data's privacy, security, and compliance are not just commitments but the essence of our service. Our proactive and advanced measures ensure that your information remains protected, transparent, and within your control.
Setting new standards in data handling
Heidi employs a highly secure specialized transcription process, ensuring no recordings and patient information are stored at any point.
Data is processed through customised Large Language Models (LLMs) and stored in privately hosted servers. Our systems are ISO27001, SOC2 and HIPAA compliant, featuring robust encryption protocols both at rest and in transit to protect medical information.
For a higher level understanding of our security posture and maturity please check out our Trust Centre - our centralised hub for Heidi's security and compliance information. Here you can see our commitment to data, privacy and infrastructure and product security.
Processing medical data is just about the most sensitive thing you can do. We understand. That's why we pride ourselves on being responsible stewards for your data.
Go to Trust CentreYou wouldn't leave your door unlocked
Advanced Protection
We employ comprehensive security measures, including sophisticated encryption and secure server infrastructure, to guard against unauthorized access and data breaches.
Responsible Data Handling
Data is handled and stored with stringent protocols, utilizing de-identification and pseudonymization tools for anonymity in business improvement and analysis.
Continual Improvement
We adapt our security measures in response to emerging threats and technological advancements. Staff training is pivotal, ensuring every team member is versed in the latest security protocols and secure coding techniques.
Uncompromising, transparent, responsible.
Data Collection
Only essential personal and health information is collected in strict compliance with international privacy regulations such as HIPAA and GDPR ensuring the utmost confidentiality and security for our users.
Uncompromised Security
Data is stored locally, safeguarded by advanced security measures like de-identification techniques, regular system audits, real-time security monitoring, and penetration tests to prevent unauthorized access or misuse.
Transparency and Trust
We champion transparency and give you full control over your data, with rights to access, correct, delete or raise concerns. Our practices are continually refined to stay in sync with the latest privacy standards.
FAQs
At Heidi, we actively collaborate with insurers and industry bodies to ensure our compliance with the responsible and ethical use of artificial intelligence in healthcare. This collaboration facilitates our standing on how to equip clinicians with the necessary tools and resources to obtain informed consent from patients, and reinforces the need to review all outputs to ensure they meet medical legal standards. With our commitment to best practices, we help you manage the risks associated with using AI in healthcare.
At Heidi, recordings you uploaded or made during your consultation are never stored. We also offer you the flexibility to review patient note outputs for as long as you wish before your deletion. You can either opt to keep them indefinitely or set them to be automatically deleted after a specified period of time. You can manage your preferences for your visit through your account settings page. For more detailed information about how we handle, store, and secure your data, please refer to our Privacy Policy Page.
We understand the importance of data security and privacy and we're committed to safeguarding your information. We have implemented data localization solutions for customers located in Australia, Canada, US, and UK, with strict adherence to jurisdiction specific standards, including HIPAA, GDPR, PIPEDA, PHIPA, and PIPA. This means that if you are located in Australia, Canada, US, or the UK, your data stays where you are.
Only you have access to your consultation information. The clinical notes are live-generated from the recording between you and your patient, and delivered exclusively to you. We adhere to the least privileged access principle, meaning that only the minimum necessary access is granted to perform the required tasks for the purpose of service provision,further safeguarding your information.