Committed to Canadian Clinicians: Free Heidi Pro

We aim to support tens of thousands of primary care clinicians across Canada. There is no public hard cap.

‍

Clinics can continue with a paid Heidi tier or downgrade to the free version. We'll proactively engage in commercial discussions during your pilot so you have full clarity on your options and next steps.

‍

If you’ve already purchased an individual Heidi Pro subscription, you’re still eligible for the free program. Ask you clinic to sign up to the program and invite your to the team. Then, please contact our support team — we’ll provide a complimentary extension on your account.

‍

Read more about the different pricing tiers, features, and costs here. You can contact our sales team here to ask questions or schedule a demo.

‍

See our pricing page for a detailed breakdown of our pricing tiers above Pro.  You can contact our sales team here to ask questions or schedule a demo.

If you are a Canadian primary care provider (including family physicians, nurse practitioners, remote RNs and community pediatricians), you are eligible for the free Pro access.

Note: Only one submission per clinic is required. This person becomes the admin owner and can add others in the clinic once approved.

‍

Yes. The supplier website explicitly states that the VOR list is optional and that you may continue using solutions which are not on the list. Canada Health Infoway has provided limited funding for their list and Supply Ontario has none for the time being, so in order to help with AI scribe accessibility across Canada for primary care providers we have put together this initiative.

While clinicians will be encouraged to use the VOR list for streamlined procurement, you can still purchase and continue using Heidi Health. They simply recommend that you ensure any outside vendor meets the required compliance and security requirements which Heidi does, as outlined above.

‍

Heidi wasn't included on the vendor lists because both lists prioritized vendors headquartered in Canada. Heidi is an Australian-founded company and therefore does not meet these particular criteria. It is NOT because we don't meet compliance or clinical standards.What’s most disappointing about these decisions is not the exclusion itself, but that it calls into question the integrity of our security and compliance program – a program we’ve spent years building to meet the highest global benchmarks. Heidi is, and always has been, a compliance-first company.

• We already support 1.5M+ Canadian consults per month
• We remain 100% compliant, legal, and secure

We’re confident that few, if any, vendors on the list can match our track record on security, privacy, or performance. And we’ll continue to lead and proactively work with Supply Ontario, Canada Health Infoway, and other governing bodies to support inclusion as these programs evolve.

Yes. Heidi has built-in safeguards that notify users if any part of the conversation is not fully processed or transcribed, ensuring clinicians are aware of missing or incomplete data before relying on the output.

Absolutely. Heidi’s infrastructure is built with resilience and data integrity in mind. All clinical data is automatically and continuously backed up to secure, encrypted storage within Canadian data centres. Our Disaster Recovery and Business Continuity Plan, covers everything from hardware failures to broader service disruptions as well as:

• Encrypted, automatic data backups
• Systems to ensure minimal service disruption in the event of a failure or outage

‍

Yes, we do. Heidi is certified to several well-known and respected standards, including:

• ISO 27001 - for how we manage information security
• SOC 2 Type II - which confirms we meet high standards for security, availability and confidentiality
• ISO 9001 - focused on quality management and continuous improvement

These certifications aren’t just for show, they reflect how we actually run the platform from product development to data handling and incident response.

We’ve also been approved for use by major hospitals and health networks across the country, including in Ontario, British Columbia, Quebec and the Yukon.

‍

Yes. We run regular security and privacy assessments to make sure everything’s working the way it should and that we’re keeping your data safe.

That includes annual penetration tests conducted by independent security firms, as well as ongoing internal reviews of our infrastructure and processes. We also complete Privacy Impact Assessments and Threat Risk Assessments, especially when anything significant changes in the system.

Our compliance and security team uses real-time monitoring tools and runs regular audits to catch issues early and reduce risk. It’s all part of how we stay proactive and make sure Heidi remains safe to use in clinical settings.

‍

Heidi is built with security at its core. We use a range of modern tools and practices to keep your data safe, including:

• Intrusion Detection and Prevention (IDS/IPS)
• Security Information and Event Management (SIEM)
• Endpoint Detection and Response (EDR)
• Data Loss Prevention (DLP)
• Secure network configuration
• Audit logs that are stored for forensic and accountability purposes

We also follow a "security by design" approach, meaning security isn’t something we bolt on later. It’s built into the way we design, develop and run Heidi every day.

‍

Yes. Data retention periods are determined by clinicians, with options for automatic deletion if preferred over manual deletion. When data is deleted, it is securely destroyed using secure erasure methods and is unrecoverable from our servers.

‍

If you ever decide to stop using Heidi or if we were to discontinue the product, you won’t be left stranded.

Clinicians can export their data at any time, and we’ll work with you to make sure there’s a smooth transition to another tool if needed. Your data stays accessible and under your control throughout. We also have a full Business Continuity and Disaster Recovery Plan in place to cover any unexpected disruptions, whether it's a service outage or a broader issue.

There’s no lock-in, and no impact on your clinical workflow if you move on from Heidi.

‍

Yes. Heidi Health ensures that all data is stored and processed within Canada for our Canadian users.

‍

No. Heidi Health does not use any patient data, including de-identified data, for model training, secondary use, or improving its AI.

‍

Yes. Heidi Health complies with all relevant legislation, including:

• All provincial specific requirements, such as PHIPA, PIPA, Quebec Law 25, etc.
• PIPEDA (Personal Information Protection and Electronic Documents Act)
• FIPPA (Freedom of Information and Protection of Privacy Act)

Heidi ensures secure handling of personal health information (PHI) and sensitive data, consistent with these regulations. In addition, Heidi aligns with Canada Health Infoway's AI Use Guidelines and the Model Artificial Intelligence Governance Framework promoted in Ontario and other provinces.

All access to PHI is tightly governed, logged, and controlled under industry best practices. Further information can be found in our Trust Center.

‍