Compliance

HIPAA & BAA

NarraScribe is built on HIPAA-compliant infrastructure from the ground up. Here's exactly how we protect your data.

Our compliance commitments

Business Associate Agreement
BAA signed with Anthropic for Claude API access. PHI is contractually protected at every layer of the stack.
AES-256 encryption
All data encrypted at rest and in transit. No exceptions.
Audit logging
Every access, edit, and submission timestamped and logged per HIPAA Security Rule requirements.
Audio auto-deletion
Voice recordings are permanently deleted immediately after transcription — never retained.
AI training opt-out
Your PHI is never used to train, fine-tune, or improve any AI model. Guaranteed contractually.
COMAR Maryland
Meets Maryland Code of Maryland Regulations for behavioral health documentation standards.

Business Associate Agreement

A Business Associate Agreement (BAA) is a contract required by HIPAA between a covered entity (your clinic) and any vendor that handles Protected Health Information on their behalf. NarraScribe acts as a Business Associate and will sign a BAA with every clinic we onboard.

Our BAA covers the full scope of PHI processing within NarraScribe, including shorthand input, AI processing, generated notes, stored records, and audit logs.

Request your BAA
BAA execution is included with every NarraScribe subscription at no additional cost. Contact us to initiate the signing process before your clinic goes live.
Request BAA signing

Infrastructure

NarraScribe is hosted on HIPAA-eligible cloud infrastructure. All AI processing occurs on systems covered by active BAAs. No PHI is ever transmitted to or stored on systems without an active Business Associate Agreement in place.

For questions about our compliance posture or to request our Security Overview document, contact compliance@narrascribe.com.