Summary: NarraScribe is a HIPAA-compliant platform. We do not sell your data, we do not use your clinical notes to train AI models, and all data is encrypted. This policy explains exactly how we handle your information.
1. Information we collect
Account information
When you create a NarraScribe account, we collect your name, email address, clinic name, and professional license information. This is used to manage your account and verify credentials.
Clinical documentation data
NarraScribe processes the shorthand notes and voice recordings you submit to generate clinical documentation. This data constitutes Protected Health Information (PHI) under HIPAA and is handled with the highest level of protection.
Usage data
We collect anonymized usage metrics such as feature usage frequency and session duration to improve the platform. This data is never linked to individual PHI.
2. How we use your information
- To generate clinical documentation from your shorthand input
- To maintain your account and provide customer support
- To send important service notifications and updates
- To comply with legal obligations and HIPAA requirements
We do not use your clinical notes or PHI to train, fine-tune, or improve any AI model. This is guaranteed contractually through our Business Associate Agreement with Anthropic.
3. HIPAA compliance
NarraScribe is a HIPAA-covered business associate. We maintain a signed Business Associate Agreement (BAA) with all upstream AI and infrastructure providers. All PHI is protected under the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.
- AES-256 encryption at rest and in transit
- Access controls and role-based permissions
- Audit logs for all PHI access and modifications
- Automatic deletion of voice recordings after transcription
- Breach notification procedures compliant with 45 CFR §164.400
4. Data sharing
We do not sell, rent, or share your personal information or PHI with third parties except as required to provide the service (e.g., encrypted transmission to AI processing infrastructure under BAA) or as required by law.
5. Data retention
Clinical notes are retained for a minimum of seven years per Maryland COMAR requirements. Voice recordings are deleted immediately after transcription. You may request deletion of your account data at any time subject to applicable legal retention requirements.
6. Your rights
You have the right to access, correct, or request deletion of your personal data. To exercise these rights, contact us at privacy@narrascribe.com.
7. Contact
For privacy questions or to report a concern: privacy@narrascribe.com
This policy may be updated periodically. We will notify active users of material changes by email.