Compliance & security
PHI / ePHI
Protected (electronic) Health Information — the data HIPAA covers.
PHI is any health information that identifies an individual (name, address, dates of service, diagnoses, etc.); ePHI is the electronic version of the same. Anything an ambient scribe captures during a visit is PHI by default.
The scribe-relevant questions are: where does PHI get stored, who else touches it (sub-processors), how long is raw audio retained, and is it used to train models?
See also
- HIPAA — US federal law protecting health information; the minimum compliance bar for US deployments.
- Data residency — Where the vendor actually stores and processes your data.
- Training on customer data — Whether the vendor uses your sessions to train its AI models.