HIPAA Compliance

At Assistant Doctor, we believe that clinician and patient trust is foundational. Our relentless dedication to data privacy and protection exemplifies our adherence to HIPAA regulations.
V 1.0 - Nov 7th, 2023

Data Security Infrastructure

  • Encryption: All data, at rest and in transit, is secured using advanced encryption methods.
  • Cloud Infrastructure: We utilize both Microsoft Azure and AWS, ensuring our data infrastructure meets the highest industry standards.

Team and Leadership

  • Employee Screening: Comprehensive background checks are a standard procedure for all incoming staff.
  • Annual Training: Our team consistently updates its knowledge through annual training on HIPAA regulations, data privacy, and secure information handling.
  • Leadership's Direct Oversight: At Assistant Doctor, the founders themselves directly oversee matters of privacy, emphasizing its significance.

Software & Technological Excellence

  • Updates & Deployments: Each update, be it software or infrastructure, is subjected to thorough compliance and security checks before it goes live.
  • AI Integration: Our application of AI technology is always in strict alignment with HIPAA directives.

Partnerships & Agreements

  • Vendor Selection and Compliance: We partner with vendors that align with our stringent data protection standards. For instance, if we employ a third-party service for medical transcription or cloud storage, we ensure they are HIPAA compliant. To reinforce our dedication to patient privacy, every partnership is bound by a Business Associate Agreement (BAA). As an example, our collaboration with both Microsoft Azure and AWS for infrastructure means both entities have signed BAAs, underscoring their commitment to safeguarding patient data in conjunction with us.
  • Routine Assessments: Vendors' security measures are consistently reviewed to ensure they meet our stringent standards.

Data Management & Retention

  • Default Retention Policy: By default, recordings and transcriptions are available for a period of 30 days. Nonetheless, we provide customizable retention policies to suit our customers' preferences, which, for our Enterprise Plan members, includes the option for automatic deletion of recordings.
  • Customer-Requested Termination: If a customer decides to cancel or requests termination of their account with Assistant Doctor, all associated PHI data is promptly deleted to ensure the highest level of data privacy.

Ongoing Commitment to Compliance

  • Risk Assessment: Our proactive approach involves frequent risk evaluations, ensuring our policies remain current and robust.

At Assistant Doctor, HIPAA compliance is not just a requirement, it's a commitment. Every facet of our operation is structured to uphold the privacy and trust of our clinicians and patients.