Security & HIPAA.
Built for clinical practice. Reviewed by surgeons. Compliant by default.
HIPAA compliance
Scribbix operates under a Business Associate Agreement (BAA) with every practice. A BAA is provided at signup; additional copies available on request.
Where your data lives
Patient audio, transcripts, and generated notes are encrypted at rest (AES-256) and in transit (TLS 1.2+). Audio is retained only as long as needed to generate and review the note, then deleted by default.
Local AI processing
Core AI transcription and note generation run on Scribbix-owned hardware, not a public cloud LLM. This limits exposure of PHI to third parties.
Subprocessors with BAAs
Scribbix uses a minimal set of subprocessors, each with a signed BAA in place: OpenAI (for fallback model access). No PHI leaves these systems unencrypted.
Access controls
Each provider has their own authenticated account. Role-based access restricts PHI to authorized users. Every access event is logged.
Incident response
In the event of a suspected breach, Scribbix follows a documented incident response plan and meets HIPAA Breach Notification Rule timelines.
For a copy of our BAA, Privacy Policy, or Terms of Service, contact [email protected].