safe space
What does safety mean to us?
Heidi was built by clinicians for clinicians.
We understand the privilege of handling sensitive personal information and we take it seriously. Supported by our world-class compliance team, we're at the forefront of data safety for AI scribes globally, ensuring your data remains secure.
Whatever your specialty, we’ve made Heidi both safe and joyful to use. Here’s how.
Ticking all your compliance and safety boxes.
Your data is
What data does Heidi store?
How does Heidi protect your data?
Encryption, everywhere. Your data travels through an encrypted tunnel—no unwanted guests allowed—and we test it regularly. From storage to transit, every byte is shielded using strong, industry-standard encryption protocols.
Local compliance and secure storage. Heidi’s unwavering commitment to Australian Privacy Principles (APP) is at the core of our platform. With Heidi, you can rest easy knowing your patient data is safeguarded to the highest Australian standards, with local storage and zero-tolerance approach to third-party access. Plus, your data is in safe hands with our best-in-class infrastructure - think ISO27001 and SOC2.
Strict access control. You, the clinician, hold the keys, and ensuring explicit patient consent should be a priority. Heidi’s team can only peek at data if you specifically say, “Hey, help me troubleshoot!” (and even then, we log every step).
De-identification of your data. Before Heidi processes your session, we strip all data of personal identifiers (think ‘Jane Doe’ instead of the patient’s name), so it can’t be traced back.
Heidi doesn’t use any of your data to train our AI.
We know every clinician has their own style and vision of the perfect note, and that's why our incredible Medical Knowledge team—skilled clinicians turned prompt engineers—create hundreds of templates based on your feedback. Need any tweaks? It's simple: just jump into your template, tell Heidi exactly what you want and where you want it, and she'll remember your changes—you're in charge.
Delete means delete. Forever.
Every account matters. Free or paid, premium security is always included.
How does Heidi protect your data?
Our compliance team is here to guide you through every step to ensure full compliance when using Heidi in your practice. To get started, you'll need to:
Complete a Data Protection Impact Assessment (DPIA)
We can assist you with this - simply fill out the form at the bottom, or your Data Protection Officer (DPO) may already have one prepared.
Sign a Data Processing Agreement (DPA)
This ensures that data processing responsibilities are clearly defined and compliant with UK regulations.
Obtain Clinical Safety Documentation
You’ll need to obtain our DCB0129 (clinical risk management for manufacturers) and create your DCB0160 (clinical risk management for healthcare organizations), both essential for safe implementation in your practice.
Heidi best practice - for practice.
Empower your patients with consent.
There are many ways to ask for consent, and we trust that you choose the one that works for you and your patients. To keep it top of mind, you can ask Heidi to remind you at the beginning of your session - just head to your settings.
Remember to check your notes.
Once your notes are generated, take time to review and add any more detail or context before transferring them to your Electronic Medical Record (EMR) system.
Share access responsibly.
To protect the confidentiality of your patients’ consults, please avoid sharing your account access. We've made our templates easy to share through our template library, and anyone can try Heidi for free. Curious about giving Heidi a go? Simply create a free account.
Quick answers
Heidi Safety FAQs
Short answer, no. Before Heidi processes your session, we strip all data of personal identifiers (think ‘Jane Doe’ instead of the patient’s name), so it can’t be traced back. Your patient’s data remains protected and Heidi does not and will not contact your patients for any purposes.
No, Heidi does not store any audio. As you speak, Heidi types, and the audio immediately goes *poof*. Even if you’re uploading an audio file that was recorded offline, the audio is only stored on your device, and Heidi doesn’t retain any of it once it’s been transcribed.
Locally. Heidi’s “brain” (aka servers) stays strictly in the region you’re based in, keeping everything in line with data localisation requirements under regulations like GDPR.
Step 1: Prevention. Heidi implements the best in class infrastructure - think ISO27001, SOC2 and Cyber Essential compliant, while also being penetration tested every year. The architecture of our data storage also ensures that your protected health information (PHI) is de-identified and processed separately to the rest of the transcript. The reality is though, we have to be prepared for anything, and so all of our users, free or paid, are insured and receive the highest standard of compliance.
First, you might be wondering what AI scribe hallucinations are? Well, AI sometimes generates content that might be nonsensical or incorrect - think hearing things that weren’t said. And while we’re striving to improve the technology to avoid this from happening, here are some other ways to tackle these:
- Our experienced Medical Knowledge team regularly reviews our models, templates and checks the outputs for accuracy.
- Your feedback and input is invaluable. We encourage you to review all notes before transferring them to your EHR system.
If your notes are stored in Heidi at the time they have been subpoenaed, we are legally required to comply and may need to provide access upon request - the short answer being yes.
If you have, however, deleted your notes, they are permanently wiped out from our systems, and we are unable to retrieve them.
Yes, fully. Your patients' information stays right here in Australia, protected by the robust framework of Aussie privacy laws. We take zero-tolerance approach to third-party access. Your consultations are yours, and the audio used for generating patient notes? Disappears right after your notes are done – never stored permanently.
You say you’re compliant. But how do you prove it?
Have any more questions?
We’re here to answer them.
Watch our Heidi Compliance series.
