Heidi compliance lightning FAQs

Have a laser focussed question on Heidi’s compliance and safety? You can find the answer below. If we’re missing a question then just submit it to support@heidihealth.com and we’ll add it to the list!

‍

1. Is audio recording stored?

No, Heidi does not store audio recordings of patient consultations. The system uses ambient listening technology to transcribe conversations in real time, but the audio itself is not retained.

‍

2. How do you deal with regional conditions and terminology?

Heidi utilizes a custom model that is specifically engineered to handle regional dialects and medical terminology variations. This model achieves market-leading word error rates, ensuring accurate transcription regardless of regional differences in medical language. Our clinical governance team continuously monitors and improves the system's performance with local speech patterns and terminology.

‍

3. How do you appropriately represent minorities including indigenous and first nations people?

Heidi's clinical governance team continuously monitors and assesses the system's performance across diverse populations, including minority groups. This ongoing evaluation helps minimize bias and ensures fair representation in the documentation process.

‍

4. How do you handle and store patient consent?

Patient consent is a crucial aspect of using Heidi. Users can configure prompts to seek patient consent before scribing each encounter, and this consent is documented within the system. Heidi provides flexibility in how consent is obtained, allowing clinicians to integrate consent-seeking into their existing workflows, whether through intake forms, verbal agreements, or visual cues in the consultation room which we provide in our resource centre.

‍

5. Where is your data processed? How does the tool ensure compliance with state and territory laws regarding the recording of conversations? Can you show me a flowchart of data flow for a patient interaction?

Heidi processes data using a combination of localized and, when necessary for performance, offshore services. Compliance with state and territory laws is ensured through pseudonymization, non-retention policies, and the use of compliant local storage solutions. While we don't have a specific flowchart available, Heidi's data flow is designed to prioritize patient privacy and comply with relevant regulations at every step of the process.

‍

6. How long is data on Heidi retained for? Can we customize data retention policies within the AI scribe system? Do we have control over how long data is stored and when it is deleted?

Heidi provides customizable data retention options, allowing users and organizations to set preferred retention periods—choices include 1 day, 3 days, 7 days, 21 days, 90 days, or never delete. By default, accounts are set to "never delete" as transcripts can be valuable for documentation and as evidence of consultations. However, users can easily adjust these settings within their preferences, and organizations can configure them globally. Heidi’s default setting mitigates the risk of losing clinical data, but it’s important to note that once deleted, sessions cannot be recovered.

‍

7. Can you run a version of Heidi without third-party processing?

For enterprise customers, Heidi can be configured to run within siloed AWS and Azure environments, minimizing third-party processing. However, this configuration may affect performance and some product functionality. Heidi's standard version uses third-party processors like Kinde or Stripe to provide optimal service while maintaining a strict compliance framework to protect patient privacy.

‍

8. You say you're compliant but prove it. How should you evaluate other vendors' compliance claims? Is there published data on the clinical utility, validity, and safety of the AI scribe?

Heidi takes compliance seriously, having invested in certifications like ISO27001, SOC2 Type 2, and meeting regulations such as HIPAA, GDPR, and the APP. When assessing other vendors, check for these internationally recognized third-party certifications, consult their Trust Centers, and request detailed compliance documentation. For clinical utility, validity, and safety, we’re engaged in ongoing research with several institutions. If you’re interested in exploring studies on Heidi’s impact, reach out—we’re always open to supporting further research on our AI scribe’s benefits in clinical settings.

‍

9. Does my session data get used for model training?

We don't use any of your sensitive health information for model training. We only use your data for the purpose it was collected- for a full list of uses please refer to our privacy policy.

‍

10. My patients are concerned about the secondary uses of their data. Will it be sold? Will it be used for training? 

No, absolutely not! We don’t sell patient data—ever. Our only focus is on helping clinicians ease their administrative headaches

‍

11. How do you mitigate against technical errors in Heidi such as written mistakes in the output?

To mitigate technical errors, Heidi employs advanced language models and continuously monitors performance. However, clinicians must review and edit all AI-generated documentation before finalizing, as they remain responsible for the accuracy of medical records.

‍

12. Can you provide studies or references that demonstrate the effectiveness and safety of the tool in a clinical setting?

While we have conducted numerous case studies demonstrating Heidi's effectiveness, we are currently engaged in formal research at several institutions. We welcome clinicians and researchers interested in studying Heidi's impact on clinical workflows and patient care to contact us for collaboration opportunities at support@heidihealth.com.

‍

13. What features are included to minimize mishearing, incorrect categorization, or omission of critical clinical information?  How does the AI scribe handle accents, dialects, and medical terminology specific to local practice? Has the tool been trained to accurately recognize and transcribe local speech patterns and terms?

Heidi uses a custom model specifically engineered to handle medical terminology and regional dialects, achieving industry-leading word error rates, ensuring accurate transcription of regional accents and medical terms. The system also employs context-aware processing to minimize incorrect categorization. In addition, LLMs systematically correct for mishearings in the transcript to render high-quality notes. In our rating systems we record less than 1 negative rating for every 1000 notes that Heidi creates.

‍

14. Does the tool facilitate easy review and correction of notes by the practitioner before they are entered into the patient health record?

Yes, Heidi is designed with a user-friendly interface that allows practitioners to easily review, edit, and approve all AI-generated notes before they are finalized. This step is crucial in maintaining the accuracy and integrity of patient health records.

‍

15. How does the tool account for clinical information that is not explicitly spoken during the consultation?

While Heidi primarily transcribes spoken information, it's designed to capture context and interpret clinical narratives including via the context tab or where clinicians dictate physical and observation findings directly to Heidi before or after visits. As Heidi is a listening tool, clinicians need to add any unspoken observations or assessments during their review of the AI-generated notes.

‍

16. How has clinician feedback been incorporated to ensure the tool is fit for use in my specialty area?

Heidi's development is guided by continuous feedback from clinicians across various specialties. We regularly update our models and features based on this input to ensure the tool remains relevant and effective across different medical fields.

‍

17. What is your policy in the event of a data breach? How will you notify users and what support will be provided to manage and mitigate the breach?

In the event of a data breach, Heidi follows a strict incident response protocol in compliance with ISO27001 and SOC2 obligations. Users will be promptly notified via email and in-app notifications. We provide comprehensive support to affected users, including guidance on mitigating potential impacts and assistance with any necessary reporting to regulatory bodies.

‍

18. Does the AI scribe require internet connectivity to function? What happens during network outages, and how is data protected during transmission?

Heidi's mobile app has an on-device offline mode, ensuring functionality during network outages. Data is encrypted at the hardware level on the device, so there's no risk to data security even without internet connectivity. When online, all data transmission is fully encrypted.

‍

19. Are there any known limitations or contraindications for using the AI scribe in certain clinical scenarios? In which situations would you advise against using the tool, and why?

While Heidi is designed for broad clinical use, it may not be suitable for extremely sensitive consultations or in situations where patient consent cannot be obtained. We advise clinicians to use their professional judgment and to always prioritize patient comfort and privacy.

‍

20. How frequently is the AI model updated, and how are updates communicated?

Heidi's AI models are regularly updated to improve performance and address any identified issues. We maintain a Changelog that is constantly updated, and users are notified via email of any significant changes. For enterprise clients, we provide detailed incident response forms and update schedules.

‍

21. What liability protections are in place for errors generated by the AI scribe? Does your company assume any responsibility for inaccuracies, or is that solely on the practitioner?

Heidi is underwritten for all users against technical errors and performance issues. However, clinicians remain responsible for reviewing and approving all AI-generated content before it becomes part of the official medical record. Our terms of service clearly outline the shared responsibilities between Heidi and the practitioner.

‍

‍