Skip to main content

Clinicians: Help us shape the future of healthcare. Take the survey

Heidi AI
Log inGet Heidi free
Heidi AI

Heidi. By your side.

© 2026 Heidi. All rights reserved.

Specialties

  • Family Medicine

  • Specialists

  • Nurses

  • Mental Health

  • Allied Health

  • Dentists

  • Veterinarians

  • Trainees

Compliance

  • Safety

  • Trust Center

  • AU/NZ

  • Canada

  • UK

  • GDPR

  • HIPAA

Product

  • Pricing

  • Changelog

  • Downloads

  • Heidi Guides

  • Help Centre

  • System Status

  • System Requirements

  • AI Instructions

About Us

  • Contact Us

  • Company

  • Customer Stories

  • Media

  • Open Roles

    10+

  • People

  • Partnerships

Resources

  • Blog

  • ROI Calculator

  • Resource Centre

  • Template Community

  • FAQs

Legal

  • Privacy Policy

  • Terms of Service

  • Usage Policy

  • UKGDPR Policy

  • Accessibility

Ask AI about Heidi:

Secure your customers’ ePHI data

Privacy and Security Safeguards

We implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI we handle.

Risk Analysis and Management:

We conduct regular risk analyses to identify potential risks to PHI and implement security measures to reduce these risks to acceptable levels.

Training and Awareness

All our employees undergo comprehensive training on HIPAA regulations and understand their roles in protecting PHI.

Business Associate Agreements (BAAs)

We fully support the rights of individuals under GDPR, including the right to access, correct, delete, and restrict processing of their data, the right to data portability, and the right to object.

Incident Response and Reporting

We implement appropriate technical and organizational measures that ensure and demonstrate that we process personal data in compliance with GDPR. This includes measures to protect data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Access Controls

We implement strict access controls to ensure that only authorized personnel can access PHI, based on the principle of minimum necessary use.

Locally hosted data

We prioritise data sovereignty by ensuring all our data is locally hosted within the United States. This practice enhances data security and speeds, while also ensuring compliance with US data protection regulations.

Compliance

HIPAA

Our commitment to HIPAA underscores our dedication to maintaining the highest standards of privacy and trust within the healthcare industry.

Try it now
An unlocked padlock icon above a password field with asterisks on a monitor screen.

Related articles

Compliance
Compliance illustration
Compliance
Automation Bias in Healthcare and Heidi

LJ Acallar

April 20, 2026•Listen
Compliance
Compliance illustration
Compliance
Healthcare Data Processing and Encryption at Heidi

LJ Acallar

March 30, 2026
Compliance
Compliance illustration
Compliance
Informed Consent in Healthcare and Heidi

LJ Acallar

February 3, 2026•1 min read•Listen
  • Heidi AI is a SOC 2 Type 2-Certified Clinical AI Company
  • Heidi AI is a GDPR-Compliant Ambient AI Scribe
  • Heidi AI is an ISO 27001-Certified Clinical AI Company
  • Heidi is APP Compliant!

Frequently Asked Questions about HIPAA Compliance

Absolutely, Heidi is compliant with the Health Insurance Portability and Accountability Act (HIPAA) in the United States. Our commitment to HIPAA underscores our dedication to maintaining the highest standards of privacy and trust within the healthcare industry. We use a continuous compliance management system that makes sure we are always vigilant for our HIPAA compliance, instead of a point in time audit which can lead to vulnerabilities in between audits. We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of the personal health information (PHI) Heidi handles.