Compliance And Data Security

Empathia AI, Inc. is dedicated to the protection and confidentiality of client data. We conduct all operations in strict compliance with the Health Insurance Portability and Accountability Act (HIPAA) of the United States, ensuring the highest level of security for Personal Health Information (PHI).

Our software services are designed to comply with HIPAA's rigorous security and privacy standards. We employ technical, administrative, and physical safeguards to protect the confidentiality, integrity, and accessibility of all PHI data. Our approach ensures not only top-tier protection for patient information but also underscores our commitment to upholding the utmost data privacy and security for our healthcare provider partners.

In addition to HIPAA, we handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), along with all relevant provincial laws such as the Personal Information Protection Act (PIPA) of British Columbia.

Our services are available exclusively to customers within Canada and the United States, supported by two distinct server clusters in each country. For our Canadian clients, certain features may involve third-party services with data processing and storage within Canada, in compliance with legal and contractual obligations.

• Encounter Recordings: User settings dictate the retention period, ranging from immediate deletion post-scribing to a maximum of 365 days.
• Encounter Transcripts: These are either removed immediately after scribing or stored up to 365 days based on user preferences.
• AI-generated Notes and Summaries: Retention varies from one day up to seven years, as specified by user settings.
• User Profile/Data: Personal information is removed from our systems within 30 days after the end of a user's subscription.

Empathia AI, Inc. does not utilize original customer audio recordings or transcripts for AI model training or any external purposes. With user consent, our personnel may access encounter data solely for troubleshooting and enhancing the effectiveness of clinical care support services.

We may use synthesized data for training and evaluating our systems to enhance service quality.

We maintain a strict policy against selling user or patient data and prohibit its use for any marketing or commercial activities outside of our stated services.