Get Started For Free

Legal & Security

How does QuickChart store and handle my data?

We do not store any of your data long term apart from your login information and usage data which may be used for evaluation and improvement of our services. Clinical data, personal health information or notes containing PHI generated by this service are encrypted and stored in secure servers only for the purposes for syncing data between devices and are permanently deleted after 30 days. Currently, we use location specific datacenters. We self-host the majority of audio transcription services and no distinct audio file recordings are created or retained. All data handling is HIPAA compliant in the USA and PHIPA/PIPEDA compliant in Canada

Your data is only used for its intended primary use and clinical purpose, that is to process the data for the purpose of medical note transcription and to aide the healthcare provider throughout the encounter. We do not use or store the data for any secondary use purposes.
We self-host audio transcription services and process data in Canadian based datacenters. Some data may also be processed in US-based data centers. This is similar to most other medical scribes and transcription services and in keeping with regulatory requirements. However, we take additional steps including ensuring all PHI is encrypted “at rest” and “in transit”, meaning before and after it is processed by third party services. Data is sent using two way encryption channels. We utilize Microsoft Azure and other reputable secure data centers for the purposes of data processing. Where possible, data is anonymized and de-identified prior to any data being processed. We have a business associate agreement (BAA) in place with our data center providers to ensure careful handling of PHI, which include “do not train”, “do not retain” policies and HIPAA compliant workflows.
We utilize named entity recognition such that sensitive and identifying data such as names, locations or providers are de-identified and tokenized where possible prior to any transcript data processing to minimize risk of sensitive data transmission.
Yes, QuickChart is compliant with the Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) and meets all regulatory compliance for the handling of PHI in all Canadian jurisdictions, including having completed a PIA which is required by the provinces of BC and NS.
Yes, while state laws vary across the US QuickChart is compliant with the HIPAA for US-based customers.
Our Clinical Documentation Support Tool enhances workflow by organizing and summarizing clinical notes for healthcare providers or assisting them in the documentation process. This tool is designed solely for administrative support in documentation and does not diagnose, treat, or influence clinical decisions. All medical determinations remain under the provider’s discretion, ensuring that our software aligns with Health Canada’s non-medical device criteria for SaMD. Our purpose is to improve record-keeping efficiency, not to provide or replace clinical judgment.
As an additional diligence step we have successfully completed a PIA to evaluate the potential privacy risks and impacts associated with the collection, use, disclosure, and management of personal information within an organization.

The Canadian Medical Protective Association (CMPA) provides a cautious yet open stance on the use of AI scribes in healthcare. They recognize the potential benefits such as reducing administrative burdens, improving documentation quality, and enhancing patient-physician interactions. However, they emphasize that physicians must ensure the use of AI scribes complies with privacy laws and professional standards.

Key considerations highlighted by CMPA include:

  1. Privacy and Data Security: Physicians must ensure AI scribes comply with applicable privacy requirements and safeguards to protect personal health information.
  2. Accuracy and Responsibility: Physicians are responsible for the accuracy of patient records and must thoroughly review and correct AI-generated documentation.
  3. Consent: Patients must be informed about the use of AI in their care and the risks involved. Appropriate consent must be obtained.

CMPA advises that despite the potential efficiencies AI scribes offer, physicians should carefully evaluate the tools, considering their reliability, security, and alignment with clinical practices. They recommend a cautious approach, emphasizing that AI tools should complement, not replace, professional medical judgment

Read more here

The College of Physicians and Surgeons of Ontario (CPSO) acknowledges the potential benefits of AI scribes in medical practice while emphasizing the importance of several key considerations.

  1. Accuracy: Physicians are responsible for verifying the accuracy of AI-generated documentation. Errors in AI outputs must be identified and corrected before including them in the patient’s medical records.
  2. Data Privacy and Protection: The use of AI tools does not alter the physician’s obligation to protect personal health information (PHI). AI scribes must comply with the Personal Health Information Protection Act and CPSO’s policies on medical records management and documentation.
  3. Transparency: Physicians should obtain patient consent before recording clinical encounters using AI scribes. This transparency helps maintain trust and ensures patients are aware of how their information is being used.
  4. Accountability: Physicians remain ultimately responsible for the content of the medical records. They must ensure that the AI-generated notes accurately reflect the patient encounter to facilitate appropriate follow-up care.

Overall, while AI scribes can alleviate administrative burdens and improve patient interactions, the CPSO stresses that physicians must use these tools with caution and diligence to uphold the standard of care

Read more here