Legal & Compliance

Your trust is our priority. Learn about our unwavering commitment to data security, privacy protection, and comprehensive HIPAA compliance.

HIPAA Compliant

Full compliance with healthcare privacy regulations and data security standards.

• Administrative Safeguards

• Physical Safeguards

• Technical Safeguards

Data Security

Enterprise-grade encryption and security measures to protect sensitive information.

• AES-256 Encryption

• Multi-Factor Authentication

• Regular Security Audits

Privacy Policy

Transparent policies on how we collect, use, and protect your data.

• Data Collection Practices

• Usage Guidelines

• User Rights & Controls

HIPAA Compliance Details

ClinicNote is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. We implement comprehensive safeguards to protect your protected health information (PHI).

Administrative Safeguards

  • Designated HIPAA Security Officer
  • Regular staff training and certification
  • Access management and user authentication
  • Incident response procedures

Physical Safeguards

  • Secure data centers with 24/7 monitoring
  • Controlled facility access
  • Workstation security controls
  • Device and media controls

Technical Safeguards

  • End-to-end encryption for data in transit and at rest
  • Audit logs and monitoring systems
  • Automatic logoff and session management
  • Data integrity controls

Business Associate Agreements

  • Executed BAAs with all applicable vendors and service providers
  • Vendor risk assessments and annual compliance attestations
  • Contractual obligations for safeguarding PHI

Breach Notification

  • Incident classification and impact analysis
  • Timely notification procedures per HIPAA requirements
  • Root-cause analysis and remediation plans

Compliance Monitoring

  • Periodic internal audits and policy reviews
  • Continuous monitoring of access and activity
  • Employee training refreshers and certifications

Data Security Measures

Our enterprise-grade security infrastructure ensures your sensitive medical data remains protected at all times.

Encryption Standards

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • End-to-end encryption for all communications
  • Encrypted database storage

Access Controls

  • Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • Regular access reviews and audits
  • Automated account lockout policies

Infrastructure & Backups

  • Redundant, geographically distributed infrastructure
  • Automated daily backups with periodic restore testing
  • Disaster recovery and business continuity plans

Vulnerability Management

  • Regular patching and dependency updates
  • Routine vulnerability scans and penetration tests
  • Responsible disclosure program

Incident Response

  • Documented runbooks and escalation paths
  • Post-incident reviews and corrective actions
  • Stakeholder communication protocols

Privacy Policy Details

We are committed to transparency in how we collect, use, and protect your personal and health information.

Data Collection

  • We only collect data necessary for providing our services
  • Patient consent is required for all data collection
  • No data is shared with third parties without explicit consent
  • All data collection complies with HIPAA regulations

Your Rights

  • Right to access your personal health information
  • Right to request corrections to your data
  • Right to request restrictions on data use
  • Right to data portability and deletion

Data Retention

  • Retention aligned with legal and regulatory requirements
  • Secure deletion procedures upon request or end-of-term

Cookies and Tracking

  • Use of essential cookies for authentication and security
  • Optional analytics with privacy-preserving settings

International Data Transfers

  • Transfers only with appropriate safeguards
  • Compliance with applicable cross-border regulations

Contact & Requests

  • Submit privacy requests via our support channel
  • Dedicated compliance contact available upon request

Terms of Service Highlights

Key points summarizing acceptable use, service limitations, and responsibilities.

Acceptable Use

  • No misuse of the platform or attempts to bypass security
  • Compliance with applicable healthcare and privacy laws
  • Respectful and lawful handling of patient information

Service Availability

  • Best-effort uptime with planned maintenance windows
  • Reasonable efforts to notify users of impactful changes

Liability & Changes

  • Limitations of liability consistent with industry standards
  • Periodic updates to terms with notice to users

Data Processing Addendum (DPA)

Overview of processing roles, responsibilities, and safeguards for personal data.

Roles & Responsibilities

  • Clear delineation of controller and processor obligations
  • Processing only under documented instructions

Safeguards

  • Technical and organizational measures to protect data
  • Support for data subject rights and requests

Subprocessors

We rely on trusted providers to deliver parts of the service.

  • Cloud infrastructure and networking
  • Email delivery and notifications
  • Logging, monitoring, and analytics
  • Managed database and storage services

All providers are contractually required to safeguard data and adhere to privacy obligations.

Accessibility Statement

We aim to make the platform accessible and usable for everyone.

  • Design principles aligned with WCAG 2.1 AA
  • Keyboard navigation and screen reader support
  • Continuous improvements based on user feedback

Patient Rights & Consent

  • Granular consent management and revocation
  • Export of records in machine-readable formats
  • Transparent audit of access and changes

Audit Logging & Monitoring

  • Comprehensive access logs with retention policies
  • Automated alerts for anomalous activity
  • Periodic reviews and corrective actions