Effective Date: September 26, 2025
Last Updated: September 26, 2025

DocAI Scribe (“Company,” “we,” “our,” or “us”) values your privacy and is committed to protecting your personal information and Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our mobile and web applications, services, and telehealth platform (collectively, the “Services”).

By accessing or using DocAI Scribe, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Services.

1. Compliance with HIPAA and U.S. Law

  • DocAI Scribe is fully committed to compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and all applicable federal and state privacy and security regulations.
  • We implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of PHI.
  • We also comply with applicable telehealth regulations, medical billing compliance rules (MIPS, CPT, ICD-10), and U.S. state-specific health privacy laws where applicable.

2. Information We Collect

We may collect the following categories of information:

  • Personal Information: Name, contact details, account credentials.
  • Protected Health Information (PHI): Patient demographics, medical history, symptoms, SOAP notes, diagnoses, care plans, prescriptions, and discharge instructions.
  • Billing & Coding Data: CPT, ICD-10, and MIPS codes generated during visits.
  • Usage Data: App activity, device identifiers, IP address, browser type, operating system.
  • Telehealth & Messaging Data: Secure chat transcripts, call metadata, and communications between patients and providers.
  • MA & Provider Input: Real-time vitals, notes, and edits synced during encounters.

3. How We Use Information

DocAI Scribe uses information to:

  • Generate and maintain structured SOAP notes in real time.
  • Auto-generate and validate billing codes (MIPS, CPT, ICD-10).
  • Provide AI-driven diagnoses, care plans, medication recommendations, and discharge instructions.
  • Enable secure telehealth visits and real-time documentation.
  • Facilitate secure messaging between providers, MAs, and patients.
  • Improve workflow efficiency through note versioning, merging, and live sync.
  • Provide patient education materials tailored to their care plans.
  • Maintain compliance with HIPAA and billing regulations.
  • Enhance user experience and improve system performance.

4. How We Share Information

We do not sell or rent your data. Information may be shared only as follows:

  • With Healthcare Providers & Teams: To facilitate clinical documentation, telehealth, and collaboration.
  • With Business Associates: Third-party vendors (e.g., cloud hosting, EHR integrations) who sign Business Associate Agreements (BAAs) as required under HIPAA.
  • With Patients: When sharing notes, discharge summaries, or education material directly with patients.
  • For Legal & Compliance Purposes: When required by law, court order, or to protect patient safety and system security.
  • In De-Identified Format: Aggregated or anonymized data may be used for analytics, system improvement, and research without identifying individuals.

5. Data Security

We implement robust safeguards, including but not limited to:

  • End-to-end encryption (in transit and at rest).
  • Role-based access control and multi-factor authentication.
  • Continuous monitoring for threats, breaches, or unauthorized access.
  • Audit logging and version control for traceability.
  • HIPAA-compliant secure cloud hosting.

6. Patient Rights

Patients have the following rights under HIPAA and applicable law:

  • Right to Access: Request a copy of your PHI.
  • Right to Amend: Request corrections to your medical record.
  • Right to Restrict: Limit disclosures of your PHI.
  • Right to Accounting: Receive a record of disclosures.
  • Right to Confidential Communications: Request secure alternative communication methods.
  • Right to File a Complaint: With us or directly with the U.S. Department of Health and Human Services (HHS).

7. Telehealth & Electronic Communications

All telehealth sessions, chats, and notes are HIPAA-compliant. We use secure video, audio, and messaging protocols to ensure confidentiality. However, no electronic transmission is 100% secure; by using our Services, you acknowledge and accept this risk.

8. Data Retention

We retain PHI only as long as necessary to provide Services, comply with legal obligations, and maintain medical record requirements. Data may be archived securely in compliance with HIPAA record retention rules.

9. Children’s Privacy

DocAI Scribe is not directed at children under 13. Any PHI for minors is handled strictly in compliance with HIPAA and state consent laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via in-app notifications, email, or website updates. Continued use of the Services after changes indicates acceptance.

11. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our practices, please contact:

DocAI Scribe
Email: support@docaiscribe.com